Skip to main content

dns / dnsstuff / whois / dig

whois at the command line
$whois [-h whois_server] name (there are many other command line arguments)
$man whois
=====================
zone transfer for all records for a given domain. It possible could be blocked on the DNS server or firewall. DNS zone transfer r carried over tcp 53 where as dns queries use udp 53

nslookup
set type-any
server ns1.abc.abc
ls -d abc.abc > dnstranfer.abc.abc.txt

=====================

What is DNS Authority?

Any DNS server that contains a complete copy of the domain's zone file is considered to be authoritative for that domain. A complete copy of a zone file must have:
  • a valid Start of Authority (SOA) record,
  • valid Name Server (NS) records for the domain, and
  • the listed NS records should match the servers listed in the SOA record.
Servers listed in the zone file but not in the SOA record are called lame servers and such a configuration should be avoided. It is considered standard practice to have a primary authoritative DNS server and one or more secondary authoritative DNS servers. When registering your domain with an accredited domain name registrar, the primary authoritative DNS server is the server you list first, all other DNS servers you list will be secondary. The secondary server and the primary server should be on different IP subnets and the hardware should be located in different physical locations. By putting the two DNS servers on different subnets and placing them apart geographically, you greatly reduce the risk that a single outage will take down the entire system of DNS servers for your domain. Having more than one secondary DNS server for your domain is also good practice, but you can only designate one primary DNS server with your registrar because the DNS can only point to a single primary DNS server for your domain.
Back to top

What is an Authoritative DNS Server?

DNS Servers can be configured to host more than one domain. A server can be primary for one domain, and secondary for another. The term authoritative refers to any DNS servers that has a complete copy of the domain's information, whether it was entered by an administrator or transferred from a primary server. Thus, a secondary server can and should be authoritative for any domain for which it performs secondary resolution.
Note that if a secondary server loses contact with the primary server for a domain, it will stop being an authoritative server after a timeout period (usually a few days).
Back to top

What is an Authoritative DNS Response?

Any response to a DNS query that originates from a DNS server with a complete copy of the zone file is said to be an 'authoritative response'. What complicates matters is that DNS servers cache the answers they receive. If a DNS server has an SOA record, it fills in a field in the response that signals that the server queried is authoritative for the domain and that the answer is authoritative. Any DNS server external to that domain that retrieved the authoritative response will cache that answer. The next time the server is queried, it will say that the answer it is giving is authoritative, even though the server itself is not authoritative for that domain.
In other words, it is possible for a DNS server that is not an authoritative server for a domain to give an 'authoritative response' to a DNS query.
Back to top

What is a Non-Authoritative DNS Server?

Non Authoritative servers do not contain copies of any domains. Instead they have a cache file that is constructed from all the DNS lookups they have performed in the past for which they have gotten an authoritative response and for which the response has not "timed-out."
When a non-authoritative server queries an authoritative server and receives an authoritative answer, it passes that answer along to the querent as an authoritative answer. Thus, non-authoritative servers can answer authoritatively for a given DNS request. However, if another request comes for a different name in the same domain, they can't answer without asking an authoritative server for that domain.
Most often, a non-authoritative server answers with a previous lookup from its lookup cache. Any answer retrieved from the cache of any server is deemed non-authoritative because it did not come from an authoritative server.
Back to top

What is a Non-Authoritative DNS Response?

Non-authoritative responses comes from DNS servers that have cached an answer for a given host, but received that information from a server that is not authoritative for the domain.
source : http://www.mnet.state.mn.us/data-net/dns/authority.php
===============

Comments

Post a Comment

Popular posts from this blog

28 VM SecOS-1

Walkthru: Notes: A. https://c0d3g33k.blogspot.com/2017/01/secos.html [capture admin cookie using 127.0.0.1 in a code  test.html  with cross site scripting vulnerability,  CSRF attack, use exploit 37088 for priv escalation ] B. http://oldsmokingjoe.blogspot.com/2016/01/walkthrough-secos-1.html [ Hacking Node.js and MangoDB   ] c. http://oldsmokingjoe.blogspot.com/2016/01/walkthrough-secos-1.html [use wget to post data from CLI. Add other cmds to ping cmd using curl and wget] D. https://chousensha.github.io/blog/2015/02/04/pentest-lab-secos/ [SSH tunnel so we can access the ping site from Kali and dont have to pass via CLI] Notes: # Nmap 7.70 scan initiated Thu Jul 19 09:26:05 2018 as: nmap -sV -O -oN ../reports/192.168.117.6/192.168.117.6.nmap 192.168.117.6 Nmap scan report for 192.168.117.6 Host is up (0.00042s latency). Not shown: 998 closed ports PORT     STATE SERVICE VERSION 22/tcp   open  ssh  ...
1 comment
Read more

VM 9 : PHP Include And Post Exploitation

Walkthrough 1.        https://medium.com/@Kan1shka9/pentesterlab-php-include-and-post-exploitation-walkthrough-8a85bcfa7b1d 2.        Ine [] 3.        http://megwhite.com.au/pentester-lab-bootcamp-walkthrough-php-include-post-exploitation/ 4.        http://fallensnow-jack.blogspot.com/2014/07/pentester-lab-php-lfi-post-exploitation.html Notes: root@kali:~# nmap 10.0.0.12 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-30 12:23 EDT Nmap scan report for 10.0.0.12 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT    STATE SERVICE 80/tcp open   http MAC Address: 08:00:27:1F:12:24 (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds root@kali:~# Enumerating port 80 Run dirb root@kali:~# dirb http://10.0.0.12/ ----------------- DIRB v2.22 By The Dark Raver...
1 comment
Read more

VM 15: Kioptix 2014

Walkthru Notes 2nd approach  using nc via web using php reverse shell 3rd approach   w/o metasploit =================== walkthru: 1.  Updating OpenFuck Exploit(764) but it didnt work here @ https://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ 2. ============== Notes: 80/tcp open   http    Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox virtual NIC) Running: FreeBSD 9.X|10.X OS CPE: cpe:/o:freebsd:freebsd:9 cpe:/o:freebsd:freebsd:10 OS details: FreeBSD 9.0-RELEASE - 10.3-RELEASE PORT     STATE SERVICE VERSION 8080/tcp open  http    Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) |_http-server-header: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8 |_http-title: 403 Forbidden MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox...
Post a Comment
Read more