1
00:00:03,220 --> 00:00:10,210
Now, on this Windows computer, I'm going to change the DNS server to the Cisco router.

2
00:00:13,700 --> 00:00:16,670
So go to the Ethernet settings.

3
00:00:18,840 --> 00:00:29,070
Rather than using Google as the DNS server and CloudFlare, I'm only going to specify my local router

4
00:00:29,400 --> 00:00:30,630
as the DNS server.

5
00:00:31,730 --> 00:00:37,640
Now, in this example, I've configured the router to accept a DNS queries and answer them, and if

6
00:00:37,640 --> 00:00:40,490
it doesn't know the answer to forward it to Google.

7
00:00:41,430 --> 00:00:46,810
This is once again a Cisco it, but to your home router probably does something very, very similar.

8
00:00:47,490 --> 00:00:53,280
So if I type show run pipe include, which basically allows me to look for a command and search for

9
00:00:53,280 --> 00:01:00,150
DNS you can see that I've enabled IP DNS server so the router will act like a DNS server.

10
00:01:00,960 --> 00:01:08,470
Show IP Route shows us that it has a default route to a router physically in my local network.

11
00:01:08,490 --> 00:01:13,200
That's another Cisco router that actually physically connects me out onto the Internet.

12
00:01:14,490 --> 00:01:17,970
This device can ping google.com.

13
00:01:18,390 --> 00:01:20,430
So if I type show

14
00:01:20,430 --> 00:01:22,260
run type include name.

15
00:01:24,470 --> 00:01:32,150
Typically, I would have IP name server, something like this, but it actually got to that because

16
00:01:32,660 --> 00:01:40,010
the outside interface, in other words, the interface connecting this device to the Internet is using

17
00:01:40,010 --> 00:01:40,970
DHCP.

18
00:01:41,760 --> 00:01:48,310
So through DHCP, it learnt the default gateway it also learnt the DNS server information.

19
00:01:48,740 --> 00:01:52,070
So once again, it could ping DavidBombal.com as an example.

20
00:01:52,790 --> 00:02:03,380
Now the PC won't be able to ping r1.home.com as an example because the router isn't

21
00:02:03,380 --> 00:02:07,160
configured with that information. On the Cisco router

22
00:02:07,880 --> 00:02:12,380
If I try and ping r1.home.com

23
00:02:12,680 --> 00:02:18,500
that's not going to work because it doesn't know about that domain notice

24
00:02:18,500 --> 00:02:23,810
it's actually trying to get to the Internet router to try and find out what that domain is

25
00:02:24,620 --> 00:02:34,970
but if I type IP host and specify a hostname like r1.home.com and then specify an IP address

26
00:02:35,930 --> 00:02:43,250
of, let's say, 10.1.1.254 the local router, this router will be able to ping itself.

27
00:02:43,760 --> 00:02:50,780
It's done a name resolution locally and the PC will also be able to ping that domain.

28
00:02:52,020 --> 00:03:03,450
I'm going to flush the DNS cache so it doesn't have any cached entries locally and then in gns3

29
00:03:03,450 --> 00:03:05,820
I'll run a Wireshark capture here

30
00:03:07,440 --> 00:03:10,800
and what will filter for is DNS.

31
00:03:12,040 --> 00:03:17,860
So basically, we'll see a DNS request from the PC going to the router and the router replying if

32
00:03:17,860 --> 00:03:29,770
it does a DNS request. So ping R1.home.com that works in Wireshark, we can see the DNS request

33
00:03:30,010 --> 00:03:34,450
from another random or ephemeral port going to Port 53

34
00:03:34,690 --> 00:03:45,190
but the DNS Service 10.1.1.254, which is the local router, it's asking for the IP address

35
00:03:45,190 --> 00:03:55,060
of this domain name and the route replying back, saying the IP address of that domain name is 10.1

36
00:03:55,060 --> 00:03:56,250
.1.254.

37
00:03:56,710 --> 00:04:00,100
So standard query for an A record because this is IPv4

38
00:04:00,430 --> 00:04:03,230
but in this case, the query went to the router.

39
00:04:04,030 --> 00:04:09,730
Now the routers gonna forward on DNS queries that it doesn't know the answer to, and we can prove

40
00:04:09,730 --> 00:04:14,620
that by running a Wireshark capture between the router and the internet

41
00:04:14,620 --> 00:04:15,780
so on this link.

42
00:04:16,690 --> 00:04:22,300
So we're seeing a whole bunch of traffic because that is bridged to my physical network.

43
00:04:22,870 --> 00:04:31,320
But once again, what I'll do here is filter for DNS can see some other DNS queries already taking place.

