Differences

This shows you the differences between two versions of the page.

--- networking:dns [2022/11/07 17:08] – oscar
+++ networking:dns [2023/08/26 07:01] (current) – oscar
@@ Line 1: / Line 1: @@
 ====== Domain Name Server (DNS) ======
-We use two different local DNS servers on various systems: Unbound and Dnsmasq.
+----
 ===== Unbound vs Dnsmasq =====
-Unbound, like Bind is a full DNS resolver which can talk directly to the DNS root servers. Dnsmasq is only a forwarder, it will ask your nearest DNS (mostly the ISP's servers or Google). Thus, a forwarders answers are an implicit trust in the DNS server chain that you are using. It's in that sense less secure that it may not return what the root servers would return. In the worst case that is an attack or unwanted advertising.
+We use two different local DNS servers on various systems: Unbound and Dnsmasq. Unbound, like Bind is a full DNS resolver which can talk directly to the DNS root servers. Dnsmasq is only a forwarder, it will ask your nearest DNS (mostly the ISP's servers or Google). Thus, a forwarders answers are an implicit trust in the DNS server chain that you are using. It's in that sense less secure that it may not return what the root servers would return. In the worst case that is an attack or unwanted advertising.
 ===== Querying DNS services =====
 Using dig command you can query DNS name servers for your DNS lookup related tasks. Dig stands for domain information groper.
-=== Simple query ===
+==== Simple query ====
 Standard query using the default DNS server configured on your system
 <code>
@@ Line 36: / Line 36: @@
   * **ADDITIONAL SECTION**: This displays the ip address of the name servers listed in the AUTHORITY SECTION.
   * **Stats section** at the bottom displays few dig command statistics including how much time it took to execute this query
-=== Use specific DNS server ===
+==== Use specific DNS server ====
 By default dig uses the DNS servers defined in your **/etc/resolv.conf** file. If you like to use a different DNS server to perform the query, specify it in the command line as **@dnsserver**.
-=== Short Output Using dig +short ===
+For example use directly the name server of TransIP (ns0.transip.net):
+  dig +short TXT @ns0.transip.net. oscardegroot.nl
+==== Short Output Using dig +short ====
 To view just the ip-address of a web site (i.e the A record), use the short form option as shown below.
 <code>
@@ Line 45: / Line 47: @@
 .86.60.198
 </code>
-=== Limit output to specific section ===
+==== Limit output to specific section ====
 The response can be limited to any of the sections. E.g. the next only displays the ANSWER SECTION.
 <code>
@@ Line 54: / Line 56: @@
 oscardegroot.nl.        13296   IN      A       83.86.60.198
 </code>
-=== Query Record types ===
+==== Query Record types ====
 With the -t option you can select a specific record type. This is one of: **a, any, mx, ns, soa, hinfo, axfr, txt**. The default is: a. Be aware that not all DNS servers have copies of all the records locally. So if this query return incomplete info, use a different DNS server.
 <code>
@@ Line 80: / Line 82: @@
 oscardegroot.nl.        300     IN      RRSIG   NSEC3PARAM 7 2 300 20210401000000 20210311000000 18644 oscardegroot.nl. acpYiIwzeUyrL  AsXeTYejnwOmFaDzW6ArA+OZUMbUZrQB9N/Mb5TB03I 8tUSa3wowD/noOepnAbE3A0Q+/gfsDNxZ4wuYmaPRPQ96OD9GJSJbhcS 5Bbd+QX0UOMKvRyEAQWPmbyXcOyLxx6a  3xgIjboeecAfb3oFZiPUdHT+ RyM=
 </code>
-=== DNS Reverse Look-up ===
+==== DNS Reverse Look-up ====
 To perform a DNS reverse look up using the ip-address using dig -x as shown below. For example, if you just have an external ip-address and would like to know the website that belongs to it, do the following.
 <code>
@@ Line 92: / Line 94: @@
 </code>
 ===== Monitor DNS requests =====
+<code>
+tcpdump -i wlan0 -n -s 0 port 53 | grep fdxx:xxx:xxxx:xxxx:xxxx:xxxx:xxx:xx
+</code>
 <code>
 script -q -c "sudo tcpdump -l port 53 2>/dev/null | grep --line-buffered ' A? ' | cut -d' ' -f8" | tee dns.log
 </code>