Discovering a machines default DNS - dns

I'm writing a small DNS proxy. It listens for incoming UDP messages on a port and resolves them using a specified DNS (e.g. google's DNS 8.8.8.8) and sends the response back to the client.
I would like to be able to detect the default DNS a machines uses. Every OS has an option to obtain the DNS server address automatically. I was wondering how this is done. Is there a protocol on top of UDP or TCP, or something else entirely?
I'm using C#, but the language isn't important.

Finding which DNS the current computer uses as default is highly dependent on both which OS you use and which language you use. If you use Java or .NET, or another platform independent language you might not need to worry about the OS bit though.
Client computers usually "auto-discover" which DNS to use in the DHCP response from the DHCP server. That is when they receive their IP address they also get which DNS server to use. They might also get addresses to WINS servers and a multitude of custom options.

You can find the DNS server by typing ipconfig/all in coand prompt. This will gove you the address of your DNS server.

Related

Intercepting data on DNS server

I want to set up my own DNS server. That is, instead of using google's own public DNS servers 8.8.8.8, I want to use mine; let's say at 195.33.65.97. I want to set this up on a Cent OS server.
However, I want to add a middle layer on the server, whenever the request arrives to my DNS server, I will have control on the request. For example, if it is asking for skype.com, do not process the order.
Can this be done?
This depends on the specific DNS server you are using. However, on Linux, the bind9 server is the most common one. You can intercept / handle a domain using a zone configuration. For example:
zone "skype.com" {
type master​;
file "/path/to/blocked_domains.dns";
};
In the file "/path/to/blocked_domains.dns", you configure how to handle blocked domains (e.g. having it resolve to the address of a server in which you host an error page, for example).
See How to block or sinkhole domains in BIND for additional details.
Yes this can be done. At the very least you could write your own DNS server (it's easier than it sounds)
See Very simple DNS server

Build BIND for DMZ Linux Server

I have installed CentOS-6 server in our DMZ.
I have a public IP address which I will use for it.
Now, how should I set up its DNS in order to make it accessible from internet?
Is there any particular steps required for BIND in order to propagate the server to internet?
Thanks
to configure you can use
http://www.howtoforge.com/bind-installation-on-centos
You should refer this previous thread
https://serverfault.com/questions/153690/why-arent-our-dns-records-propagating-out-into-the-internet
There is no "propagation" so to speak; propagation is usually a term used to describe the delay in any updates made to the DNS when the old records have already been cached by some servers.
In this case, when you say that you want DNS on your server to be accessible to the Internet, you likely are planning to use BIND as an authoritative server, serving one or more zones. In that case, you will just have to ensure that TCP and UDP port 53 are open for incoming traffic from anywhere. You will set up BIND in a fairly standard manner. Just install BIND, add some zones to it.
On the zone that you're hosting, you will then refer to the hostname of the machine that you are running this BIND instance (and that hostname must be resolvable to an IP address), say ns1.myzns.com.

Can the DNS Server have source IP?

Short Question :
Since DNS is anycast, is there any way for a DNS Server to know the "first" source DNS Query originated from?
Long Question :
I've developed a custom DynDNS server using PowerDNS, I want to feed it information via web interface by users. I want the web interface to update records for each user "based on IP".
So when the DNS Server gets requests, If it could determine the source IP, it'd be easy to return records associated with that IP.
As long as I tested, the DNS Server can only know the "last" node IP on the DNS chain, not the source. Is there any way?
Regards
Google and Yahoo! submitted a draft (draft-vandergaast-edns-client-ip-01) to the IETF DNS Extensions Working Group that proposed a new EDNS0 option within DNS requests that recursive servers could use to indicate their own client's IP address to the upstream authoritative server.
The intent was to theoretically optimise the use of Content Delivery Networks by ensuring that the web server addresses returned were based on the end user's IP address, rather than on the address of the end user's DNS server.
The idea was not well received and wasn't accepted by the working group because it intentionally broke the caching layer of the DNS, and the draft has subsequently expired.
UPDATE - a variation on this has subsequently been published as RFC 7871.
Perhaps you have control of the software performing the lookup? If so, you could include the IP address as part of the request, e.g.
23-34-45-56.www.example.com
to which your custom-written server replies
23-34-45-56.www.example.com 1800 CNAME www-europe.example.com
or
23-34-45-56.www.example.com 300 A 34.45.56.67
etc.
If the client is a web browser, complications arise due to NAT, HTTP proxies, and the inability to query host interface addresses directly from Javascript. However, you might be able to do an AJAX-style lookup to a what's-my-ip service, which understands X-Forwarded-For.
Long answer to Short Question :
DNS is not anycast. Some content DNS server owners use anycasting to distribute servers in multiple physical locations around the world, but the DNS/UDP and DNS/TCP protocols themselves are not anycast. The notion simply doesn't exist at that protocol layer.
Short answer to Long Question :
No.
Expansion
As noted, there's nothing in the DNS protocol for this. Moreover, the relationship between front-end and back-end transactions at a caching resolving proxy DNS server is not one-to-one.
You'll have to use whatever client differentiation mechanisms exist in the actual service protocol that you're using, instead of putting your client differentiation in the name→IP address lookup mechanism. Client differentiation for other services doesn't belong in name→IP address lookup, anyway. Such lookup is common to multiple protocols, for starters. Use the mechanisms of whatever actual service protocol is being used by the clients who are communicating with your servers.

