socat and dig simulate DNS request on localhost DNS server - dns

I am trying to play with socat to simulate a DNS request on localhost.
Here is what I did
setup DNS server on localhost port 15353 and once request received on 15353, it will forword it to google's DNS server 8.8.8.8:53
socat -v -v TCP-LISTEN:15353,reuseaddr,fork UDP:8.8.8.8:53
Send DNS request on same localhost using dig, specify request port to 15353
dig +tcp example.com #localhost -p 15353
Below are the response I got
On socat server terminal
socat -v -v TCP-LISTEN:15353,reuseaddr,fork UDP:8.8.8.8:53
> 2023/01/24 12:46:13.030249 length=54 from=0 to=53
.4... ........\aexample.com.......).......\f.
.\b........> 2023/01/24 12:46:23.029623 length=54 from=0 to=53
.4.i. ........\aexample.com.......).......\f.
.\b........> 2023/01/24 12:46:49.002657 length=54 from=0 to=53
.4.k. ........\aexample.com.......).......\f.
.\b...Q...0> 2023/01/24 12:46:59.001639 length=54 from=0 to=53
.4... ........\aexample.com.......).......\f.
.\b...Q...0> 2023/01/24 12:47:09.001787 length=54 from=0 to=53
.4E.. ........\aexample.com.......).......\f.
On dig client terminal
dig +tcp example.com #localhost -p 15353
; <<>> DiG 9.16.1-Ubuntu <<>> +tcp example.com #localhost -p 15353
;; global options: +cmd
;; connection timed out; no servers could be reached
Anything wrong on my command ?

Here is the working solution- using socat on UDP
set up socat DNS server redirect on localhost(127.0.0.1):
sudo socat -v -v udp4-listen:15353,reuseaddr,fork udp4:8.8.8.8:53
use dig to ask for DNS of newsblur.com on port 15353 on localhost(127.0.0.1)
dig newsblur.com #127.0.0.1 -p 15353
; <<>> DiG 9.16.1-Ubuntu <<>> newsblur.com #127.0.0.1 -p 15353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21179
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;newsblur.com. IN A
;; ANSWER SECTION:
newsblur.com. 220 IN A 128.242.245.221
;; Query time: 4 msec
;; SERVER: 127.0.0.1#15353(127.0.0.1)
;; WHEN: Tue Jan 24 18:16:05 CST 2023
;; MSG SIZE rcvd: 46
The previous solution didn't work , seems because I was trying to transfer TCP to UDP ? I am not very sure yet , still figuring out why

Related

PowerDNS not sync zones from master to slave

I have installed PowerDNS on 2 VPS servers:
ns1 - 10.0.0.1
ns2 - 10.0.0.2
The Problem is the records/zones are not getting synced from Master to Slave. Here are the configurations:
Master Server:
allow-axfr-ips=10.0.0.2/32
daemon=yes
disable-axfr=no
include-dir=/etc/powerdns/pdns.d
master=yes
setgid=pdns
setuid=pdns
Slave Server:
daemon=yes
disable-axfr=yes
include-dir=/etc/powerdns/pdns.d
setgid=pdns
setuid=pdns
slave=yes
slave-cycle-interval=60
Database on Slave Server
MariaDB [powerdns]> select * from supermasters;
+-------------+------------------+---------+
| ip | nameserver | account |
+-------------+------------------+---------+
| 10.0.0.1 | ns2.example.com | admin |
+-------------+------------------+---------+
1 row in set (0.000 sec)
Both servers are running on MySQL database backend. Master is serving all records as expected but Slave server is giving this:
root#vps10:~# dig example.com #localhost
; <<>> DiG 9.16.1-Ubuntu <<>> example.com #localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 22750
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 04 22:11:39 UTC 2022
;; MSG SIZE rcvd: 45
I have also checked the Slave server and it does not have any zones from Master. Also tried this on the master server:
root#vps06:~# pdns_control notify example.com
Added to queue
Surfed the internet for any solutions but nothing was available. Can anyone guide me or point out what is wrong with my configuration?
You'll need to enable superslave and make sure your primary sends the correct notifications (NS records, ALSO-NOTIFY metadata (https://doc.powerdns.com/authoritative/domainmetadata.html?#also-notify) etc)