44
00:04:32,450 --> 00:04:39,650
On the Windows PC I'll ping davidbombal.com once again, you don't have to use ping you

45
00:04:39,650 --> 00:04:42,070
could use nslookup, so let me show you that as well

46
00:04:42,350 --> 00:04:48,710
but notice it did get resolved and it looks like it didn't get forwarded.

47
00:04:51,780 --> 00:05:00,420
So let's do an nslookup for a different domain, let's say Cisco.com resolution is this IP

48
00:05:00,420 --> 00:05:00,810
address.

49
00:05:02,730 --> 00:05:11,660
So notice, there we go, we've done an nslookup notice in this case, it's a DNS query for both

50
00:05:11,670 --> 00:05:13,390
the IPv4 address.

51
00:05:13,440 --> 00:05:16,710
So we've got a query for the A record cisco.com

52
00:05:17,460 --> 00:05:23,280
and then we've also got a query for the IPv6 IP address.

53
00:05:23,940 --> 00:05:31,800
So in this case, the reply came back saying this is the IP address of cisco IPv4 and this

54
00:05:31,800 --> 00:05:34,830
is the IPv6 address

55
00:05:35,550 --> 00:05:41,340
and we can see that here, IPv6 and IPv4. In our Wireshark capture

56
00:05:42,240 --> 00:05:48,570
notice that the source IP address is192.168.167, which is actually the router.

57
00:05:48,580 --> 00:05:52,850
show IP interface brief shows us that that is the IP address of the router.

58
00:05:53,160 --> 00:06:00,570
So the router is querying another device for the IP address information because it doesn't know it locally.

59
00:06:01,000 --> 00:06:03,230
So that's the whole idea with DNS.

60
00:06:03,240 --> 00:06:09,390
If the local DNS server doesn't know the answer, it forwards that query to a more authoritative DNS

61
00:06:09,390 --> 00:06:09,840
server.

62
00:06:10,770 --> 00:06:16,800
And in this case, we're getting both the IPv4 IP address as well as the IPv6 IP

63
00:06:16,800 --> 00:06:19,350
address because I used nslookup.

64
00:06:20,070 --> 00:06:25,320
Now you need to make sure that the DNS server that you queering is giving you good information.

65
00:06:25,710 --> 00:06:33,870
As an example, on this router, I could create a hostname for cisco.com and simply pointed to another

66
00:06:33,870 --> 00:06:38,760
IP address, let's say the local router. On the PC

67
00:06:38,970 --> 00:06:47,420
I'll flush the DNS cache, so flush DNS and then I'll ping cisco.com.

68
00:06:48,270 --> 00:06:52,200
Notice the IP address resolved is 10.1.1.254

69
00:06:52,350 --> 00:06:55,530
it's not to the actual IP address of cisco.

70
00:06:58,800 --> 00:07:04,260
So if your DNS entries are manipulated or you're  connecting to a false DNS server, you could end up going

71
00:07:04,260 --> 00:07:06,460
to the incorrect server.

72
00:07:07,140 --> 00:07:11,550
You may think you're going to cisco.com or another domain, but actually you're being redirected

73
00:07:11,550 --> 00:07:12,120
somewhere else.

74
00:07:12,660 --> 00:07:20,250
So hackers will often target DNS servers, have rogue DNS servers which allow them to push your traffic

75
00:07:20,250 --> 00:07:21,000
where they want to.

76
00:07:21,570 --> 00:07:27,270
Again, fortunately, because of Certificate's preloaded on browsers today, you may be warned if you

77
00:07:27,270 --> 00:07:28,980
go to the wrong server.

78
00:07:30,220 --> 00:07:36,490
Typically, you're not going to use your cisco.com as a DNS server you might use it to for DNS requests

79
00:07:36,490 --> 00:07:42,810
onto a DNS serve on the Internet, but you wouldn't want to configure your local router as the DNS server.

80
00:07:43,360 --> 00:07:45,460
You may in some cases, but typically not.

81
00:07:45,730 --> 00:07:51,640
What you typically want to use is a Linux server to be the DNS server.

82
00:07:52,390 --> 00:07:58,750
So in this example, I'm going to show you how to set up a DNS server on a ubuntu computer.

83
00:07:59,410 --> 00:08:01,420
Now, this is a ubuntu desktop.

84
00:08:01,960 --> 00:08:06,810
So IF config shows us the IP address of the server, can we ping google.com?

85
00:08:07,570 --> 00:08:15,580
So IF config shows us the IP address of the server, can we ping google.com?

86
00:08:17,290 --> 00:08:21,160
Yes, we can, so we're getting a resolution of that domain.

87
00:08:22,470 --> 00:08:30,990
Now to set up this Ubuntu PC as a DNS server, I need to disable System D resolved because there's

88
00:08:30,990 --> 00:08:32,640
a conflict on Port 53.

