Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,300 --> 00:00:10,170 Now on this Windows computer I'm going to change the DNS server to the Cisco Rhoda 2 00:00:13,760 --> 00:00:25,230 so go to the Ethernet settings rather than using Google as the DNS server and CloudFlare. 3 00:00:25,230 --> 00:00:32,660 I'm only going to specify my local reporter as the DNS server now in this example. 4 00:00:32,660 --> 00:00:37,410 I've configured the right to accept a DNS queries and answer them. 5 00:00:37,430 --> 00:00:43,710 And if it doesn't know the answer to forward it to Google this is once again a Cisco broader. 6 00:00:43,890 --> 00:00:47,440 But to your home right it probably does something very very similar. 7 00:00:47,490 --> 00:00:53,280 So if I type show run piping collude which basically allows me to look for a command and search for 8 00:00:53,280 --> 00:01:01,920 DNS you can see that I've enabled IP DNS server so the writer will act like a DNS server show IP right 9 00:01:01,980 --> 00:01:09,390 shows us that it has a default or brought to a router physically in my local network that say another 10 00:01:09,390 --> 00:01:14,430 Cisco rider that actually physically connects me out onto the Internet. 11 00:01:14,430 --> 00:01:18,240 This device can ping Google dot com. 12 00:01:18,450 --> 00:01:30,230 So if I type show run pipe include name typically I would have IP Name Server something like this but 13 00:01:30,230 --> 00:01:34,280 it actually got to that because the outside interface. 14 00:01:34,280 --> 00:01:43,490 In other words the interface connecting this device to the Internet is using DHEA P so through DHEA 15 00:01:43,510 --> 00:01:48,800 P It learnt the default gateway it also learned to the DNS server information. 16 00:01:48,800 --> 00:01:52,840 So once again it could paying David Bumble dot com as an example. 17 00:01:52,850 --> 00:02:03,350 Now the P.C. won't be able to ping right of one dot whom dot com as an example because the broader isn't 18 00:02:03,350 --> 00:02:13,130 configured with that information on the Cisco router if I try and ping rather one dot home dot com that's 19 00:02:13,130 --> 00:02:18,080 not going to work because it doesn't know about that domain. 20 00:02:18,200 --> 00:02:21,070 Notice it's actually trying to get to the Internet right. 21 00:02:21,080 --> 00:02:24,340 To try and find out what did that domain is. 22 00:02:24,650 --> 00:02:35,000 But if I type IP host and specify a hostname like Rod or one home dot com and then specify an IP address 23 00:02:36,020 --> 00:02:43,250 of let's say 10 dot wonder wonder to fly for the local writer this writer will be able to ping itself 24 00:02:43,850 --> 00:02:53,150 it's done a name resolution locally and the P.C. will also be able to ping that domain I'm gonna flush 25 00:02:53,180 --> 00:03:05,270 the DNS cache so it doesn't have any cached entries locally and then ingenious 3 all run a y short capture 26 00:03:05,270 --> 00:03:15,820 here and what we'll filter for is DNS so basically we'll see a DNS request from the P.C. going to the 27 00:03:15,820 --> 00:03:26,740 right and the broader replying if it does a DNS request so ping are one whom dot com that works in why 28 00:03:26,740 --> 00:03:35,680 a shark we can see the DNS request from another random or ephemeral port going to Port 53 but the DNS 29 00:03:35,680 --> 00:03:46,420 server is 10 1 1 2 5 4 which is the local router it's asking for the IP address of this domain name 30 00:03:47,020 --> 00:03:57,310 and the rowdies replying back saying the IP address of that domain name is 10 1 1 2 5 4 so standard 31 00:03:57,310 --> 00:04:04,270 query for an A record because this is IP version 4 but in this case the query went to the broader now 32 00:04:04,270 --> 00:04:09,880 the road is going to forward on DNS queries that it doesn't know the answer to and we can prove that 33 00:04:09,880 --> 00:04:14,620 by running a y shock capture between the broader and the Internet. 34 00:04:14,650 --> 00:04:15,810 So on this link. 35 00:04:16,750 --> 00:04:22,640 So we're seeing a whole bunch of traffic because that is bridge to my physical network. 36 00:04:22,930 --> 00:04:30,910 But once again what I'll do here is filter for DNS can see some other DNS queries are really taking 37 00:04:30,910 --> 00:04:31,620 place. 38 00:04:32,540 --> 00:04:38,480 On the windows P.C. I'll ping David Bumble dot com once again. 