這篇一兩年前答應了同學要放出來,結果一直忘記XD。
DNS(Domain Name System)的功能最基本就是查詢domain或ip的資訊,目前可以解析的Type有:A、NS、CNAME、SOA、PTR、MX、TXT、AAAA、LOC以及SRV。
DNS解析有兩個重點,DNS domain儲存方式並不是一般字串而已,詳細可以看DNS and BIND, 5th Edition - O'Reilly Media的第15.2章。
大概說一下:
第一個,儲存方式:
假設一個domain為「www.facebook.com」,那麼在封包裡會以表示成「\x03www\x08facebook\x03com\x00」,每一層前面一個byte表示後面的字串的長度。
第二個,壓縮:
在response封包裡,同一個domain可能會出現多次,上面講的儲存方式中的表示長度的byte,假設最高兩個bit都是1(0xc0),表示接下來一個byte是offset,這個offset是從DNS封包開頭開始算的offset,就是接下來這層domain字串的位置。
如果稍微了解過DNS會知道,每一層domain長度最大是63,這個數字剛好是八個bit扣除表達壓縮的兩個bit後的長度。
那麼還是要講一下,這個範例只是練習而已,實際上有現成的library(libresolv)可以解析DNS表頭,要拿出去實戰的工具記得還是要用現成的東西,別造輪子。
執行結果(Type A):
192.168.1.10(54884) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 633| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: www.google.com
Type: A
Class: IN
8.8.8.8(53) -> 192.168.1.10(54884)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 633| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 1|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: www.google.com
Type: A
Class: IN
Answers:
Name: www.google.com
Type: A
Class: IN
TTL: 160
Data Length: 4
Address: 216.58.200.36
執行結果(Type NS):
192.168.1.10(49693) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 29648| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: isc.org
Type: NS
Class: IN
8.8.8.8(53) -> 192.168.1.10(49693)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 29648| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 4|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: isc.org
Type: NS
Class: IN
Answers:
Name: isc.org
Type: NS
Class: IN
TTL: 4601
Data Length: 13
Name Server: ord.sns-pb.isc.org
Name: isc.org
Type: NS
Class: IN
TTL: 4601
Data Length: 7
Name Server: sfba.sns-pb.isc.org
Name: isc.org
Type: NS
Class: IN
TTL: 4601
Data Length: 25
Name Server: ns.isc.afilias-nst.info
Name: isc.org
Type: NS
Class: IN
TTL: 4601
Data Length: 6
Name Server: ams.sns-pb.isc.org
執行結果(Type CNAME):
192.168.1.10(49923) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 62928| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: 5-edge-chat.facebook.com
Type: A
Class: IN
8.8.8.8(53) -> 192.168.1.10(49923)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 62928| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 2|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: 5-edge-chat.facebook.com
Type: A
Class: IN
Answers:
Name: 5-edge-chat.facebook.com
Type: CNAME
Class: IN
TTL: 1834
Data Length: 12
CNAME: star.c10r.facebook.com
Name: star.c10r.facebook.com
Type: A
Class: IN
TTL: 16
Data Length: 4
Address: 157.240.15.16
執行結果(Type SOA):
192.168.1.10(55659) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 43230| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: www.google.com
Type: SOA
Class: IN
8.8.8.8(53) -> 192.168.1.10(55659)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 43230| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 1| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: www.google.com
Type: SOA
Class: IN
Authority:
Name: google.com
Type: SOA
Class: IN
TTL: 59
Data Length: 38
Primary Name Server: ns1.google.com
Responsible Authority's Mailbox: dns-admin.google.com
Serial Number: 190759656
Refresh Interval: 900
Retry Interval: 900
Expire Time: 1800
Minimum TTL: 60
執行結果(Type PTR):
192.168.1.10(52005) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 8319| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: 8.8.8.8.in-addr.arpa
Type: PTR
Class: IN
8.8.8.8(53) -> 192.168.1.10(52005)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 8319| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 1|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: 8.8.8.8.in-addr.arpa
Type: PTR
Class: IN
Answers:
Name: 8.8.8.8.in-addr.arpa
Type: PTR
Class: IN
TTL: 21599
Data Length: 32
Name: google-public-dns-a.google.com
192.168.1.10(54936) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 54369| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: 3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.c.0.8.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa
Type: PTR
Class: IN
