Skip to main content

What will happen if we make local DNS root DNS ?

 DNS is the backbone of internet. We will simply find lots of blog about DNS mentioning about it being a phonebook also helps to find out  the authoritative IP for the querying domain name. DNS itself is quite a vast topic and there are different entities associated with it. There are things like recursive query , iterative query, forward zone, reverse zone, forwarding, conditional forwarding and so on. 

Let me know briefly describe about adding a root zone that I recently came across and some interesting changes that I came across after adding it. Root hints are a list of the DNS servers on the Internet that your DNS servers can use to resolve queries for names that it does not know. When a DNS server cannot resolve a name query by using its local data, it uses its root hints to send the query to a DNS serve. We can also find the root DNS screenshot below.

Root DNS are used in conjunction with recursion and if recursion is not used then it will only be able to answer query from its own local database. We will make our local DNS server as root dns and see what will happen. 








I have added a Zone name with a dot (.)which basically means a root DNS server. Now the local DNS will not be able to forward the query to 13 root DNS server for the query that it doesn't have database of for example google.com as all of the 13 root DNS server has been removed. We will  need to remove root from the local DNS again to do the recursive query to the 13 available root DNS.









Labels:

Comments

Post a Comment

Popular posts from this blog

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers. Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement. DESIGN The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed. SAN-A:admin> switchshow switchName: SAN-A switchType: 118.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: ...
Post a Comment
Read more

SSL Decryption FortiGate

  We have pretty much heard about SSL decryption and of malware hiding inside an encrypted traffic. A large amount of traffic in the internet is pretty much encrypted which basically means that bad things like malware, virus, ransomware can hide inside this encrypted traffic. If majority of these traffic are encrypted our Firewalls are not able to analyze these traffic which can easily infect our organization and the investment which we have done in these firewalls are wasted. There does come around a solution for this and as my topic suggest SSL Decryption also know as Deep Packet Inspection as by some IT folks. The image that I have attached down below clearly suggest about what I am trying to explain. Using deep packet inspection, the firewall simply decrypts the encrypted traffic happening  between client and server, inspects the content to find the threats and block them , then forwards it to the destination re-encrypting it . We will need to first setup the SSL/SSH in...
Post a Comment
Read more

Upgrade Catalyst C9500

Upgrading Catalyst 9500 series switch is relatively easy. The one that I'm going to upgrade today is on Install mode containing packages.conf file. Install mode consumes far less resources in compared to the traditional bundle mode and has some advantage like auto upgrade when configured in stacked mode. We can talk about the difference between bundle and install mode later on. Let's focus on upgrading the Catalyst 9500 switch. Switch I am trying to upgrade is in 17.03.03 which has some bugs and security vulnerabilities. I am upgrading it from 17.03.03 to 17.6.5(MD) golden image present in the cisco download site for C9500 series switch and also reading down the linked document from cisco that is what they recommend. You can have a look at it . https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/221498-recommended-releases-for-catalyst-9200-9.html We will first need to create FTP username and password in the switch. The username and password must b...
1 comment
Read more