DNS Server Refusing Connection

I am implementing a dns client, in which i try to connect to a local dns server, but the dns server is returning the message with an error code 5 , which means that its refusing the connection.
Any thoughts on why this might be happening ?? Thanks
DNS response error code 5 ("Refused") doesn't mean that the connection to the DNS server is refused.
It means that the DNS server refuses to provide whatever data you asked for, or to do whatever action you asked it to do (for example a dynamic update).
Since you mention a "connection", I assume that you are using TCP?
DNS primarilly uses UDP, and some DNS servers will refuse all requests over TCP.
So the solution might be as simple as switching to UDP.
Otherwise, assuming you are building your own DNS client from scratch, my first guess would be that you are formatting the request incorrectly. Eventhough the DNS protocol seems fairly simple, it is very easy to get this wrong.
Finally, the DNS server may of course simply be configured to refuse requests for whatever you are asking.
explicitly adding the network from which i wanted to allow-recursion fixed this problem for me:
these two lines added to /etc/bind/named.conf.options
recursion yes;
allow-recursion { 10.2.0.0/16; };
Policy enforcement?
The DNS server could be configured to accept only connections from certain hosts.
Hmm, if you're able to access StackOverflow you have a working DNS server SOMEwhere. Try doing
host -v stackoverflow.com
and look for messages like
Received 50 bytes from 192.168.1.1#53 in 75 ms
then pick the address out of that line and use THAT as your DNS - it's obviously willing to talk to you.
If you're on Windows, use NSLOOKUP for the same purpose. Your name server's address will be SOMEwhere in the output.
EDIT:
When I'm stuck for a DNS server, I use the one whose address I can remember most easily: 4.2.2.2 . See how that works for you.
You might try monitoring the conversation using WireShark. It can also decode the packets for you, which might help you determine if your client's packets are correctly encoded. Just filter on port 53 (DNS) to limit the packets captured by the trace.
Also, make sure you're using UDP and not TCP for queries; TCP should be used primarily for zone transfers, not queries.

website/webserver outbound ip address

I am hoping there is a simple answer to this! My webserver has a number of IP addresses. one particular website has one of these IP addresses mapped to it. On said website, I have a java applet which is making outbound http requests.
Now, I am wondering what is the IP address that people will see for my server? Will they see the machine's default IP address or the IP address mapped in IIS for this website?
Java applet? So it's client side? It feels like a red herring.
The IP people will "see" (if they go looking) is whatever you set in the DNS, surely...
Perhaps you should specify which "people" you expect to see seeing your IP. If you mean the people owning the server you are making HTTPS requests to, and this is client side, they will see the IP of the website user. They won't see any of your IPs.
If this is server-side logic (ie something like a Java servlet), they will see whichever IP is the default outbound IP on that server. In some situations on some servers, the server will use the mapped IP, but as soon as you layer things out through connectors, it's anybody's guess which network adapter/IP actually gets used.
The java applet will be run by your visitors. So the IP address to be seen will be the visitor one and not one that your server owns.

Resources