Overview
DNS cache poisoning to redirect a site to alternate address using dnscache and tinydns
Requirements
Configuration
Step 1
Install tinydns and dnscache, click on below links for help
Step 2
Add the site you want to direct to dnscache as below, so that it will look up the IP inside
root@serv:~# echo “192.168.1.2” > /etc/dnscache/root/servers/exampledomain.com
Step 3
Make records for the domain on tinydns to redirect it to the desired address ( here i’m pointing it to 192.168.1.2 itself )
root@serv:~# cd /etc/tinydns/root/
root@serv:~# add-ns ns1.exampledomain.com 192.168.1.2
root@serv:~# add-host exampledomain.com 192.168.1.2
root@serv:~# make
Step 3
Kill and restart the services and bring the changes into effect
root@serv:~# svc -t /service/*
With this the machines that are using 192.168.1.2 as dns server will get pointed to the IP 192.168.1.2 when accessing exampledomain.com
Overview
Installing tinydns server and setting up a domain on it .
Requirements
Installation
ucspi-tcp is a public domain Unix TCP command-line tool it must be installed for running tinydns. Daemontools must be installed for monitoring and supervising tinydns.
Step 1
Install ucspi–tcp and daemontools
root@serv:~# yum install make gcc
root@serv:~# cd /usr/src
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/ucspi-tcp-0.88.errno.patch
root@serv:~# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
root@serv:~# tar -vxzf ucspi-tcp-0.88.tar.gz
root@serv:~# cd ucspi-tcp-0.88
root@serv:~# echo “gcc -O2 -include /usr/include/errno.h” > conf-cc
root@serv:~# patch -p1 < /usr/src/ucspi-tcp-0.88.errno.patch
root@serv:~# make
root@serv:~# make install
root@serv:~# mkdir -p /package
root@serv:~# chmod 1755 /package
root@serv:~# cd /package
root@serv:~# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
root@serv:~# tar -zxvf daemontools-0.76.tar.gz
root@serv:~# rm daemontools-0.76.tar.gz
root@serv:~# cd admin/daemontools-0.76
root@serv:~# patch -p1 < /usr/src/daemontools-0.76.errno.patch
root@serv:~# package/install
Step 2
Install djbdns package
root@serv:~# cd /usr/src/
root@serv:~# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
root@serv:~# tar -xf djbdns-1.05.tar.gz
root@serv:~# cd djbdns-1.05
root@serv:~# echo gcc -O2 -include /usr/include/errno.h > conf-cc
root@serv:~# make
root@serv:~# make setup check
Configuration
Configure tinydns to listen on IP 192.168.1.2
root@serv:~# useradd dnslog
root@serv:~# useradd tinydns
root@serv:~# tinydns-conf tinydns dnslog /etc/tinydns 192.168.1.2
Add a domain to tinydns
root@serv:~# cd /etc/tinydns/root/
root@serv:~# add-ns ns1.exampledomain.com 192.168.1.2
root@serv:~# add-host exampledomain.com 192.168.1.2
root@serv:~# make
Add it to svscan to keep the service under monitoring
root@serv:~# ln -s /etc/tinydns /service/tinydns
root@serv:~# svc -d /service/tinydns
root@serv:~# svc -u /service/tinydns
Main Log file
/service/tinydns/log/main/current
Overview
A howto on building a DNS caching and Resolving server with dnscache. This server will resolve and cache DNS requests from root servers for other networks/machines.
Scenario : For example all machines of network 10.20.x.x will be using this server with IP 192.168.2.1 for DNS resolution.
Requirements
Installation
daemontools must be installed for monitoring and supervising dnscache
Step 1
Install daemontools
root@serv:~# yum install make gcc
root@serv:~# cd /usr/src
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
root@serv:~# mkdir -p /package
root@serv:~# chmod 1755 /package
root@serv:~# cd /package
root@serv:~# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
root@serv:~# tar -zxvf daemontools-0.76.tar.gz
root@serv:~# rm daemontools-0.76.tar.gz
root@serv:~# cd admin/daemontools-0.76
root@serv:~# patch -p1 < /usr/src/daemontools-0.76.errno.patch
root@serv:~# package/install
Step 2
Install djbdns package
root@serv:~# cd /usr/src/
root@serv:~# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
root@serv:~# tar -xf djbdns-1.05.tar.gz
root@serv:~# cd djbdns-1.05
root@serv:~# echo gcc -O2 -include /usr/include/errno.h > conf-cc
root@serv:~# make
root@serv:~# make setup check
Configuration
You need to configure dnscache to listen to the IP configured on your server so that external machines can use it as resolver IP
root@serv:~# useradd dnslog
root@serv:~# useradd dnscache
root@serv:~# dnscache-conf dnscache dnslog /etc/dnscache 192.168.2.1
Add it to svscan to keep the service under monitoring
root@serv:~# ln -s /etc/dnscache /service/dnscache
root@serv:~# svc -d /service/dnscache
root@serv:~# svc -u /service/dnscache
Authorize the external network that want to use the server as a DNS resolver ( as an example 10.20.x.x )
root@serv:~# touch /etc/dnscache/root/ip/10.20
Client Configuration
You will be able to use the IP 192.168.2.1 as DNS nameserver on all machine of network 10.20.x.x
Log file
/service/dnscache/log/main/current