Series DNS

Are you using CAA records?

With the approval of ballot 187 the Certificate Authorities must check and respect the CAA records that are found in the DNS of a domain. This additional check is active since September 17, 2017. CAA stands for Certification Authority Authorization and is a standard designed to help the owners of a domain by preventing the issuance of rogue or unauthorized SSL/TLS certificates for that domain. Why should you use CAA records All Certificate Authorities can issue domain validated certificates.

Zone transfers in The Netherlands

There are many things told about zone transfers and why it is important to restrict the use of zone transfers. The DNS zone can contain sensitive information like DKIM keys or information about the internal infrastructure. And because of this I actually thought it was not so common anymore. A while ago I ran into a nameserver with an insecure zone transfer (AXFR) setting. Allowing zone transfers for the whole world will also allow the bad guys extract useful information from a zone that can be used to create a map of the network infrastructure.

AXFR can leak sensitive information

Many services are depending on DNS and it is getting more and more used for serving information. Sometime’s companies are putting some inside information in their DNS that others do not need to know. Maybe the information that is in the DNS looks innocent, but if you are a target for criminal hackers, or state sponsored hackers, the can get very much information from your nameserver. That is why we advice to disable AXFR for the whole world.

Search for DNS records with dnsrecon

The information that you can find in a DNS zone of a domain can be very useful to pentesters and hackers. Searching for them can be time consuming and there is nog guarantee that there is some useful in formation in it. In my experience, many DNS zones contain outdated information on DNS records of systems that aren’t used anymore. With the automation of this task, you can save yourself some time.

PTR Records

When using the internet, we all use DNS records to resolve the name of websites so our computer and/or browser knows that when we go to https://binaryfigments.com the browser has to go to the webserver with the IP address 213.249.93.130 of the IPv6 address 2a01:448:1003::130. The other way around There is also a way to get a name behind an IP address. This is also a DNS record named a PTR record.