39 00:04:38,480 --> 00:04:40,880 You don't have to use ping you could use an as lookup. 40 00:04:40,880 --> 00:04:42,380 So let me show you that as well. 41 00:04:42,380 --> 00:04:48,710 But notice it did get resolved and it looks like it didn't get forwarded 42 00:04:51,870 --> 00:04:55,790 so let's do an honest look up for a different domain. 43 00:04:55,800 --> 00:05:03,420 Let's say Cisco dot com resolution is this IP address so notice. 44 00:05:03,420 --> 00:05:04,590 There we go. 45 00:05:04,620 --> 00:05:08,220 We've done an NSA lookup notice in this case. 46 00:05:08,430 --> 00:05:13,480 It's a DNS query for both the IP version for address. 47 00:05:13,500 --> 00:05:21,390 So we've got a query for the a record Cisco dot com and then we've also got a query for the IP version 48 00:05:21,390 --> 00:05:23,960 6 IP address. 49 00:05:24,000 --> 00:05:31,980 So in this case the reply came back saying this is the IP address of Cisco IP version 4 and this is 50 00:05:31,980 --> 00:05:36,960 the IP version 6 address and we can see that here. 51 00:05:36,960 --> 00:05:45,450 IP version 6 an IP version 4 in our y shock capture notice that the source IP addresses 1 9 2 1 6 8 52 00:05:45,450 --> 00:05:52,380 1 67 which is actually the road show IP interface brief shows us that that is the IP address of the 53 00:05:52,380 --> 00:05:59,920 router so the router is querying another device for the IP address information because it doesn't know 54 00:05:59,940 --> 00:06:01,080 it locally. 55 00:06:01,080 --> 00:06:03,230 So that's the whole idea with DNS. 56 00:06:03,240 --> 00:06:10,890 If the local DNS server doesn't know the answer it forwards that query to a more authoritative DNS server. 57 00:06:10,890 --> 00:06:17,160 And in this case we're getting both the IP version for IP address as well as the IP version 6 IP address 58 00:06:17,460 --> 00:06:20,040 because I used n s lookup. 59 00:06:20,040 --> 00:06:25,800 Now you need to make sure that the DNS server that you querying is giving you good information. 60 00:06:25,800 --> 00:06:33,870 As an example on this broader I could create a hostname for Cisco dot com and simply pointed to another 61 00:06:33,870 --> 00:06:34,460 IP address. 62 00:06:34,470 --> 00:06:46,830 Let's say the local router on the P.C. I'll flush the DNS cache so flush DNS and then I'll ping Cisco 63 00:06:46,830 --> 00:06:48,330 dot com. 64 00:06:48,330 --> 00:06:52,440 Notice the IP address resolved is 10 1 1 2 5 4. 65 00:06:52,440 --> 00:06:55,500 It's not to the actual IP address of Cisco 66 00:06:58,850 --> 00:07:04,230 so if your DNS entries are manipulated or you connecting to a false DNS server you could end up going 67 00:07:04,230 --> 00:07:07,090 to the incorrect server. 68 00:07:07,170 --> 00:07:11,820 You may think you're going to Cisco dot com or another domain but actually you're being redirected somewhere 69 00:07:11,820 --> 00:07:12,590 else. 70 00:07:12,690 --> 00:07:20,220 So hackers will often target the DNS servers have rogue DNS servers which allow them to push your traffic 71 00:07:20,250 --> 00:07:21,660 where they want to. 72 00:07:21,690 --> 00:07:27,780 Again fortunately because of certificates preloaded on browsers today you may be warned if you go to 73 00:07:27,780 --> 00:07:34,040 the wrong server typically you're not going to use your Cisco writer as a DNS server. 74 00:07:34,160 --> 00:07:40,370 You might use it for DNS requests onto a DNS server on the Internet but you wouldn't want to configure 75 00:07:40,370 --> 00:07:43,400 your local broader as the DNS server. 76 00:07:43,400 --> 00:07:51,110 You may in some cases but typically not what you typically want to use is a linux server to be the DNS 77 00:07:51,110 --> 00:07:51,620 server. 78 00:07:52,460 --> 00:07:59,490 So in this example I'm going to show you how to setup a DNS server on a boon to computer. 79 00:07:59,510 --> 00:08:01,970 Now this is a boon to desktop. 80 00:08:01,970 --> 00:08:05,330 Typically you'd run this on a server rather than a desktop. 81 00:08:05,330 --> 00:08:07,590 But the same principle applies. 82 00:08:07,640 --> 00:08:12,550 So I have config shows us the IP address of the server. 83 00:08:12,650 --> 00:08:17,280 Can we ping Google dot com. 84 00:08:17,350 --> 00:08:18,070 Yes we can. 85 00:08:18,070 --> 00:08:25,740 So we getting a resolution of that domain now to set up this boon to P.C. as a DNS server. 86 00:08:25,740 --> 00:08:33,150 I need to disable system D resolved because there's a conflict on Port 53. 