Testbed of DNS Installation and Deployment In Real Environment
Testbed DNS Installation
=
System Infrastructure and Installation
===
Our testbed has been implemented to see the process of DNS flow. The blue shapes of figure.1 are the local servers that have been installed such as Name Server and its sub-Name Server, Resolver Server, Web Server.
Registered Domain
bekhinfosec.be have been pointed to two name servers:
ns1.infosec.unamur.be (stands as parent zone and child zone which resolves sub-domain is ns2.bekhinfosec.be)
ns1.infosec.unamur.be : 138.48.246.201
ns2.bekhinfosec.be : 138.48.246.202
ns2.infosec.umamur.be (not installed)
Figure 1. Testbed Architecture
Servers Installation
Name Sever Installation and Configuration
We use Ubuntu Server version 20.04 as Operating System and in order to make name server we use bind9 and the process of installation as below:Update system and Package Installation
Sudo apt-get update
Sudo apt-get install bind9 dnsutils
Zone Configuration file and Zone file
In the location of /etc/bind
Sudo nano named.conf.local
For example: ns1.infosec.unamur.be : 138.48.246.201
zone "bekhinfosec.be" IN {
type master;
file "/var/lib/bind/db.bekhinfosec.be";
};
zone "246.48.138.in-addr.arpa" IN {
type master;
file "/var/lib/bind/db.246.48.138.in-addr.arpa";
};
That we store the zone file and its reverse file in the location of /var/lib/bind
File: db.bekhinfosec.be
$TTL 1H
@ IN SOA @ hostmaster.bekhinfosec.be. (
0 ; serial
1H ; refresh
1H ; retry
1W ; expire
1H ) ;minimum
@ IN NS ns1.infosec.unamur.be.
ns1 IN A 138.48.246.201
www IN NS ns2.bekhinfosec.be.
ns2 IN A 138.48.246.202
host1 IN A 138.48.246.203 ;
Reverse zone file: db.246.48.138.in-addr.arpa
$TTL 1H
@ IN SOA @ hostmaster.bekhinfosec.be. (
0 ; serial
1H ; refresh
1H ; retry
1W ; expire
1H ) ;minimum
@ IN NS ns1.infosec.unamur.be.
ns1 IN A 138.48.246.201
www IN NS ns2.bekhinfosec.be.
ns2 IN A 138.48.246.202
host1 IN A 138.48.246.203
201 IN PTR ns1.infosec.unamur.be.
202 IN PTR ns2.bekhinfosec.be.
203 IN PTR host1.bekhinfosec.be.
For the sub name server the process, installation and configuration is the same as parent zone. For named.conf.local in this installation it is put the same name and location. And for the zone file is like below:
File: db.bekhinfosec.be
$TTL 604800
@ IN SOA @ hostmaster.bekhinfosec.be. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns2.bekhinfosec.be.
ns2 IN A 138.48.246.202
www IN A 138.48.246.205
Reverse zone file: db.246.48.138.in-addr.arpa
$TTL 604800
@ IN SOA @ hostmaster.bekhinfosec.be. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns2.bekhinfosec.be.
ns2 IN A 138.48.246.202
www IN A 138.48.246.205
202 IN PTR ns2.bekhinfosec.be.
205 IN PTR www.bekhinfosec.be.
Below is the most common used syntax for our installation and configuration
# Check syntax and zone in configuration and restart service:
Sudo named-checkconf
sudo named-checkzone bekhinfosec.be db.bekhinfosec.be
sudo named-checkzone 246.48.138.in-addr.arpa db.246.48.138.in-addr.arpasudo service bind9 restart
sudo service bind9 status
Resolver Installation and Configuration
To install resolver server there are many open-source can be used, but in this testbed, we have used unbound package to implement our local resolver.
Update system and Package Installation
Sudo apt-get update
Sudo apt-get install unbound
Configuration file in the location /etc/unbound/
Sudo nano unbound.conf
For example: our resolver: 138.48.246.204
server:
directory: "/etc/unbound"
username: infosec
interface: 138.48.246.204
interface: ::0
access-control: 138.48.246.0/24 allow
access-control: 172.0.0.1 allow
access-control: ::1 allow
access-control: 0.0.0.0/0 deny
access-control: ::/0 deny
# In case you want to limit the ttl of cache of your resolver
# cache-max-ttl: 30
# cache-min-ttl: 0
serve-expired: no
# In case you want to base on other public resolver (google)
#forward-zone:
# name: "."
# forward-addr: 4.2.2.2
# forward-addr: 4.2.2.1
# forward-first: yes
Restart and service check up
sudo systemctl restart unbound.service
sudo systemctl status unbound.service
- Web Server installation
To resolver the name of one machine, we have made web hosting to represent that machine. We used nginx as web server.
Update system and Package Installation
Sudo apt-get update
Sudo apt-get install nginx
Create project folder and file in the location /var/www/bekhinfosec.be/index.html
<!DOCTYPE html>
<html>
<head>
<style>
title {text-align: center;}
h1 {text-align: center;}
</style>
<title> Welcome to My Page</title>
</head>
<body>
<h1> Here is my Testbet Page</h1>
<p> Welcome to my pages and this page is for testing only</p>
</body>
</html>
File configuration (site) in a location /etc/nginx/sites-available/bekhinfosec.be
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/bekhinfosec.be;
index index.html;
server_name bekhinfosec.be www.bekhinfosec.be;
location / {
try_files $uri $uri/ =404;
}
}
Then we have to create a hard link for other directory is sites-enabled
sudo ln -s /etc/nginx/sites-available/bekhinfosec.be /etc/nginx/sites-enabled/bekhinfosec.be
finally, we have to restart nginx
sudo systemctl restart nginx
To check error of your configuration you can use:
Sudo nginx -t
- Client machine configuration
For client machine we just need to assign the resolver and name to resolv.conf file so we can test our connection. In the location of /etc/resolv.conf
Sudo nano /etc/resolv.conf
Search bekhinfosec.be
Nameserver 138.48.246.204
- Traffic Capturing
As we installed our system in Proxmox as VM so to capture traffic we can use tcpdump or you can install wireshark to capture the data
Wireshark Installation
Sudo apt-get update
Sudo apt-get upgrade
Sudo apt-get install wireshark
For this process we don’t see the whole connection from client to Name Server because we have tested it and the data have been cached in the resolver: 138.48.246.204. But if you see like this it means that your testbed has been working well. For example you can test with: www.bekhinfosec.be you will see the result of testing page (index.html):
File:Media/image4.pngWe can use tcpdump and save in pcap file then it can be opened with wireshark.
Sudo tcpdump -in vmbr0 port 53 -w testing.pcap
Vmbr0 is the vitual interface of my network in proxmox and we capture only dns traffic (port 53)