DNS forwarding using systemd-resolved in a consul cluster setup

I am exploring consul for service discovery purpose. Following is my consul cluster setup. I am having 3 consul servers & 2 consul clients machines in my cluster on CentOS 7 machine.
consulserver-01 - 192.168.30.112
consulserver-02 - 192.168.30.113
consulserver-03 - 192.168.30.114
consulclient-01 - 192.168.30.115
consulclient-02 - 192.168.30.116
I have successfully registered 3 .NET Core services named service1, service2 and service3 in this cluster which are running on 192.168.30.116 node.Now I want to resolve these services using dns. When i run dig #192.168.30.112 -p 8600 service1.service.consul SRV then it successfully resolves it. Now I want to use the systemd-resolved service to resolve it automatically. For this I have install systemd-resolved package on my consul client i.e. 192.168.30.116 machine and enter the following entries in the /etc/systemd/resolved.conf as
DNS=192.168.30.112
Domains=~consul
as per the link https://learn.hashicorp.com/tutorials/consul/dns-forwarding. I have also done the following iptables entries on my consul client i.e. 192.168.30.116
iptables -t nat -A OUTPUT -d 192.168.30.112 -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600
iptables -t nat -A OUTPUT -d 192.168.30.112 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600
Now i expect that when i write ping service1.service.consul on 192.168.30.116 it should give me proper IP address i.e. 192.168.30.116.
My response for dig #192.168.30.112 -p 8600 service1.service.consul SRV is as follows
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> #192.168.30.112 -p 8600 service1.service.consul SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9837
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;service1.service.consul. IN SRV
;; ANSWER SECTION:
service1.service.consul. 0 IN SRV 1 1 5555 vmdev0090.node.dc1.consul.
;; ADDITIONAL SECTION:
vmdev0090.node.dc1.consul. 0 IN A 192.168.30.116
vmdev0090.node.dc1.consul. 0 IN TXT "consul-network-segment="
;; Query time: 0 msec
;; SERVER: 192.168.30.112#8600(192.168.30.112)
;; WHEN: Thu Jul 15 11:22:25 IST 2021
;; MSG SIZE rcvd: 149
I don't know what I am doing wrong or whether my understanding is wrong. Please help in this regard.

How to get DNS to resolve the same from localhost as from remote?

I'm trying to create a home automation system that watches my dog during the day while I'm at work. My goals for this project are to learn a bit about DNS, file serving, and the RaspberryPi.
My hardware setup is as so:
1 RaspberryPi (camera enabled, and planning to use this as the web server behind my home router).
1 digital ocean mini instance (ubuntu12.04 with DNS provided via BIND).
1 macbook (testing DNS with this for now, but will later be using iPhones most commonly).
I'd like to use bubby.com as the domain name. This works when I query from my digital ocean server. However, if I try from my laptop, I get back a different ip.
Tests from digital ocean instance:
dns settings (contents of /etc/resolv.conf)
nameserver x.x.x.x
nameserver 8.8.8.8
nameserver 8.8.4.4
nslookup of bubby.com
nslookup bubby.com
Server: x.x.x.x
Address: x.x.x.x#53
Name: bubby.com
Address: y.y.y.y
(1 and 2 are correct as far as I can tell)
Tests from macbook
DNS settings from wifi (retrieved from Network Preferences):
nameservers x.x.x.x, 8.8.8.8
nslookup of bubby.com
nslookup bubby.com
Server: x.x.x.x
Address: x.x.x.x#53
Non-authoritative answer:
Name: bubby.com
Address: 216.21.239.197
Could someone help me explain why I get different results from the same dns server that are showing different addresses, even though the server/address is correct for the dns server?
Update 1: Reran test of nslookup
date && nslookup bubby.com
Sat Aug 20 05:57:01 PDT 2016
Server: x.x.x.x
Address: x.x.x.x#53
Non-authoritative answer:
Name: bubby.com
Address: 216.21.239.197
Dig bubby.com from laptop
date && dig bubby.com #192.241.227.149
Sat Aug 20 06:06:27 PDT 2016
; <<>> DiG 9.8.3-P1 <<>> bubby.com #x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18813
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bubby.com. IN A
;; ANSWER SECTION:
bubby.com. 3600 IN A 216.21.239.197
;; Query time: 132 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Aug 20 06:06:27 2016
;; MSG SIZE rcvd: 43
Dig hubby.com from digital ocean server with dns
date && dig bubby.com #x.x.x.x
Sat Aug 20 13:12:36 UTC 2016
; <<>> DiG 9.8.1-P1 <<>> bubby.com #x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;bubby.com. IN A
;; ANSWER SECTION:
bubby.com. 604800 IN A y.y.y.y
;; AUTHORITY SECTION:
bubby.com. 604800 IN NS ns.bubby.com.
;; ADDITIONAL SECTION:
ns.bubby.com. 604800 IN A y.y.y.y
;; Query time: 2 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Aug 20 13:12:36 2016
;; MSG SIZE rcvd: 76
Update 2: DNS lookup from laptop while specifying another DNS server
date && nslookup ip.smartydns.com 87.117.205.40
Sat Aug 20 09:12:09 PDT 2016
Server: 87.117.205.40
Address: 87.117.205.40#53
Non-authoritative answer:
Name: ip.smartydns.com
Address: 82.196.5.38
Look at the dig output from your laptop, notice the AUTHORITY: 0. The reason for this is because this answer is not coming form your Digital Ocean instance (I have tested form several different locations, and I always get the same results as you get when you test from the instance itself), but from some other DNS server that is not authoritative for bubby.com.
The final smartyDNS test confirmed it: someone/something between you and and the rest of the internet (most probably your ISP or compromised home router) is acting as 'Transparent DNS proxy', intercepting your DNS queries and redirecting them to their own DNS server.
If you want to be sure, since probably only UDP/TCP port 53 is intercepted, you can try changing BIND to listen at some other port, then test from both digital Ocean instance and your laptop with dig querying that new port:
dig bubby.com #192.241.227.149 -p 5555
You should this time get the same results.