87 00:08:33,180 --> 00:08:36,560 You cannot have two services listening on Port 53. 88 00:08:36,570 --> 00:08:38,050 I want to set up DNS mosque. 89 00:08:38,080 --> 00:08:47,730 So I want to disable this process so that DNS mosque can listen on that port number 90 00:08:50,750 --> 00:08:54,920 so I'm going to disable system D result and then I'm going to stop it. 91 00:08:58,030 --> 00:09:05,130 I'll put all these commands below this video if you want to access this yourself and see the commands. 92 00:09:05,200 --> 00:09:12,340 Next thing I'm going to do is edit I'm just going to use nano for that to keep it simple resolve dot 93 00:09:12,340 --> 00:09:12,860 com. 94 00:09:15,430 --> 00:09:17,950 Name Service set to this at the moment. 95 00:09:18,250 --> 00:09:21,460 I'm gonna set the name server to Google 96 00:09:27,440 --> 00:09:32,030 and then I'm going to do sudo apt update to update references. 97 00:09:32,030 --> 00:09:38,330 It might be a bit slow here because I'm going through the genius 3 network going through Cisco devices 98 00:09:38,330 --> 00:09:42,880 like this in Janus 3 is very slow so speed the video up if necessary 99 00:09:47,840 --> 00:09:49,700 OK so the references have been updated. 100 00:09:49,700 --> 00:09:53,360 So what I'm going to do is install DNS mosque 101 00:09:59,230 --> 00:10:01,720 and that's now been installed. 102 00:10:01,780 --> 00:10:03,970 Now my Mac is going crazy. 103 00:10:03,970 --> 00:10:09,700 There seems to be an issue with VMware Fusion and a Mac where the use starts acting like mad. 104 00:10:09,700 --> 00:10:14,800 So I'm sorry if there's a lot of background noise but hopefully you can hear what I'm saying now to 105 00:10:14,800 --> 00:10:20,070 edit DNS mask it's not that difficult. 106 00:10:20,450 --> 00:10:27,150 I'm going to edit it see Dennis mosque conf now quite a few options that you can change here but I'm 107 00:10:27,150 --> 00:10:29,430 just going to change some of the basics. 108 00:10:29,730 --> 00:10:32,940 Set the port to 53 that is the default 109 00:10:37,920 --> 00:10:41,370 for housekeeping and to be a better net citizen. 110 00:10:41,370 --> 00:10:46,780 I'm going to uncommon domain needed and bogus prove. 111 00:10:46,800 --> 00:10:54,330 So we'll never forward plain domain names onto the Internet and non readable address space and then 112 00:10:54,450 --> 00:11:04,630 essentially all I need to do is uncommon at this because I don't want to use Etsy resolve I'm going 113 00:11:04,630 --> 00:11:08,050 to put domain names directly here. 114 00:11:08,050 --> 00:11:18,760 So what I could do is simply add domain names like all one dot home dot com and the IP address and whatever 115 00:11:18,880 --> 00:11:21,500 other domain names I want to enter. 116 00:11:21,520 --> 00:11:29,590 So let's say my broader whom dot com same IP address and then all I need to do is save that file and 117 00:11:29,590 --> 00:11:31,660 then restart the service. 118 00:11:31,660 --> 00:11:37,570 So sudo sys CTO restart DNS mosque 119 00:11:40,640 --> 00:11:42,320 I can look at the status if I want to 120 00:11:45,220 --> 00:11:50,960 can see that this lightweight DHEA P and caching DNS server is running. 121 00:11:51,490 --> 00:11:59,320 So now on my windows P.C. to prove the point let's configure the DNS server to do your boon to P.C. 122 00:12:07,520 --> 00:12:20,120 so I'm gonna set the DNS server here to 200 which is my boon to P.C. click Okay so let's flush the DNS 123 00:12:21,500 --> 00:12:22,760 DNS that's been flushed. 124 00:12:22,760 --> 00:12:24,500 Do that again. 125 00:12:24,500 --> 00:12:27,980 So can I ping R one dot home dot com. 126 00:12:28,610 --> 00:12:33,640 Yes I can because that's been resolved by the ubuntu server. 127 00:12:33,760 --> 00:12:37,010 That was quite a long video but hopefully you've learned something. 128 00:12:37,010 --> 00:12:42,120 I've shown you how to capture DNS queries and responses using Y shock. 129 00:12:42,230 --> 00:12:44,870 I showed you the source and destination port numbers. 130 00:12:44,870 --> 00:12:50,510 I showed you how you can configure a Cisco router as a DNS server and how to configure and a boon to 131 00:12:50,540 --> 00:12:52,340 P.S. as the DNS server. 132 00:12:52,670 --> 00:12:57,010 And then we tested the queries and made sure that it worked properly. 133 00:12:57,020 --> 00:12:59,480 I'm David Bumble and I want to wish you all the very best. 14028