1
00:00:03,300 --> 00:00:10,170
Now on this Windows computer I'm going to change the DNS server to the Cisco Rhoda

2
00:00:13,760 --> 00:00:25,230
so go to the Ethernet settings rather than using Google as the DNS server and CloudFlare.

3
00:00:25,230 --> 00:00:32,660
I'm only going to specify my local reporter as the DNS server now in this example.

4
00:00:32,660 --> 00:00:37,410
I've configured the right to accept a DNS queries and answer them.

5
00:00:37,430 --> 00:00:43,710
And if it doesn't know the answer to forward it to Google this is once again a Cisco broader.

6
00:00:43,890 --> 00:00:47,440
But to your home right it probably does something very very similar.

7
00:00:47,490 --> 00:00:53,280
So if I type show run piping collude which basically allows me to look for a command and search for

8
00:00:53,280 --> 00:01:01,920
DNS you can see that I've enabled IP DNS server so the writer will act like a DNS server show IP right

9
00:01:01,980 --> 00:01:09,390
shows us that it has a default or brought to a router physically in my local network that say another

10
00:01:09,390 --> 00:01:14,430
Cisco rider that actually physically connects me out onto the Internet.

11
00:01:14,430 --> 00:01:18,240
This device can ping Google dot com.

12
00:01:18,450 --> 00:01:30,230
So if I type show run pipe include name typically I would have IP Name Server something like this but

13
00:01:30,230 --> 00:01:34,280
it actually got to that because the outside interface.

14
00:01:34,280 --> 00:01:43,490
In other words the interface connecting this device to the Internet is using DHEA P so through DHEA

15
00:01:43,510 --> 00:01:48,800
P It learnt the default gateway it also learned to the DNS server information.

16
00:01:48,800 --> 00:01:52,840
So once again it could paying David Bumble dot com as an example.

17
00:01:52,850 --> 00:02:03,350
Now the P.C. won't be able to ping right of one dot whom dot com as an example because the broader isn't

18
00:02:03,350 --> 00:02:13,130
configured with that information on the Cisco router if I try and ping rather one dot home dot com that's

19
00:02:13,130 --> 00:02:18,080
not going to work because it doesn't know about that domain.

20
00:02:18,200 --> 00:02:21,070
Notice it's actually trying to get to the Internet right.

21
00:02:21,080 --> 00:02:24,340
To try and find out what did that domain is.

22
00:02:24,650 --> 00:02:35,000
But if I type IP host and specify a hostname like Rod or one home dot com and then specify an IP address

23
00:02:36,020 --> 00:02:43,250
of let's say 10 dot wonder wonder to fly for the local writer this writer will be able to ping itself

24
00:02:43,850 --> 00:02:53,150
it's done a name resolution locally and the P.C. will also be able to ping that domain I'm gonna flush

25
00:02:53,180 --> 00:03:05,270
the DNS cache so it doesn't have any cached entries locally and then ingenious 3 all run a y short capture

26
00:03:05,270 --> 00:03:15,820
here and what we'll filter for is DNS so basically we'll see a DNS request from the P.C. going to the

27
00:03:15,820 --> 00:03:26,740
right and the broader replying if it does a DNS request so ping are one whom dot com that works in why

28
00:03:26,740 --> 00:03:35,680
a shark we can see the DNS request from another random or ephemeral port going to Port 53 but the DNS

29
00:03:35,680 --> 00:03:46,420
server is 10 1 1 2 5 4 which is the local router it's asking for the IP address of this domain name

30
00:03:47,020 --> 00:03:57,310
and the rowdies replying back saying the IP address of that domain name is 10 1 1 2 5 4 so standard

31
00:03:57,310 --> 00:04:04,270
query for an A record because this is IP version 4 but in this case the query went to the broader now

32
00:04:04,270 --> 00:04:09,880
the road is going to forward on DNS queries that it doesn't know the answer to and we can prove that

33
00:04:09,880 --> 00:04:14,620
by running a y shock capture between the broader and the Internet.

34
00:04:14,650 --> 00:04:15,810
So on this link.

35
00:04:16,750 --> 00:04:22,640
So we're seeing a whole bunch of traffic because that is bridge to my physical network.

36
00:04:22,930 --> 00:04:30,910
But once again what I'll do here is filter for DNS can see some other DNS queries are really taking

37
00:04:30,910 --> 00:04:31,620
place.

38
00:04:32,540 --> 00:04:38,480
On the windows P.C. I'll ping David Bumble dot com once again.

39
00:04:38,480 --> 00:04:40,880
You don't have to use ping you could use an as lookup.

40
00:04:40,880 --> 00:04:42,380
So let me show you that as well.

41
00:04:42,380 --> 00:04:48,710
But notice it did get resolved and it looks like it didn't get forwarded

42
00:04:51,870 --> 00:04:55,790
so let's do an honest look up for a different domain.

