DNS

Question 1

What is a stub resolver?

Answer 1

Provides recursive resolution fora system

Question 2

What is a (dns) forwarder?

Answer 2

forwards dns queries to another resolver

Question 3

What is a authorative name server?

Answer 3

Has auth info on set of zones. Gets queried

Question 4

What is a TLD nameserver?

Answer 4

auth nameserver for TLD zone

Question 5

Name the 5 components of an DNS message

Answer 5

Header, Question, Answer, Authority, Additional

Question 6

Name the 6 most important DNS types?

Answer 6

A - IPv4
AAAA - IPv6
CNAME - domain name
NS - Auth name server
SOA - Start of zone authoritz
MX - Mail eXchange

Question 7

What is a DNS zone?

Answer 7

Content of a contiguous section of the domain space bounded by administrative boundaries. Each zone is in a separate file with entries called Resource Records.
- Starts with SOA record, ends with next SOA record

Question 8

What are delegations on DNS?

Answer 8

NS record pointing to authoritive NS for zone

Question 9

What are glue records?

Answer 9

Records in parent zone that resolve FQDN of NS for child zone.
Non authoritive records in parent zone

Question 10

What problem can arise if the NS records points to an IP address

Answer 10

it might not be reachable

Question 11

What problem can arise if there is a typo in the domain name?

Answer 11

Domain highjacking might be possible. Or domain name is not registrable -> reliability issue

Question 12

What is lame delegation?

Answer 12

NS record pointing to host without DNS service or without authoritive infomation

Question 13

What is Trusted Computing Base (TCB)?

Answer 13

Set of components critical to a systems security.

In DNS, a TCP consists of all zones in the delegation path for this zone.

Question 14

Name the 2 requirements for name server resilience

Answer 14

• NS which provide redundant service for the data in zone

- Servers must be placed at both topologically and geographically dispersed

Question 15

Where do we continue?

Answer 15

DNS Slide 80

Question 16

Which transport protocol does edns use?

Answer 16

It uses tcp as fallback if packets are too large

Question 17

Name 3 protocols that should enhance the security of dns?

Answer 17

Dnssec - auth & integrety
Dns enc: encryption (dns over tls) DoH
Qname minimization: protects privacy of client & reduces info sent to server

Question 18

What does dnssec add to the dns queries

Answer 18

Signs dns records with pub keys. Chain of trust from root auth server
Rrsig (resource record sign)
Dnskey: pubkey
Nsec/nsec3: next sec record

Question 19

What are pros and cons of dns enc?

Answer 19

\+ Client traffic encrypted
- internal dns can be overwritten
 ? Faster? 
? Prevents censorship? 
? Prevents collection - not at resolver level

Question 20

How does qname work?

Answer 20

It sends the exact qname only to root ns. Subsequent recursion lookups only resolve the Label for each auth ns.