Posts filed under ‘DNS and Bind’

How to troubleshoot DNS Issues with Wireshark

Hi Folks

Until recently I was a big fan Microsoft Message Analyzer. Unfortunately , Microsoft deprecated the product.So I decided to switch to Wireshark. I will not be going through the basic operations of wireshark as there are plenty of good video tutorials on the Internet.

In this article , I will focus on how to capture DNS packets on a BIND server and filter the packets for known queries and the response codes.

Step1: Start the capture on the BIND server

Step2: After running sample queries , Press CTRL & C to end the capture and transfer the .pcap file to the wireshark.

Once you open the .pcap file in the Wireshark , you can use the below filters to display the required data.

** To filter based on the queried domain name **
dns.qry.name == “hotmail.com”

** To filter MX queries **
dns.qry.type == 15

** To filter SERVFAIL response **
dns.flags.rcode == 2

You could use ! to exclude a filter in the search for example to exclude dns.qry.type == 15
!dns.qry.type == 15

For detailed list of DNS Response Codes & other DNS parameters refer the below URL’s.

https://support.umbrella.com/hc/en-us/articles/232254248-Common-DNS-return-codes-for-any-DNS-service-and-Umbrella-

https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml

Good Luck.

June 17, 2020 at 2:23 pm Leave a comment

Sub Domain Delegation using Bind

Hi All

When you are administrating the Bind you may come across to host a sub domain delegated to another DNS server from a different provider.These requests are usually from the Web Hosting Provider which helps them to modify the required records on their own using their Name Server.

In this scenario   open the zone file in for eg:-  test.com and add the following lines ( Adding Sub domain “sample.test.com”)

;Sub Doman delegation for the domain  sample.test.com

$ORIGIN sample.test.com.

@     NS       ns1.webhost.com. (Other DNS Severs  , you could add multiple lines of DNS servers)

NS       ns2.webhost.com.

Regards

 

 

January 28, 2013 at 12:43 pm Leave a comment

How to force the DNS Propogation by changing the TTL Values

Hi

I am writing this tip for DNS Administrators who wants to speed up porpogation changes by playing with TTL (Time to live) values For Eg:-

Assuming that you are changing the IP Address of http://www.test.com by default the Bind (Linux based DNS Server) the TTL Value is set for 7200 which is 2 hours as a global parameter.which will control the expiry time / refressh interval for your DNS records in other DNS servers cache .

Therefore if you want to change the TTL value only for the http://www.test.com as 5 minutes you could edit the ZONE file as follows

$ORIGIN test.com
www 300 A 1.1.1.1(Replace it with your Actual IP Address)

(here 300 denotes 5 Minutes )and restart the named services.

Same concept is applicable for the Windows based DNS Servers as well//

January 19, 2013 at 2:04 pm Leave a comment


Archives

Categories

Follow Hope you like it.. on WordPress.com

Blog Stats

  • 32,534 hits

%d bloggers like this: