1) Prepare a technical report on DNS services its functions, benefits and cconfigurations. 2) Evaluate the...

What is DNS?

Domain Name System is a decentralized hierarchical naming system for server, a computer which are either publicly available or within a private, internal network by associates a domain name to a place to find content for that domain in the form of converting the name into machine readable.

DNS Function

DNS has two major parts: a Nameserver and the DNS Records. The nameserver stores the information as a reference number for the DNS Records. When a computer browser makes its request for a domain, the Nameserver it uses provides a location to find details about the DNS Records. DNS Record is what actually converts a URL into an IP Address.

For example, if someone enters yahoo.com into a browser. The browser reaches out to the root nameservers for any .com domain names from Verisign (the root) and finds the nameserver for Yahoo.com. That nameserver is ns3.yahoo.com. Now, that nameserver points you to the DNS Manager for the domain, Yahoo.com. Upon checking, the DNS Manager provides 27.123.42.42 as the DNS Record for yahoo.com. The browser then lands at the above IP Address showing yahoo.com’s site content.

DNS Services

Authoritative DNS: An authoritative DNS service is an update mechanism service where developers use to manage their public DNS names. It gives the services like answers DNS queries, translating domain names into IP address so computers can communicate with each other. This service responsible for providing answers to recursive DNS servers with the IP address information with final authority over a domain.

Recursive DNS: A recursive DNS service acts like a hotel concierge: while it doesn't own any DNS records, it acts as an intermediary who can get the DNS information on your behalf. If a recursive DNS has the DNS reference cached or stored for a period of time, then it answers the DNS query by providing the source or IP information. If not, it passes the query to one or more authoritative DNS servers to find the information. Clients typically do not make queries directly to authoritative DNS services. Instead, they generally connect to another type of DNS service known a resolver, or a recursive DNS service.

Benefits

Maintenance of All the content through names in order for fats access.

Security enhancement where it protects the tons of sensitive data

It allows having primary and secondary connections that have internet uptime of any one server which is down for maintenance.

Fault tolerance and web hosting's proper load distribution to multiple servers enable the multiple hostnames corresponding to a single IP address.

Secure , reliable and faster online content transactions

DNS Configurations:-

The System is configured by default to use the host of each computer in servers .Even though ,if it need to configure and use DNS instead if;

• The network is large and regularly adds and deletes hosts.
• The network is connected it internet is connected which will convenient for configure.
• Which s DHCP (Dynamic Host Configuration Protocol )

For example if we need to configure the DNS for Google ,Then in Windows

• Press the Control panel for network and internet seetings.
• Then in that,adapter settings will have the properties to change the address where the number for IP+v4 is 8.8.8.8 or 8.8.4.4

2 question

There are many attacks which happened to DNS due to weak firewalls where the port are open and cause the system hacked.and leads loss of revenue ,customer defectoion and negative brand impact if it consider for business DNS.These are some attacks in DNS:-

a) Distributed Reflection DoS attack

•Combines Reflection and Amplification by attacker sending spoofed queries to the open recursive servers.

•Uses third-party open resolvers in the Internet (unwitting accomplice) for making Queries specially crafted to result for making  very large response.

Impact:

•Causes DDoS on the victim’s server

b) Cache poisoning

Corruption of the DNS cache data

• Attacker queries with a  recursive name server for IP address of a malicious site which  provides requested rogue IP address and also maps he rogue IP address to additional legitimate sites .

Impact:

Confidential information of the user like Logins, passwords, credit card numbers of can be captured .

c) TCP SYN floods

•These half-opened connections exhaust memory on the server

•Uses the 3-way handshake that begins a TCP connection

•Attacker sends spoofed SYN packets with the source IP address of bogus destinations

•The server sends SYN-ACKs to these bogus destinations

•It never receives acknowledgement back from these destinations and the connections are never completed.

Impact

•Server stops responding to new connection requests coming from legitimate users

d) DNS tunneling

•Uses DNS as a covert communication channel to bypass firewal using  protocols like SSH, TCP or Web within DNS.

•Enables attackers to easily pass stolen data or tunnel IP traffic without detection using DNS tunnel for remote access.

Impact:

•Data exfiltration can happen through the tunnel..

DNS hijacking

•Modifies DNS record settings (most often at the domain registrar) to point to a rogue DNS server or domain.

•User tries to access a legitimate website www.mybank.com

•User gets redirected to bogus site controlled by hackers that looks a lot like the real thing.

Impact

•Hackers acquire user names, passwords and credit card information.

Basic NXDOMAIN attack

•The attacker sends a flood of queries to a DNS server to resolve a non-existent domain/domain name.

•The recursive server tries to locate this non-existing domain by carrying out multiple domain name queries but does not find it.

•In the process, its cache is filled up with NXDOMAIN results.

Impact:

•Slower DNS server response time for legitimate requests

•DNS server also spends valuable resources as it keeps trying to repeat the recursive query to get a resolution result.

Phantom Domain attack

•“Phantom” domains are setup as part of attack

•DNS resolver tries to resolve multiple domains that are phantom domains

•These phantom domains may not send responses or they will be slow

Impact

•Server consumes resources while waiting for responses, eventually leading to degraded performance or failure

•Too many outstanding queries

DNS Hardeing Methods:-

1) Audit the DNS zones

Exploring all the DNS public records using SecurityTrails by review all the  zones, records and IPs by  testing the domain names or subdomains that sometimes run outdated software or unrestricted areas which are vulnerable to attack.

2) Keep the  DNS servers up-to-date

Running the user name servers gives the ability to configure using thrid party software which will prevent service exploits targeting bugs and vunerabilities.

Restrict Zone Transfers

DNS servers are allowed to perform a zone transfer, or at least limit the allowed IP addresses that can make such requests.the used by slave name servers to query master DNS servers for network topology.

Disable DNS recursion to prevent DNS poisoning attacks

DNS recursion is enabled by default  on all major Linux distributions, and this can lead to serious security issues, like DNS poisoning attacks which  spoofing attack happens in the middle, providing information to a DNS server that wasn't the one from authoritative DNS sources..

Two-Factor Authentication

n order to avoid a DNS zone compromise: set up a two-factor authentication protection on DNS server provider using third party software or google SMS verification as a representational example for more secure.