Re: Query "resolver" and "lwresd" via "dig"
Jun Xiang X Tee wrote: > > I wish to know efficient ways to query "resolver" and "lwresd". To my > understanding, "resolver" is the iterative full DNS resolver, "resolver" is a generic term. I think you are thinking of "named", BIND's DNS server. > and "lwresd" is the lightweight resolver daemon. > > I plan to use "dig" to query both of them. I am not able to find a way > to query "resolver" using "dig". `dig` is a DNS client, not a lwres client, so it'll work as a client for named. The lightweight resolver is a weird beast that is designed to move most of the DNS logic out of the libc stub resolver into lwresd. lwresd is an alias for named which enables the nonstandard lightweight resolver protocol. BIND doesn't have a command-line lwres client, just some test harnesses. lwres is hardly ever used and can mostly be ignored. Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Trafalgar: Northerly 4 or 5, but easterly 6 to gale 8 in far southeast. Moderate, occasionally rough in far southeast. Fair. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
UDP Packet Hack
Dear all, I am working on hacking UDP packets returned to "dig" client. I wish to include some extra information about the "digged" domain (e.g., facebook.com) at Additional Section of "dig" reply in TXT format. The ideal result is to be able to see the hacked UDP packets having the extra information using tools such as Wireshark. For the past two weeks, I have searched through many articles online and asked many people on how to do this, but I am still confused on where "dig" gets the UDP packets from. Below are my questions: (1) Does "dig" get its UDP packets from "named" server? Or "lwresd" server? Or others? (2) For hacking purpose, I should work on BIND9 source codes. I don't need to install BIND9 using "apt-get install", right? (3) Lastly, the most important question: How should I configure DNS server for "dig"? What I am doing now is going into "bin/dig" folder and run something like "./dig google.com". I think what I should do is "./dig @chosen_DNS_server google.com", but I do not know how to configure the server. It will be great if someone can shed some lights on my questions. I have stuck for two weeks with zero progress, and have already thought about switching to another software. Haha. Thanks! Regards, Jun Xiang Tee ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
disable ipv6 source query
We are moving our v6 DNS from F5 to anycast, since F5 can translate address from v6 to v4, our backend servers are still only v4 and we never have problem to resolve hostname with v4 only. Now for anycast, I want to enable v6 with private address only, but seems like named favors v6 and using it to source query other nameserver, it will try v4 if v6 fails, like this(I've configured source-query-v6 address ::1 so v6 always fails): 21:04:33.303536 IP6 ::1.34892 > 2001:dcd:1::7.53: 33940% [1au] A? example.com. (48) 21:04:34.146521 IP 1.1.1.1.58822 > 2.2.2.2: 55501% [1au] A? example.com. (48) My question is how to config named to only using v4 address to query other nameserver, but still keep an listening v6 address? Thanks in advance!! Hillary ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: UDP Packet Hack
On Wed, 2016-06-22 at 01:06 +, Jun Xiang X Tee wrote: > I am working on hacking UDP packets returned to "dig" client. I > wish to include some extra information about the "digged" domain > (e.g., facebook.com) at Additional Section of "dig" reply in TXT > format. The ideal result is to be able to see the hacked UDP packets > having the extra information using tools such as Wireshark. You can't change what the authoritative servers for the facebook.com domain return. You could hack a server in between your dig client and Facebook, though - dig requests info from your server, your server requests info from Facebook, your server modifies the response from Facebook, your server returns the modified response to dig (or whatver made the query) You would need to either return the new information in a form compatible with what dig expects, or you would have to hack dig as well. If you did that, ordinary clients might no longer be able to use the server. >I am still confused on where "dig" gets the UDP packets from. dig makes its own outbound UDP packets (and TCP packets don't forget!). Inbound packets come from whatever server is responding to dig's request. Below are my questions: > (1) Does "dig" get its UDP packets from "named" server? Or "lwresd" > server? Or others? >From whatever server its request went to. You could find out by watching the traffic with eg Wireshark. If you specify the server to dig with @server, then that is the server sending responses packets to dig. > (2) For hacking purpose, I should work on BIND9 source codes. I > don't need to install BIND9 using "apt-get install", right? If you are building and installing from source, right. > (3) Lastly, the most important question: How should I configure DNS > server for "dig"? You don't need to unless you are modifying the protocol. The server will not know it is "dig" querying it; as far as the server is concerned it's just receiving and responding to queries from clients. > I think what I should do is "./dig @chosen_DNS_server > google.com", but I do not know how to configure the server. Not sure what you mean by "configure the server". What DO you mean by "configure the server"? Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable ipv6 source query
server ::/0 { bogus yes; };
In message
, Hillary
Nelson writes:
> We are moving our v6 DNS from F5 to anycast, since F5 can translate address
> from v6 to v4, our backend servers are still only v4 and we never have
> problem to resolve hostname with v4 only.
>
> Now for anycast, I want to enable v6 with private address only, but seems
> like named favors v6 and using it to source query other nameserver, it will
> try v4 if v6 fails, like this(I've configured source-query-v6 address ::1
> so v6 always fails):
>
> 21:04:33.303536 IP6 ::1.34892 > 2001:dcd:1::7.53: 33940% [1au] A?
