Docstoc

DNS 39

Document Sample
DNS 39 Powered By Docstoc
					                         DNS
                                                                   TWNIC



                                                                                 (
                                                 8.2.3)
                         Nimda/Code Red
                                          (.com.tw , edu.tw)

  ( remote buffer overflow )                                               DNS


                                      (
Internet Worm )          Nimda/Code Red
              IIS        Web
Outlook       Windows
                           DNS


          (lion Worm )         DNS




                                                     (                     )
                DNS                   ?


               DNS
                                                                     DNS
          :                                   (Version)
    30% DNS


                                          (Banner)        Mail/FTP/WWW
                                                                       DNS
    33% DNS
                                                                                 DNS
                                                                     (Windows DNS
                                                               )    ISC BIND DNS



                                                                     TWNIC NEWSLETTER   39
                                                               8.2.3
                               )




       Window                        ISC
                                           options { version“ What are you doing ” ;
       BIND         version
                                                  ....};
                        ISC BIND   DNS




40   TWNIC NEWSLETTER
                       DNS                                     ( zone transfer )

                                         DNS
( H O S T / I P                             )                                          AXFR
(http://rs.twnic.net.tw)
                                      DNS                   DNS                                 master
                                                DNS(primary)               slave DNS(Secondary)


                                            :
                                                              Slave                 twnic.net.tw
                                   DNS                                                      (    SOA
                                                        )                  Master
                                                                      (                          Zone
    We b / M a i l ˇ                            file)                     Master
DNS                                                         Slave
            DNS                 ISP




DNS                                                                                Master       AXFR
         DNS
(           Round-Robin)                                                              Slave
                                                            AXFR

                                                        Window:
            DNS
                                                                    IP        Slave




                _            DNS
                 UDP         (User Datagram
Protocol)




                                                                                    TWNIC NEWSLETTER     41
                (     Slave )

       ISC BIND:                        :                        Window
       Options {allow-transfer { IP;};                                         ISC BIND
           IP                                            root        DNS           DNS

       211.72.211.0/255.255.255.0=>subnet
                                                         DNS


       211.72.211/24=>CIDR

       None=>                                  AXFR

                                                         ISC BIND            :named    u named
       Any=>

                      (syslog)
                    ISC BIND                    DNS
                                                 (
                                 )                          Windows SNMP              Unix-base
                ( queries )                              sshd/ftpd/telnetd
                                                     (
       security )
                                                ISC                     DNS
       BIND                                     man
       named.conf                    Oreilly
                                                                  DNS
        DNS and BIND                   7.4
                                                                 TWNIC
            Windows
                                                                                          DNS
                     GUI

                                                                             DNS




       AXFR
                                                         Master/Slave




42   TWNIC NEWSLETTER
                                                                 DNS


                                                                              DNS




Registry/Registrar
                               DNS                                        (   mail
                                           firewall     proxy    )       DNS

DNS
                                           any.com.tw                         DNS
DNS
                                                           DNS

   DNS                                     any.com.tw

                         DNS

                                                                DNS

              ( man in the middle )                                     DNS
                                           (                           remote buffer
                                           overflow )

Web          IP1         DNS
    Web            IP2
www.yourdomain.com.tw
                                           (ccTLD.SLD.ccTLD)
      IP2                      ( mirror)
                                           DDOS

                                                DOS/DDOS                        DNS




                                                TWNIC
                                                                        tw



                                                                       TWNIC NEWSLETTER   43
                                                           IP   (     DNS
                        ccTLD                    Server)




                 tw.com.tw
       .com.tw                DNS          DNS

       query                         DNS
         HINET ( dns.hinet.net )     Hinet



               DNS query


                  tw.com.tw     NS     TWNIC




       (2001/08/30 20:00~2001/08/31 08:00,
       8hours)




                                                                      DNS
                                                 query
                                                                DNS




                                                 DN



44   TWNIC NEWSLETTER
             tw.com.tw                                            10      ( lame-ttl=600)
ccTLD.SLD.ccTLD
        Resolver                                            Resolver         DNS
   ( lookup failure)                               defname/defsearch/timeout/retry
        (              defname)
                            .com.tw/.tw/.edu.tw
                    ( lookup) www.kimo.com.tw
                Resolver          defname
                                  www.kimo
.com.tw.com.tw
        DNS                                        DN                                ccTLD
             ccTLD
                                              DN




                                   DNS
                                                        DNS
            fliter ,

                                                   Lion Worm
            Resolver                timeout
retry       timeout
            retry
                                                                       DNS
                queue
             800KB




(negative answers)
        (Lame Server)               Client
        DNS               cache



                                                                              TWNIC NEWSLETTER   45

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:10/6/2011
language:English
pages:7