Is this getent hosts answer wrong

I have some DNS issues and I am trying to figure out if this is a correct I should get when I run this on VPS
getent hosts test.com
69.xx.xx.xxx server.test.com server www.test.com www test.com test testuser
for other sites the answer looks like this
getent hosts justhost.com
74.220.195.132 justhost.com
Are the first result ok? where are the values taken from?
Update:
If it helps
nslookup test.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
server can't find test.com: NXDOMAIN
dig #localhost test.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56197
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 24 14:32:24 2015
;; MSG SIZE rcvd: 41
Pinging the ns1 gives me the correct server ip
Pinging the domain name gives me the old server ip
Is this usual?
From an analysis on intoDNS (http://www.intodns.com/blackcatadvertising.com) it seems that the nameserver are not setted properly. Check both on your DNS provider (if it's not you) and on cPanel how they are setted. If you are sure that they are right as they are right now I would ask when did you created the domain? Sometime is required after the creation in order to let the DNS spread
fixed via How to fix a dig command with status: REFUSED?, basically I had to edit names.conf to have allow-query to any, and restart names

Why does my domain not linking with godaddy hosting after I transferred the domain name from godaddy to big rock?

I recently transferred the domain(v3foods.in) from godaddy to big rock because there was an issue for violating the rules which I didn't do wantedly. So I paid the fine and transferred the domain. Now when I try to link with the same old hosting it is not linking up. It is showing like A record not found which I entered and maintained for more than 48hrs. I feel like I made a mistake somewhere so can someone help me.
So you can query for the NS like this :
nslookup -q=ns v3foods.in
reply is :
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
v3foods.in nameserver = dns3.bigrock.in.
v3foods.in nameserver = dns1.bigrock.in.
v3foods.in nameserver = dns4.bigrock.in.
v3foods.in nameserver = dns2.bigrock.in.
Your Ping Data is now pointing to this Host
ping v3foods.in
PING v3foods.in (23.229.248.68) 56(84) bytes of data.
64 bytes from ip-23-229-248-68.ip.secureserver.net (23.229.248.68): icmp_req=1 ttl=56 time=68.8 ms
This is also the A record
Your Dig is now set for a very long time(in my opinion if you dont pay for DNS query set this to 5 min..)
dig v3foods.in
; <<>> DiG 9.8.1-P1 <<>> v3foods.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36816
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;v3foods.in. IN A
;; ANSWER SECTION:
v3foods.in. 21595 IN A 23.229.248.68
;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Dec 22 17:50:13 2014
;; MSG SIZE rcvd: 44
And this is the result from the NameServer at bigrock.in
> v3foods.in
Server: dns3.bigrock.in
Address: 67.15.253.219#53
Name: v3foods.in
Address: 23.229.248.68
>
If you can login into your hosting server run : ifconfig
this will show you the hosting External IP the format you will get will be eth0 - > inet addr: SERVER EXTERNAL IP
It seem like a straight A record Issue point to the right IP .. hope this help

Resources