> example.com. (48)
> 21:04:34.146521 IP 1.1.1.1.58822 > 2.2.2.2: 55501% [1au] A? example.com.
> (48)
>
>
> My question is how to config named to only using v4 address to query other
> nameserver, but still keep an listening v6 address?
>
> Thanks in advance!!
> Hillary
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: UDP Packet Hack
(1) Does "dig" get its UDP packets from "named" server? Yes. tcpdump -n -i lo0 port domain $ dig www.allpowerlabs.com 20:36:28.073280 IP 127.0.0.1.10588 > 127.0.0.1.53: 18890+ A? www.allpowerlabs.com. (38) 20:36:28.210557 IP 127.0.0.1.53 > 127.0.0.1.10588: 18890 1/3/3 A 75.119.212.174 (166) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: UDP Packet Hack
Sorry, but isn't this almost exactly the same question which you asked
in: https://lists.isc.org/pipermail/bind-users/2016-June/097012.html
("Append a Hard-coded Text Tuple into Additional Section of "dig"
Feature") ? And "Query "resolver" and "lwresd" via "dig"" ?
Perhaps if you explained what you are actually trying to *accomplish*,
and *why*, people here might be able to provide you with a more useful
answer.
dig simply performs DNS queries and displays the results. It provides
some knobs, like the ability to specify the server to query, to set
specific flags, etc, but fundamentally it is just a client with
performs DNS lookups and prints the results.
"DESCRIPTION
dig (domain information groper) is a flexible tool for
interrogating DNS name servers. It performs DNS lookups and displays
the answers that are
returned from the name server(s) that were queried. Most DNS
administrators use dig to troubleshoot DNS problems because of its
flexibility, ease of
use and clarity of output. Other lookup tools tend to have less
functionality than dig."
If you want to stuff some other information into the additional
section (almost definitely a bad idea!) you will first need a good,
fundamental understanding of how the DNS works -- I'd suggest you
start of by reading "DNS and BIND" by Cricket -
http://shop.oreilly.com/product/9780596100575.do
There are many things you will need to know first, like, who do you
want to include this? The authoritative server or the recursive? Who
is going to consume this additional information?
As I said, a much clearer explanation of what you want to actually
accomplish, and why, will allow people to provide useful answers...
W
On Tue, Jun 21, 2016 at 9:06 PM, Jun Xiang X Tee wrote:
> Dear all,
>
>
> I am working on hacking UDP packets returned to "dig" client. I wish to
> include some extra information about the "digged" domain (e.g.,
> facebook.com) at Additional Section of "dig" reply in TXT format. The ideal
> result is to be able to see the hacked UDP packets having the extra
> information using tools such as Wireshark.
>
>
> For the past two weeks, I have searched through many articles online and
> asked many people on how to do this, but I am still confused on where "dig"
> gets the UDP packets from. Below are my questions:
>
> (1) Does "dig" get its UDP packets from "named" server? Or "lwresd"
> server? Or others?
>
>
> (2) For hacking purpose, I should work on BIND9 source codes. I don't need
> to install BIND9 using "apt-get install", right?
>
>
> (3) Lastly, the most important question: How should I configure DNS server
> for "dig"?
>
> What I am doing now is going into "bin/dig" folder and run something
> like "./dig google.com".
>
> I think what I should do is "./dig @chosen_DNS_server google.com",
> but I do not know how to configure the server.
>
>
>
> It will be great if someone can shed some lights on my questions. I have
> stuck for two weeks with zero progress, and have already thought about
> switching to another software. Haha. Thanks!
>
>
> Regards,
>
> Jun Xiang Tee
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: disable ipv6 source query
On Tuesday, June 21, 2016, Mark Andrews wrote:
>
> server ::/0 { bogus yes; };
Eeeeww! That's gross, but in a bizarrely satisfying way.
W
>
> In message <
> cajs9+yby3vl3kehtjmt58ekqrf6qazfvt3khvy05q26lmpt...@mail.gmail.com
> >, Hillary Nelson writes:
> > We are moving our v6 DNS from F5 to anycast, since F5 can translate
> address
> > from v6 to v4, our backend servers are still only v4 and we never have
> > problem to resolve hostname with v4 only.
> >
> > Now for anycast, I want to enable v6 with private address only, but seems
> > like named favors v6 and using it to source query other nameserver, it
> will
> > try v4 if v6 fails, like this(I've configured source-query-v6 address
> ::1
> > so v6 always fails):
> >
> > 21:04:33.303536 IP6 ::1.34892 > 2001:dcd:1::7.53: 33940% [1au] A?
> > example.com. (48)
> > 21:04:34.146521 IP 1.1.1.1.58822 > 2.2.2.2: 55501% [1au] A? example.com.
> > (48)
> >
> >
> > My question is how to config named to only using v4 address to query
> other
> > nameserver, but still keep an listening v6 address?
> >
> > Thanks in advance!!
> > Hillary
> >
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