8.8.8.8(53) -> 192.168.1.10(54936)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 54369| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 1|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: 3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.c.0.8.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa
Type: PTR
Class: IN
Answers:
Name: 3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.c.0.8.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa
Type: PTR
Class: IN
TTL: 21599
Data Length: 21
Name: tj-in-x63.1e100.net
執行結果(Type MX):
192.168.1.10(64457) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 13466| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: google.com
Type: MX
Class: IN
8.8.8.8(53) -> 192.168.1.10(64457)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 13466| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 5|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: google.com
Type: MX
Class: IN
Answers:
Name: google.com
Type: MX
Class: IN
TTL: 599
Data Length: 17
Preference: 40
Mail Exchange: alt3.aspmx.l.google.com
Name: google.com
Type: MX
Class: IN
TTL: 599
Data Length: 9
Preference: 20
Mail Exchange: alt1.aspmx.l.google.com
Name: google.com
Type: MX
Class: IN
TTL: 599
Data Length: 9
Preference: 50
Mail Exchange: alt4.aspmx.l.google.com
Name: google.com
Type: MX
Class: IN
TTL: 599
Data Length: 9
Preference: 30
Mail Exchange: alt2.aspmx.l.google.com
Name: google.com
Type: MX
Class: IN
TTL: 599
Data Length: 4
Preference: 10
Mail Exchange: aspmx.l.google.com
執行結果(Type TXT):
192.168.1.10(64292) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 15584| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: google.com
Type: TXT
Class: IN
8.8.8.8(53) -> 192.168.1.10(64292)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 15584| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 2|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: google.com
Type: TXT
Class: IN
Answers:
Name: google.com
Type: TXT
Class: IN
TTL: 3599
Data Length: 36
TXT Length: 35
TXT: v=spf1 include:_spf.google.com ~all
Name: google.com
Type: TXT
Class: IN
TTL: 299
Data Length: 46
TXT Length: 45
TXT: docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
執行結果(Type AAAA):
192.168.1.10(51732) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 7567| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: www.google.com
Type: AAAA
Class: IN
8.8.8.8(53) -> 192.168.1.10(51732)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 7567| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 1|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: www.google.com
Type: AAAA
Class: IN
Answers:
Name: www.google.com
Type: AAAA
Class: IN
TTL: 146
Data Length: 16
Address: 2404:6800:4012::2004
執行結果(Type LOC):
192.168.1.10(55335) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 31301| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: local
Type: SOA
Class: IN
8.8.8.8(53) -> 192.168.1.10(55335)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 31301| Flags: 0x8183|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 1| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: local
Type: SOA
Class: IN
Authority:
Name: <root>
Type: SOA
Class: IN
TTL: 12825
Data Length: 64
Primary Name Server: a.root-servers.net
Responsible Authority's Mailbox: nstld.verisign-grs.com
Serial Number: 2018032701
Refresh Interval: 1800
Retry Interval: 900
Expire Time: 604800
Minimum TTL: 86400
執行結果(Type SRV):
192.168.1.10(56361) -> 8.8.8.8(53)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 567| Flags: 0x0100|
+-------------------------+-------------------------+
| Questions: 1| Answer: 0|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: _http._tcp.mxtoolbox.com
Type: SRV
Class: IN
8.8.8.8(53) -> 192.168.1.10(56361)
Protocol DNS:
+-------------------------+-------------------------+
| Transaction ID: 567| Flags: 0x8180|
+-------------------------+-------------------------+
| Questions: 1| Answer: 1|
+-------------------------+-------------------------+
| Authority: 0| Additional: 0|
+-------------------------+-------------------------+
Questions:
Name: _http._tcp.mxtoolbox.com
Type: SRV
Class: IN
Answers:
Service: _http
Protocol: _tcp
Name: mxtoolbox.com
Type: SRV
Class: IN
TTL: 3599
Data Length: 21
Priority: 10
Weight: 100
Port: 80
Target: mxtoolbox.com
Source code on Github
沒有留言:
張貼留言