43
00:04:55,800 --> 00:05:03,420
Let's say Cisco dot com resolution is this IP address so notice.

44
00:05:03,420 --> 00:05:04,590
There we go.

45
00:05:04,620 --> 00:05:08,220
We've done an NSA lookup notice in this case.

46
00:05:08,430 --> 00:05:13,480
It's a DNS query for both the IP version for address.

47
00:05:13,500 --> 00:05:21,390
So we've got a query for the a record Cisco dot com and then we've also got a query for the IP version

48
00:05:21,390 --> 00:05:23,960
6 IP address.

49
00:05:24,000 --> 00:05:31,980
So in this case the reply came back saying this is the IP address of Cisco IP version 4 and this is

50
00:05:31,980 --> 00:05:36,960
the IP version 6 address and we can see that here.

51
00:05:36,960 --> 00:05:45,450
IP version 6 an IP version 4 in our y shock capture notice that the source IP addresses 1 9 2 1 6 8

52
00:05:45,450 --> 00:05:52,380
1 67 which is actually the road show IP interface brief shows us that that is the IP address of the

53
00:05:52,380 --> 00:05:59,920
router so the router is querying another device for the IP address information because it doesn't know

54
00:05:59,940 --> 00:06:01,080
it locally.

55
00:06:01,080 --> 00:06:03,230
So that's the whole idea with DNS.

56
00:06:03,240 --> 00:06:10,890
If the local DNS server doesn't know the answer it forwards that query to a more authoritative DNS server.

57
00:06:10,890 --> 00:06:17,160
And in this case we're getting both the IP version for IP address as well as the IP version 6 IP address

58
00:06:17,460 --> 00:06:20,040
because I used n s lookup.

59
00:06:20,040 --> 00:06:25,800
Now you need to make sure that the DNS server that you querying is giving you good information.

60
00:06:25,800 --> 00:06:33,870
As an example on this broader I could create a hostname for Cisco dot com and simply pointed to another

61
00:06:33,870 --> 00:06:34,460
IP address.

62
00:06:34,470 --> 00:06:46,830
Let's say the local router on the P.C. I'll flush the DNS cache so flush DNS and then I'll ping Cisco

63
00:06:46,830 --> 00:06:48,330
dot com.

64
00:06:48,330 --> 00:06:52,440
Notice the IP address resolved is 10 1 1 2 5 4.

65
00:06:52,440 --> 00:06:55,500
It's not to the actual IP address of Cisco

66
00:06:58,850 --> 00:07:04,230
so if your DNS entries are manipulated or you connecting to a false DNS server you could end up going

67
00:07:04,230 --> 00:07:07,090
to the incorrect server.

68
00:07:07,170 --> 00:07:11,820
You may think you're going to Cisco dot com or another domain but actually you're being redirected somewhere

69
00:07:11,820 --> 00:07:12,590
else.

70
00:07:12,690 --> 00:07:20,220
So hackers will often target the DNS servers have rogue DNS servers which allow them to push your traffic

71
00:07:20,250 --> 00:07:21,660
where they want to.

72
00:07:21,690 --> 00:07:27,780
Again fortunately because of certificates preloaded on browsers today you may be warned if you go to

73
00:07:27,780 --> 00:07:34,040
the wrong server typically you're not going to use your Cisco writer as a DNS server.

74
00:07:34,160 --> 00:07:40,370
You might use it for DNS requests onto a DNS server on the Internet but you wouldn't want to configure

75
00:07:40,370 --> 00:07:43,400
your local broader as the DNS server.

76
00:07:43,400 --> 00:07:51,110
You may in some cases but typically not what you typically want to use is a linux server to be the DNS

77
00:07:51,110 --> 00:07:51,620
server.

78
00:07:52,460 --> 00:07:59,490
So in this example I'm going to show you how to setup a DNS server on a boon to computer.

79
00:07:59,510 --> 00:08:01,970
Now this is a boon to desktop.

80
00:08:01,970 --> 00:08:05,330
Typically you'd run this on a server rather than a desktop.

81
00:08:05,330 --> 00:08:07,590
But the same principle applies.

82
00:08:07,640 --> 00:08:12,550
So I have config shows us the IP address of the server.

83
00:08:12,650 --> 00:08:17,280
Can we ping Google dot com.

84
00:08:17,350 --> 00:08:18,070
Yes we can.

85
00:08:18,070 --> 00:08:25,740
So we getting a resolution of that domain now to set up this boon to P.C. as a DNS server.

86
00:08:25,740 --> 00:08:33,150
I need to disable system D resolved because there's a conflict on Port 53.

87
00:08:33,180 --> 00:08:36,560
You cannot have two services listening on Port 53.

