Introduction to DNS Recursion

The Internet’s DNS structure is often (accurately) described as hierarchical with authoritative servers sitting at the top of the structure.  However because of this setup it is essential that all DNS servers are able to communicate with each other in order to supply response to the name queries which are submitted by clients.

This is because although we would expect our companies internal DNS server to know all the addresses of internal clients and servers, we wouldn’t expect it’s database to contain every external server on the the internet.     Although in the early days of the internet, most DNS servers did contain an entire list of connected server addresses, nowadays that would simply not be feasible or in fact very sensible.

When a DNS server needs to find an address which is not in it’s database, it will query another DNS server on behalf of the requesting client in order to find the answer.    The server in this instance is actually acting in the same way as a client by making a request to another DNS server for the information, this process is known as recursion.

It’s actually quite difficult to detect whether a query is answered by recursion or by directly when troubleshooting DNS queries.    You need to be able to listen to all a DNS servers traffic in order to identify a recursive query.   The additional query (recursive one) is generated after the DNS serverc has checked it’s local database in order to resolve the query.  If this isn’t successful the DNS server will generate the additional request before replying to the client.   This is also dependent on the recursion bit being set in the initial query from the client too, as this allows the server to ask another server if the answer is not in it’s own database.

The recursive query is merely a copy of the initial DNS request and it has the effect of turning the server into a client. You can notice if you analyse the traffic that the transaction ID numbers will change in order to differentiate the initial query from the recursive query sent by the DNS server.   It’s important to keep a note of these transaction IDs when troubleshooting DNS traffic as it’s easy to get confused as many of the packets will look very similar.  If you are trying to analyze something more complicated like the modern, intelligent Smart DNS servers like these – http://www.proxyusa.com/smart-dns-netflix-its-back then it’s even more important to keep track of these transactions.  This is because these DNS servers actually make decisions on how to route the traffic in addition to resolving queries.

 

Domain Name System Packet Structure

The Domain Name System (DNS) is one of the most vital protocols used on the internet, it basically holds everything together. DNS links all the web friendly names to IP addresses without DNS you’d need to memorize the IP address of every server or resource you wanted to visit online.

DNS servers hold databases of resource records which contain the mappings that allow devices to resolve IP addresses to DNS names and vice versa. These databases are generally made accessible to any device that requests them or other DNS servers. If you’ve ever had anything to do with DNS you’ll know that although the basic principles of DNS are quite straight forward the overall architecture can be very complicated particularly with regards to the internet.

In this initial article we’re going to cover some of the basics of the DNS packet structure, which is in many ways very different to other protocols used to communicate online.

DNS Packet Structure

  • DNS ID – Associates DNS responses with corresponding queries.
  • (QR) Query/Response – Simply identifies whether packet is a query or response packet.
  • (AA) Authoritative Answers – When this value is set it indicates that the Name server is the ultimate authority for that domain.
  • (RD) Recursion Desired – DNS client requires a recursive query if answer not available.
  • (RA) Recursion Available – DNS Server supports recursive queries.
  • (RC) Response Code – Used to identify any errors
  • Questions Section – Variable section which contains all the queries to be resolved
  • Answers Section – Variable section which contains responses to queries.
  • Authority Section – Variable section which contains records pointing to authoritative name servers if required.

There are more components of the DNS packet but these are the important ones which contain the bulk of the information i.e. the query and answer. This is how a simple DNS query will be performed – a client wishes to know an IP address (or DNS Name) will send the query to a DNS server, the server will send the answer in it’s response.

The simplest DNS transaction will take place in just two packets i.e the query and the response. You can see it quite easily by using a packet capture program like wireshark and in fact DNS exchanges are a very good way to start packet analysis because the majority are relatively straight forward. There are exceptions of course, indeed we are increasingly seeing modified DNS services used to access US media sites like Netflix like this article – http://www.onlineanonymity.org/proxies/the-return-of-us-dns-netflix/ describes.

There are a few things to remember when studying and troubleshooting DNS traffic and one of the most important is that DNS relies on UDP as it’s transport mechanism. This is useful to know because if you do use something like Wireshark to analyse you’ll notice lots of UDP traffic and that it condenses the beginnings of the packet into a single flags section which can be difficult to follow initially.

Remember though the vast majority of DNS traffic is very simple, consisting of a query and a response. There is more information in the packet but essentially it’s a question and an answer – if you need to see all the data and resource record types they are here – DNS Resource Parameters.

Residential IP Gateways

For anyone with a significant interest in working online, your IP address is important, it’s a vital part of your online presence.     Most people don’t really care about their address, as long as you have a valid IP address you can get online.   However there are distinctions about these addresses which can make a huge difference to your online experience.

Often the first indication people have that their IP address is of any relevance is when they find themselves getting blocked somewhere.   You might click on a video or website and get redirected to a message ‘sorry not available in  your country’ or you might try and view a website and get redirected somewhere else.   What’s generally to blame is where your IP address is registered and this behaviour is called ‘region locking’.  It’s extremely common and annoying especially if you’re settling down to watch the BBC News live while on holiday outside the UK for example.

This is all factored around the geographical location where you’re IP address is assigned to.  Which is why it usually becomes evident when people travel or go on their holidays, suddenly they find they can’t access the websites that they used to.  Watching domestic TV, streaming videos or accessing their online banking and things like that suddenly become very difficult when you’re outside your usual location.

People have found ways around this, normally you can hide your location by using a proxy or VPN service.  However this only works on a basic level, because there are other restrictions which stop these working mainly centered around the IP classification.   You see many websites now also look one step further than simply location – they look at the classification of the address and whether it originates from a commercial or residential origin.

Anyone who makes their living online is likely to need a little more control.  After all operating in a global market like the internet, getting blocked all the time because of location and what sort of IP address you have is going to be extremely inconvenient.   Sure you can use traditional proxies which are mostly run from datacentres but they too have significant problems.  The issue is that websites increasingly block access to all but residential IP addresses, they just want ordinary home users which means none of these proxy solutions actually work.  The alternative is to use VPNs that have residential IP addresses and gateways built in (read more here)

However it’s much, much harder to set up a residential IP gateway than it is a commercial one.  For instance you can’t just roll up to Comcast or BT and ask it to assign you a few hundred IP addresses, they use those for domestic customers only.   They are appearing but at the moment they are fairly hard to find and extremely expensive.  You have to be careful though as some of these ‘solutions’ actually piggy back domestic customers computers like the not recommended Hola which is a huge security risk to use.

World Wide Web Proxies – Web Proxy List

In the earliest days of the web in 1990, web proxy servers were usually referred to as gateways.  In fact the very first web gateway was created at CERN by the original WWW team , headed by Tim Berners-Lee.

Gateways are effectively devices which are used to forward packets between different networks. These devices can vary in complexity from simple pass through devices to complex system which are able to understand and convert different protocols.   It was in 1993 that the name Web Proxy Server was chosen as a standard term to describe the different types of Web gateways.

Web Proxy Server

These can be further classified into two distinct categories:

Proxy Server – internet/firewall gateways which act in response to client/PC requests.

Information Gateway – gateways which act in response to server requests.

However these are quite broad specification and below you will find some details of the key properties of the proxy servers and associated gateways.  Remember that these classifications can be affected by any application software which is installed on the proxies so they are not necessarily just the simple servers you find on web proxy lists – which are normally just basic Glype installations.   Particularly you may find that destinations and transparency may sometimes  be modified.

Proxy Server Properties

These are the general properties which can be applied to any specific proxy server, there are variations which will affect these.

Transparency: these proxies do not modify the data passing through them. They will perform any filtering specified by rules but this will not affect the end result. The connection will be the same if it was direct or through the proxy server.

Control: the client will determine whether it is uses the proxy or not.  This is typically controlled on the client by specifying the address of the proxy or through client based software.

Destination: the final destination of any request is not affected by any intermediate proxy.  In fact a client or user will often be completely unaware of the existence of the proxy.

Proxies can provide all sorts of features some of which might affect these properties.   They can be used to provide specific access controls, filtering, logging and even simply to speed up access to remote web resources through caching features.

It is in corporate environments that the transparency properties of proxies has usually been modified.  Frequently these firewall proxy servers will sit in the DMZ (Demilitarized Zone) and control both inbound and outbound traffic.  They will accept network requests from clients and forward them out to the internet if approved, then relay the replies back to the clients.   Most of these will also operate caching services to ensure that duplicate requests don’t generate more network traffic and bandwidth charges.

The other advantage of the dual role proxies is that it can act as a single entry point for internet access.   This means that all requests can be logged and monitored allowing an element of control to web access through the company infrastructure.  It also allows replies to be monitored for harmful code such as malware and viruses, this is an important extra layer of security to protect the internal network.

Changing Your IP Address Quickly

For those who work or spend a lot of time online, having one IP address is always enough. The problem is that the way the internet has developed the single address which is assigned to your internet connection is often at best inconvenient but often extremely limiting. The problem is that you have absolutely no control over the address which is assigned to you, yet it is used to control your access to many of the world’s biggest websites.

cyberspace-1757801_640

Take for example YouTube, when someone uploads a video they have the option to control which countries it is accessible from. So major publishers will often release in specific countries and deny access to others, your IP address is used to enforce these controls. Ever wanted to check the news or a TV show broadcast from a TV station based in a different country? Well most of the time you can’t because the vast majority of media streaming on these sites is restricted to the country they are based in. Want to watch the French News on a Parisian TV channel to improve your language skills? Sounds a sensible use of the internet, yet you’ll get blocked unless you get on a plane and take your laptop to France, crazy huh!

So that’s it the reality is that region locking alone will effectively block huge parts of the internet from every single one of us. I think my most frustrating experience of this was when I tried to listen to the cricket on holiday, I thought that I would be able to watch BBC iPlayer outside the UK yet alas I was very wrong – you can only watch/listen to the BBC online from the UK.

Which is why people are starting to get fed up of this, after all the internet wasn’t designed to be segmented and blocked on all these levels. The solution is actually very simple, you just need the ability to switch your internet address when required – a quick IP changer to bypass the thousands of blocks and filters applied across the web.

How does This Work? Well it’s actually quite simple although you cannot change your real IP address, unless you happen to own an ISP – you can effectively hide your address by using proxies or VPN servers. All you do is to connect to a VPN server in a different country and then browse the internet as normal. Instead of seeing your real address the only visible IP address will be that of the VPN server, so by using a network of these servers across the world you can view any website you wish and effectively bypass any blocks based on location.

Realistically this could be a very difficult procedure continually reconnecting to different VPN servers but many companies have made this much simpler. They have implemented simple software programs which allow you to point and click to switch servers and effectively changing your IP address

Classification of IP Addresses

If you’re looking for a VPN or proxy solution to switch your IP address, then there’s certain information you should be aware of regarding the classification of these addresses.   Most people who use VPNs to change their addresses are normally concerned with only one factor – the country that the IP address is registered too.

This is because many of these services are used specifically to bypass the growing trend of region locking operated media sites.  Sites like Hulu, BBC, NBC and in reality most of the major entertainment sites usually restrict access to their home countries – so for example you would have to be in the UK to watch all the British TV channels, whereas the US stations like ABC are only accessible to American IP addresses.   So people will use a US VPN to watch US sites, and UK ones to watch UK channels and so on.   In fact this is so important that most services provide servers located in most larger countries to allow their users the most flexibility in their web browsing.   Not all companies do this, but if you want to access a particular website you should determine that they have a server in the same country if you want to access it.

The above video demonstrates some of the options available and how region locking can be accessed, but it has recently become even more complicated. The problem lies not in the location of the IP address but in the classification. Most IP addresses are listed as either being commercial or residential. Commercial ones are used mostly by companies and run from datacentres or corporate networks whereas residential addresses are assigned usually from ISPs to home computers. Increasingly media sites are choosing to block all access from commercial IP addresses primarily to try and enforce their region locking attempts.

Netflix where the latest company to do this, and overnight nearly all commercial VPN services stopped working with this website much to the annoyance of thousands of users who access Netflix with a VPN. Now you need to use a residential VPN to access any of the Netflix global sites. That is the IP address assigned to the VPN server you connect to must be classified as a residential one or it simply won’t work.

A few of the VPN services have adapted to this change and offer residential IP addresses although they are more expensive to obtain that the more plentiful commercial addresses. If you want to access something like Netflix though it is essential they have these classified addresses or they just won’t work.

Configuring VPN Routers for a Small Office

There are various models from various manufacturers are offered on the market. Geared toward internet providers, this specific model gives a complete universal services solution. The main reason is that several models have some extra features that might be helpful for you, but they’re also expensive with regard to budget. There are many diverse models of Cisco soho routers to select, and you’ll need to look into the differences before purchasing the one that you will need.

fast USA proxy

Lots of people say they’re likely to acquire their CCNA, they begin studying, but because they never specify a date, they never ever seem to choose the exam. A CCNA or CCNP candidate who would like to be totally ready for their exams is likely to collect a house lab to practice on. Honestly, the moment you cover your exam, a magical thing will take place! It is fairly necessary for you to learn about this exam. The CCNA exam does not have any pre requisites. Cisco certification supplies you quality assurance and dependability. Determining individual network requirements together with a bit of research will be certain the resources supplied by Cisco are beneficial.

There are a number of different review sites, and a wide array of information about the different models of router. To locate the suitable place to buy the refurbished equipment, you will need to do a little bit of research online where you’ll find several businesses that offer used Cisco equipment. It is possible to now use the web to make calls throughout the world instaed of utilizing a normal phone. Because of this, you ought to carefully design your network prior to starting deploying OSPF. A safe network is important to any businesses. It is typically employed for connection to the world wide web and other computer network. The very first step you will need is an online connection, you have to make sure it’s one which allows resale so that you will probably need a business online connection.

One concern that any corporate network has is security, the owner of the network is ultimately responsible for it’s traffic.   So if anyone is downloading anything they shouldn’t, perhaps pirated movies using anonymous torrenting sites then these will be tracked down to the company network.  There are two aspects that should concern the network owner – traceability and prevention.   The latter is by far the best option, make sure the router has the facility to block specific sites, in a bigger company you’re going to need a dedicated proxy or firewall but for a few clients there are routers which will supply these functions.  Content filters should be used if you have any number of clients and want to allow internet access,

You will need to check that the chief router have an active web connection before it is linked to the secondary router. You’ll need to get the perfect router to be certain that several distinct computers may be used. Establishing a wireless router is very simple. Today wireless routers act as the optimal/optimally solution for internet connection. Configuring this new router is now effortless in comparison to the old Linksys interface, since it let’s you manage the fundamental security settings easily. Cisco’s 1841 router was made with the more compact branch office in mind. Cisco soho routers are the perfect answer to your business needs and will guarantee that you’ve got a dependable source whatsoever times.

Cisco provides a high degree of support and data for their devices. Cisco can be thought to be a top name within the IT industry. Cisco supplies a high degree of support and data for their devices.

Switches will surely help your network get the most out of your resources. There are two kinds of managed switches. Fully managed switches enable the user full charge of the settings.

Switching Digital Identities Through VPNs

Once upon a time, no-one really used VPNs (Virtual private Networks) outside the corporate environment.  IT Support staff would use them to dial into networks to restart servers or reset some user accounts from home and laptop users would use a VPN to tunnel back to download email or a documents from their home share.   Nobody would really use this technology in their private life, except perhaps those who really understood how completely insecure the internet was.   This has now changed and now literally millions of people use virtual private networks every single day of their lives.

The main focus of the VPN is of course security, when you are using the internet via a VPN then all your data travels through an encrypted connection between you and the server.  Without this protection the majority of your data flies across the shared hardware of the internet mainly in clear text.   It stops your emails being intercepted, hides your login details and keeps your web destinations private however this has not been the primary driver in the use of this technology.

The real attraction is due to the way that the internet has become segmented over the last decade or so.  During the inception years of the internet, your location was largely irrelevant – if you were online you were exactly the same as any other user.  Of course some people were browsing over fast computers on dedicated data lines, whereas others where logging on to an ancient computer coupled to a standard telephone line and modem.   Yet  the principles of what people could access were exactly the same, there was no discrimination or segregation based on your physical location.

This is not now the case, in fact where you are located will heavily influence your online experience.  Browsing the  web from China is very different from downtown Chicago and I’m not talking about language localizations, but what you can access.  China is of course an extreme example as they heavily control what you can access over the internet, but even if you’re in a country who’s Government doesn’t filter the web – you’ll still find blocks and controls all over the place.   Your digital identity is effectively linked with  the physical location of your IP address and is used by web site owner to determine what you can see or not.  Ever tried to play a YouTube video and found that ‘this is not available in your country’? More often than not it will be down to a copyright or licensing issue. The same will happen, on thousands of websites across the world – your location will determine your access.

This can become tiresome, it’s not so bad if your digital identity is based on an American IP address for example because you’ll mostly get access to all the biggest media sites. However even then, there are loads of popular sites your location will deny you like the BBC iPlayer for example.
However if you’re somewhere a little more remote or obscure you’ll find yourself blocked from millions of web pages and treated somewhat like a web pariah.

It’s frustrating, yet it all is easily bypassed by simply hiding your real IP address. Most people aren’t able to modify their address because it is controlled by their ISP but if you connect to a VPN then your address will be determined by the location of the VPN server. Which is why companies like IPVanish and Identity Cloaker have produced VPN software which allows you to click any country and choose the IP address you want.

Echo-Chargen

Careful router configuration can lessen the effect of such floods. Both of these commands are very helpful, but they just get the job done for the ext2 filesystem. It is possible to add any other handy commands here too. Make certain you type the entire command on a single line. Each CSV file appears slightly different based on the fields it contains. This file includes a list of users who aren’t permitted to log in the host utilizing ftp. Any Cisco configuration file that has encrypted passwords ought to be treated with exactly the same care employed for a cleartext list of those exact same passwords. For instance, if you prefer to discover when a new user logs in to an internet server.
coding-926242_640

A user who can log into the router might be able to utilize it like a relay for additional network attacks. If an incorrect password is typed in, the feasible attacker (or standard user!) You may pick between a worldwide password or a password for some image. Obviously, enabling password encryption is vital. You also need to configure authentication working with the ip http authentication command. If Kerberos isn’t in use at an internet website, disable both services and utilize ssh.

The daemon is not going to write to a file should it not already exist, so make sure to touch any log files which have been specified. Clearly, a number of other daemons could gain from this as well. Of course, they could benefit from this sort of arrangement as well. Configuring the daemon is going to be discussed later within this tutorial. This daemon has been successfully exploited previously, and must be disabled. The daemon, together with the command, can offer network performance statistics.

Virtually every router should save yourself system logging information to a regional RAM buffer. You must make sure your network doesn’t utilize asymmetric routing before enabling this feature. One way of making a private network isn’t to install servers whatsoever, just clients. So as to get ready for the joyful day in the future when permanent, high-speed connections to the Internet is going to be offered in my region, I decided it turned out to be a very good notion to begin investigating security problems. Generally, HTTP accessibility is equivalent to interactive accessibility to the router.

The service is just another holdover from when networks were friendly, and security wasn’t a prime concern. When a specific service gets heavily used, clearly, it causes a load on the computer system. The telnet service gives users the capability to log into the system remotely, employing a typical telnet client.

Study your file to find out what services are being supplied by your inetd program. Unless the environment demands using PC-NFS, this entry ought to be disabled. The most essential portion of the Debian system is the capability to put in a package and possess the dependencies satisfied automatically. Balancing the nice and bad in each and every service can be challenging, but it is a crucial portion of keeping a system safe. Within your network you wish to telnet from 1 machine to another, you need to run an internal mail assistance, etc..

Network Analysis Using TCPDump

Should you need to observe any IPv6 traffic in your capture it’s possible to select IPv4 only. You’re able to specify networks also. There are lots of network monitoring utilities accessible to debug networked applications. It’s a widely-known program that provides an assortment of choices to gather just the details you want from the network. Unfortunately mastering this tool completely isn’t a simple task. These tools are especially vital for technical staff. Originally written by Van Jacobsen to analyze TCP performance issues, it’s still an adequate tool for this job, but a lot of features are added since then.

A fast hack might be the subsequent. Just like all things Linux, there are lots of tactics to get this done. Should you be using Solaris, you may use snoop to locate the CDP packets, but it doesn’t format the data nicely. It can be used with tcpdump (with regard to usage and options). Tcpdump gives a review of the form of protocol related at a certain time to ping peaks. Finally, it prints some information about the packet. TCPDUMP even demonstrate these sequence numbers.

monitor-1307227_640-1

Generally you will require root permission in order to capture packets on an interface. You can imagine this as something very similar to if statements. Typically, if the expression comprises shell metacharacters, it’s simpler to pass it like a simple, quoted argument. In practice, if it contains shell metacharacters, it is easier to pass it as a single, quoted argument. If no expression is provided, all packets on the web is going to be dumped. The expression includes one or more primitives. In fact, negating an expression a part of complex expressions syntax and we’re going to discuss complex expressions a modest later. Remember always get as near as the host as possible, rather than through a switch or hub not directly connected. Trying to use TCPDump over an encrypted tunnel can be confusing, as I discovered trying to use it to resolve the Netflix VPN ban as in this post.

You may also copy and paste the proper command into the terminal application to prevent typing mistakes. The whole path to the device name isn’t required. Simply take another look at the headers and see whether you may determine the field which has the VLAN tag info. You would be right about this, except for a single problem. Establishing the identity, you can’t be certain whether the issue lies with the customer or the server. The issue is it attempts to resolve every single IP address it meets. There are two methods to work out this issue. It is fantastic for tracking down network troubles or monitoring activity.

You may tell to quit capturing after a specific range of packets using the flag followed by the quantity of packets to capture. It is also possible to specify Ethernet addresses. At length, if you prefer to make absolutely certain you find the most possible information that’s being captured use the verbosity alternatives. A number of the info printed by tcpdump is a little cryptic, especially since the format differs for each protocol. It is simple to get information regarding packets of a specific protocol with the aid of tcpdump. It also includes a self-explaining help page.

You may capture packets from at the most 5 objects at once. Using should capture so much as the biggest RIP packets. You are able to get the packets depending on the protocol type. It doesn’t understand various protocols. The fundamental interfaces for each of these modules is the very same.  You can even specify a source or destination port utilizing similar commands. Additionally, it sets output to line-buffered so that I am able to observe packets once they arrive (). It doesn’t, however, produce any output. The verbose switch is useful especially if you’re trying to determine the location perhaps of a remote French IP address, see this.

The filter parameter is put on at the end of the command line. An extremely practical tcpdump filter is the capability to filter on various protocols. Unix shell has special comprehension of what brackets employed for. On the opposite hand, loosing valuable part of packets may be very critical. It is possible to use two standard kinds of network specifications. The format is designed to be self-explanatory. Occasionally, you might stumble upon an edition of tcpdump that needs an exceptional flag to be set to be able to enable promiscuous mode, but typically, tcpdump will make an effort to enable it by default.