Overview

DNS cache poisoning to redirect a site to alternate address using dnscache and tinydns

Requirements

• Centos ( or any other Unix/Linux ) Server running dnscache and tinydns
• Atleast 1 configured IP address on which dnscache/tinydns is running :: Let it be 192.168.1.2
• A domain that we want to redirect :: Let it be exampledomain.com

Configuration

Step 1

Install tinydns and dnscache, click on below links for help

• Tinydns
• Dnscache

Step 2

Add the site you want to direct to dnscache as below, so that it will look up the IP inside

root@serv:~# echo “192.168.1.2” > /etc/dnscache/root/servers/exampledomain.com

Step 3

Make records for the domain on tinydns to redirect it to the desired address ( here i’m pointing it to 192.168.1.2 itself )

root@serv:~# cd /etc/tinydns/root/
root@serv:~# add-ns ns1.exampledomain.com 192.168.1.2
root@serv:~# add-host exampledomain.com 192.168.1.2
root@serv:~# make

Step 3

Kill and restart the services and bring the changes into effect

root@serv:~# svc -t /service/*

With this the machines that are using 192.168.1.2 as dns server will get pointed to the IP 192.168.1.2 when accessing exampledomain.com

Overview

Installing tinydns server and setting up a domain on it .

Requirements

• Centos server ( any other Linux/Unix distro can be used )
• Atleast 1 configured IP address :: Let it be 192.168.1.2
• A domain :: Let it be exampledomain.com

Installation

ucspi-tcp is a public domain Unix TCP command-line tool it must be installed for running tinydns. Daemontools must be installed for monitoring and supervising tinydns.

Step 1

Install ucspi–tcp and daemontools

root@serv:~# yum install make gcc

root@serv:~# cd /usr/src
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/ucspi-tcp-0.88.errno.patch

root@serv:~# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
root@serv:~# tar -vxzf ucspi-tcp-0.88.tar.gz
root@serv:~# cd ucspi-tcp-0.88
root@serv:~# echo “gcc -O2 -include /usr/include/errno.h” > conf-cc
root@serv:~# patch -p1 < /usr/src/ucspi-tcp-0.88.errno.patch
root@serv:~# make
root@serv:~# make install

root@serv:~# mkdir -p /package
root@serv:~# chmod 1755 /package
root@serv:~# cd /package
root@serv:~# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
root@serv:~# tar -zxvf daemontools-0.76.tar.gz
root@serv:~# rm daemontools-0.76.tar.gz
root@serv:~# cd admin/daemontools-0.76
root@serv:~# patch -p1 < /usr/src/daemontools-0.76.errno.patch
root@serv:~# package/install

Step 2

Install djbdns package

root@serv:~# cd /usr/src/
root@serv:~# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
root@serv:~# tar -xf djbdns-1.05.tar.gz
root@serv:~# cd djbdns-1.05
root@serv:~# echo gcc -O2 -include /usr/include/errno.h > conf-cc
root@serv:~# make
root@serv:~# make setup check

Configuration

Configure tinydns to listen on IP 192.168.1.2

root@serv:~# useradd dnslog
root@serv:~# useradd tinydns
root@serv:~# tinydns-conf tinydns dnslog /etc/tinydns 192.168.1.2

Add a domain to tinydns

root@serv:~# cd /etc/tinydns/root/
root@serv:~# add-ns ns1.exampledomain.com 192.168.1.2
root@serv:~# add-host exampledomain.com 192.168.1.2
root@serv:~# make

Add it to svscan to keep the service under monitoring

root@serv:~# ln -s /etc/tinydns /service/tinydns
root@serv:~# svc -d /service/tinydns
root@serv:~# svc -u /service/tinydns

Main Log file

/service/tinydns/log/main/current