88
00:08:36,570 --> 00:08:38,050
I want to set up DNS mosque.

89
00:08:38,080 --> 00:08:47,730
So I want to disable this process so that DNS mosque can listen on that port number

90
00:08:50,750 --> 00:08:54,920
so I'm going to disable system D result and then I'm going to stop it.

91
00:08:58,030 --> 00:09:05,130
I'll put all these commands below this video if you want to access this yourself and see the commands.

92
00:09:05,200 --> 00:09:12,340
Next thing I'm going to do is edit I'm just going to use nano for that to keep it simple resolve dot

93
00:09:12,340 --> 00:09:12,860
com.

94
00:09:15,430 --> 00:09:17,950
Name Service set to this at the moment.

95
00:09:18,250 --> 00:09:21,460
I'm gonna set the name server to Google

96
00:09:27,440 --> 00:09:32,030
and then I'm going to do sudo apt update to update references.

97
00:09:32,030 --> 00:09:38,330
It might be a bit slow here because I'm going through the genius 3 network going through Cisco devices

98
00:09:38,330 --> 00:09:42,880
like this in Janus 3 is very slow so speed the video up if necessary

99
00:09:47,840 --> 00:09:49,700
OK so the references have been updated.

100
00:09:49,700 --> 00:09:53,360
So what I'm going to do is install DNS mosque

101
00:09:59,230 --> 00:10:01,720
and that's now been installed.

102
00:10:01,780 --> 00:10:03,970
Now my Mac is going crazy.

103
00:10:03,970 --> 00:10:09,700
There seems to be an issue with VMware Fusion and a Mac where the use starts acting like mad.

104
00:10:09,700 --> 00:10:14,800
So I'm sorry if there's a lot of background noise but hopefully you can hear what I'm saying now to

105
00:10:14,800 --> 00:10:20,070
edit DNS mask it's not that difficult.

106
00:10:20,450 --> 00:10:27,150
I'm going to edit it see Dennis mosque conf now quite a few options that you can change here but I'm

107
00:10:27,150 --> 00:10:29,430
just going to change some of the basics.

108
00:10:29,730 --> 00:10:32,940
Set the port to 53 that is the default

109
00:10:37,920 --> 00:10:41,370
for housekeeping and to be a better net citizen.

110
00:10:41,370 --> 00:10:46,780
I'm going to uncommon domain needed and bogus prove.

111
00:10:46,800 --> 00:10:54,330
So we'll never forward plain domain names onto the Internet and non readable address space and then

112
00:10:54,450 --> 00:11:04,630
essentially all I need to do is uncommon at this because I don't want to use Etsy resolve I'm going

113
00:11:04,630 --> 00:11:08,050
to put domain names directly here.

114
00:11:08,050 --> 00:11:18,760
So what I could do is simply add domain names like all one dot home dot com and the IP address and whatever

115
00:11:18,880 --> 00:11:21,500
other domain names I want to enter.

116
00:11:21,520 --> 00:11:29,590
So let's say my broader whom dot com same IP address and then all I need to do is save that file and

117
00:11:29,590 --> 00:11:31,660
then restart the service.

118
00:11:31,660 --> 00:11:37,570
So sudo sys CTO restart DNS mosque

119
00:11:40,640 --> 00:11:42,320
I can look at the status if I want to

120
00:11:45,220 --> 00:11:50,960
can see that this lightweight DHEA P and caching DNS server is running.

121
00:11:51,490 --> 00:11:59,320
So now on my windows P.C. to prove the point let's configure the DNS server to do your boon to P.C.

122
00:12:07,520 --> 00:12:20,120
so I'm gonna set the DNS server here to 200 which is my boon to P.C. click Okay so let's flush the DNS

123
00:12:21,500 --> 00:12:22,760
DNS that's been flushed.

124
00:12:22,760 --> 00:12:24,500
Do that again.

125
00:12:24,500 --> 00:12:27,980
So can I ping R one dot home dot com.

126
00:12:28,610 --> 00:12:33,640
Yes I can because that's been resolved by the ubuntu server.

127
00:12:33,760 --> 00:12:37,010
That was quite a long video but hopefully you've learned something.

128
00:12:37,010 --> 00:12:42,120
I've shown you how to capture DNS queries and responses using Y shock.

129
00:12:42,230 --> 00:12:44,870
I showed you the source and destination port numbers.

130
00:12:44,870 --> 00:12:50,510
I showed you how you can configure a Cisco router as a DNS server and how to configure and a boon to

131
00:12:50,540 --> 00:12:52,340
P.S. as the DNS server.

132
00:12:52,670 --> 00:12:57,010
And then we tested the queries and made sure that it worked properly.

133
00:12:57,020 --> 00:12:59,480
I'm David Bumble and I want to wish you all the very best.