89
00:08:33,090 --> 00:08:38,070
You cannot have two services listening on Port 53, I want to set up dnsmasq

90
00:08:38,070 --> 00:08:47,340
So I want to disable this process so that dnsmasq can listen on that port

91
00:08:47,340 --> 00:08:47,760
number.

92
00:08:50,670 --> 00:08:54,660
So I'm going to disable system D resolved and then I'm going to stop it.

93
00:08:57,900 --> 00:09:04,430
I'll put all these commands below this video if you want to access this yourself and see the commands.

94
00:09:05,130 --> 00:09:07,220
Next thing I'm going to do is edit.

95
00:09:07,650 --> 00:09:11,370
I'm just going to use nano for that to keep it simple resolve.conf

96
00:09:15,340 --> 00:09:21,430
name service set to this at the moment. I'm going to set the name server to Google

97
00:09:27,290 --> 00:09:33,470
and then I'm going to do sudo apt update to update references, it might be a bit slow here because

98
00:09:33,470 --> 00:09:40,170
I'm going through the gns3 network, going through Cisco devices like this in gns3s very slow,

99
00:09:40,450 --> 00:09:42,860
so I'll speed the video up if necessary.

100
00:09:47,760 --> 00:09:53,370
OK, so the references have been updated, so what I'm going to do is install dnsmasq

101
00:09:59,110 --> 00:10:06,520
And that's now being installed now my Mac is going crazy, there seems to be an issue with VMware Fusion

102
00:10:06,520 --> 00:10:09,370
and a Mac where the CPU starts acting like mad.

103
00:10:09,640 --> 00:10:14,830
So I'm sorry if there's a lot of background noise, but hopefully you can hear what I'm saying. Now to

104
00:10:14,830 --> 00:10:16,060
edit dnsmasq

105
00:10:16,060 --> 00:10:17,260
It's not that difficult.

106
00:10:20,340 --> 00:10:23,700
I'm going to edit etc/dnsmasq.conf.

107
00:10:24,780 --> 00:10:28,980
Now, quite a few options that you can change here, but I'm just going to change some of the basics.

108
00:10:29,670 --> 00:10:31,260
Set the port to 53

109
00:10:31,260 --> 00:10:32,940
that is the default.

110
00:10:37,890 --> 00:10:45,300
For housekeeping and to be a better net citizen, I'm going to uncomment domain needed and bogus

111
00:10:45,430 --> 00:10:53,010
priv. So we'll never forward plain domain names onto the Internet and non-routable address space.

112
00:10:53,850 --> 00:10:56,280
And then essentially all I need to do

113
00:10:58,390 --> 00:11:06,760
is uncomment this because I don't want to use etc resolve, I'm going to put domain names directly

114
00:11:06,760 --> 00:11:07,220
here.

115
00:11:07,990 --> 00:11:18,790
So what I could do is simply add domain names like r1.home.com and the IP address and whatever

116
00:11:18,790 --> 00:11:20,870
other domain names I want to enter.

117
00:11:21,460 --> 00:11:29,620
So let's say myrouter.home.com, same IP address and then all I need to do is save that file and

118
00:11:29,620 --> 00:11:31,360
then restart the service.

119
00:11:31,570 --> 00:11:37,600
So sudo systemctl restart dnsmasq.

120
00:11:40,490 --> 00:11:42,300
I can look at the status if I want to.

121
00:11:45,160 --> 00:11:53,350
Can see that this lightweight dhcp and caching DNS server is running, so now on my Windows PC, to prove the

122
00:11:53,350 --> 00:11:59,290
point, lets configure the DNS server to the ubuntu PC.

123
00:12:07,460 --> 00:12:19,370
So I'm going to set the DNS server here to 200, which is my Ubuntu PC and click, OK, so let's flush

124
00:12:19,370 --> 00:12:20,120
the DNS.

125
00:12:21,440 --> 00:12:27,950
DNS has been flushed do that again, so can I ping r1.home.com?

126
00:12:28,550 --> 00:12:32,750
Yes, I can, because that's been resolved by the Ubuntu server.

127
00:12:33,620 --> 00:12:36,680
Now, that was quite a long video, but hopefully you've learned something.

128
00:12:36,890 --> 00:12:41,870
I've shown you how to capture DNS queries and responses using Wireshark.

129
00:12:42,110 --> 00:12:44,300
I showed you the source and destination port numbers.

130
00:12:44,750 --> 00:12:50,540
I showed you how you can configure a Cisco router as a DNS server and how to configure and a n ubuntu

131
00:12:50,540 --> 00:12:52,360
PC as a DNS server

132
00:12:52,580 --> 00:12:56,250
And then we tested the queries and made sure that it worked properly.

133
00:12:56,930 --> 00:12:59,480
I'm David Bumble and I want to wish you all the very best.