Home » Posts tagged "dnssec"

掃網域下主機名稱的方式...

原文是講滲透測試的前置作業,需要將某個特定 domain 下的主機名稱掃出來:「A penetration tester’s guide to sub-domain enumeration」。

最直接的還是 DNS zone transfer (AXFR),如果管理者沒設好 DNS server 的話,這會是最快的方式。當沒有這個方法時就要用各種其他方式來掃了。

看了一下有幾種方式:

應該有人可以提到所有的東西再寫成程式 XD

CloudFlare 全面支援 DNSSEC

CloudFlare 宣佈全面支援 DNSSEC 了:「Announcing Universal DNSSEC: Secure DNS for Every Domain」。

另外也因為現在需要把 public key 手動 copy & paste 到 DNS 註冊商會很麻煩 (而且有可能會貼錯),所以 CloudFlare 的人試著往 IETF 標準化這件事情:

At CloudFlare, we care about advancing what’s possible on the Internet, so we have published an Internet Draft proposing a protocol for DNS providers such as CloudFlare to communicate directly to registries and registrars. We are pushing it to become an accepted Internet Standard RFC.

Google Public DNS 支援 DNSSEC 驗證...

Google Public DNS 開始支援 DNSSEC 驗證,讓 DNS 查詢更安全:「Google Public DNS Now Supports DNSSEC Validation」。

一般的查詢還是可以查到:

; <<>> DiG 9.8.1-P1 <<>> bogussig.dnssec.tjeb.nl @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40844
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bogussig.dnssec.tjeb.nl.       IN      A

;; ANSWER SECTION:
bogussig.dnssec.tjeb.nl. 422    IN      A       178.18.82.80

加上 DNSSEC 選項後就可以把有問題的抓出來:

; <<>> DiG 9.8.1-P1 <<>> bogussig.dnssec.tjeb.nl @8.8.8.8 +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61704
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;bogussig.dnssec.tjeb.nl.       IN      A

Archives