Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Understanding Network Hacks
< Prev   CONTENTS   Next >

6.3 Questions About Questions

With the help of DNS you can get a lot of information about a domain as you can see based on the types of queries in this Table 6.1. You can, for example, ask for the domain's mail server.

host -t MX domain.net

Just specify the record type you want to ask behind the option -t and try out what the server answers!

As mentioned, in the protocol overview before, you can send recursive requests to the DNS server to retrieve all records of a domain. Normally this is used for syncing slave servers, but if the nameserver is misconfigured an attacker can grab a whole bunch of precious information.

host -alv domain.net

In case the previous command returns a lot of results you probably should think about reconfiguring your nameserver to permit recursion only to your slave servers.

Table 6.1 The most important DNS record types

Name

Function

A

Resolve name to IP

CERT

Certificate record for PGP server or similar

CNAME

Alias for a host name

DHCID

Defines DHCP server for a domain

DNAME

Alias for a domain name

DNSKEY

Key to use for DNSSEC

IPSECKEY

Key to use for IPsec

LOC

Location record

MX

Defines the mail server of a domain

NS

Defines the name server of a domain

PTR

Resolve IP to name

RP

Responsible person

SSHFP

SSH public key

6.4 WHOIS

Suppose you have an IP address and want to know who it belongs to. For such tasks a so called WHOIS databases exists on the side of the NIC services such as DENIC, which registers domains and host the root servers for their specific TLDs like .de. IP addresses, as opposed to Domains, are registered with RIPE Network Coordination Centre. Either your provider or yourself need to be a member of RIPE to register a netblock.

The WHOIS databases of RIPE and NICs, like DENIC, can often be accessed via web interface on the NICs website but more easily and elegantly you can also use the console.

whois 77.87.229.40

% This is the RIPE Database query service.

% The objects are in RPSL format.

%

% The RIPE Database is subject to Terms and Conditions.

% See ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.

% To receive output for a database update,

% use the "-B" flag.

% Information related to '77.87.224.0 77.87.231.255' inetnum: 77.87.224.0 77.87.231.255

netname: BSI-IVBB

descr: Bundesamt fuer Sicherheit in der

descr: Informationstechnik

country: DE

org: ORG-BA202-RIPE

admin-c: OE245-RIPE

tech-c: OE245-RIPE

status: ASSIGNED PI

mnt-by: RIPE-NCC-END-MNT

mnt-by: BSI-IVBB

mnt-by: DTAG-NIC

mnt-lower: RIPE-NCC-END-MNT mnt-routes: BSI-IVBB

mnt-domains: BSI-IVBB

source: RIPE # Filtered

person: Olaf Erber

address: Bundesamt fuer Sicherheit in der IT address: Postfach 20 03 63

address: 53133 Bonn

address: Germany

phone: +49 3018 9582 0

e-mail: This email address is being protected from spam bots, you need Javascript enabled to view it

nic-hdl: OE245-RIPE

mnt-by: DFN-NTFY

source: RIPE # Filtered

% Information related to '77.87.228.0/22AS49234' route: 77.87.228.0/22

descr: BSI-IVBB

origin: AS49234

mnt-by: BSI-IVBB

source: RIPE # Filtered

As you can see we not only get to know who owns an IP address, but also who is managing the zone, who is the responsible administrator and to which netblock it belongs (77.87.224.0 77.87.231.255). WHOIS request cannot only view you information about an IP address but also about a domain or hostname.

 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >

Related Topics

WHOIS DNS?
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel