# DNS (53)

Protocol Information

The DNS system is responsible for translating human-readable hostnames into machine-readable IP addresses, and vice versa. **`DNS recursive resolver`** is activated, which makes several requests:\ \- Root Name Server *(are 13)*\ *-* Top Level Domain *(.com, .it,* [*CountryCode*](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)*, etc.)*\ *-* Authoritative Name Server *(example.com)*. **`DNS Records`** provides specific information.\ \- `NS` : Returns the DNS servers (NameServers) of the domain, responsible for the Authoritative Name Server of the zone.\ \- `A` : Hostname to IPv4.\ \- `AAAA` : Hostname to IPv6.\ \- `PTR` : IP to Hostname.\ \- `CNAME` : Associate an alias with a hostname, with the hostname associated with an A. *e.g., A for hackthebox.eu and CNAME for [www.hackthebox.eu](http://www.hackthebox.eu)*\ \- `MX` : Mail Exchange, identifies hosts that will accept emails for a specific host. Returns the responsible mail servers.\ \- `TXT` : Contains various textual information.\ \- `ANY` : To get all records, but RFC8482 specifies that they would be dropped, so they might not respond.\ \- `SOA` : It provides information about the corresponding DNS zone and the e-mail address of the administrative contact. The SOA record is found in a domain's zone file and specifies who is responsible for operating the domain and how DNS information for the domain is managed. The dot (.) is replaced by a snail symbol (@) in the email address.

## Port

Port	Description
53 UDP	DNS (unencrypted)
53 TCP	DNS (encrypted)

## Config File The hosts file is located at: * **Windows**: `C:\\Windows\System32\drivers\etc\hosts` * **Linux** e **MacOS**: `/etc/host` and `/etc/resolv.conf` [Bind9](https://www.isc.org/bind/) * `/etc/bind/named.conf.local` * `/etc/bind/named.conf.options` * `/etc/bind/named.conf.log` Change DNS {% code overflow="wrap" %} ```bash sudo vim /etc/resolv.conf # sudo chattr +i/-i /etc/resolv.conf ``` {% endcode %} {% code overflow="wrap" %} ```bash nmcli connection # Connection Name sudo nmcli connection modify "" ipv4.dns ", " sudo systemctl restart NetworkManager ``` {% endcode %} ## Interact {% tabs %} {% tab title="Enumeration" %} {% code overflow="wrap" %} ```bash host -t [] ``` {% endcode %} {% code overflow="wrap" %} ```bash nslookup -query= [] nslookup -type= [] ``` {% endcode %} {% code overflow="wrap" %} ```bash dig [@] ``` {% endcode %} {% endtab %} {% tab title="Website" %}

Website	Details
Hurricane Electric	For the enumeration of DNS TYPEs.
viewDNS	For many specific DNS information.
DNSDumpster	Discover hosts related to a domain.

{% endtab %} {% endtabs %} ## Attacks ### [Zone Transfer](https://ivalexev.gitbook.io/rednote/pentesting-process/information-gathering/active#zone-transfer) ### [Other attacks](https://securitytrails.com/blog/most-popular-types-dns-attacks#content-dns-tunneling) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ivalexev.gitbook.io/rednote/utility/service/dns-53.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.