1 00:00:00,150 --> 00:00:04,180 So let's talk about this business business stands for the one name server. 2 00:00:04,740 --> 00:00:06,360 So what does the minimum server? 3 00:00:06,410 --> 00:00:09,360 This is the initial results, but when the IP address. 4 00:00:10,710 --> 00:00:11,640 So domain name. 5 00:00:12,830 --> 00:00:22,190 Some other domain name examples are guru.com, Microsoft dot com and Agil dot com, etc. So these are 6 00:00:22,580 --> 00:00:25,820 the and you can access these domain names. 7 00:00:25,820 --> 00:00:28,130 Are the websites using the browser? 8 00:00:28,130 --> 00:00:33,190 You type in the browser, Google dot com and you will get the homepage of the Google Google dot com. 9 00:00:33,920 --> 00:00:34,970 But actually. 10 00:00:36,180 --> 00:00:42,930 You need to contact the IP address of the Web server and you need to get the homepage, but we are accessing 11 00:00:42,930 --> 00:00:50,810 the domain name because you you cannot remove the IP addresses of our site. 12 00:00:50,820 --> 00:00:51,030 Right. 13 00:00:51,360 --> 00:00:58,970 You may remember one or two websites, IP address them, but you cannot remember every other IP addresses. 14 00:00:59,340 --> 00:01:08,280 So you want to what these network guys did is they have created this DNS server and this being a server 15 00:01:08,280 --> 00:01:15,180 Stoss are these domain names and that I spoke to IP addresses whenever you want Google dot com, these 16 00:01:15,180 --> 00:01:19,070 DNS server tells you the IP addresses of that guru.com observers. 17 00:01:19,380 --> 00:01:21,750 So you can just. 18 00:01:24,030 --> 00:01:29,580 Take the Google to come, and this business tells you the IP address for you, and then you get the 19 00:01:29,850 --> 00:01:31,800 Web server, I mean homepage. 20 00:01:33,070 --> 00:01:34,720 So Dina's actual phone book. 21 00:01:35,470 --> 00:01:40,440 So if you have a phone book, you can have your friend's names and you can have that phone number, 22 00:01:40,750 --> 00:01:44,230 you cannot remember the phone numbers of 100 friends are two hundred. 23 00:01:44,290 --> 00:01:50,050 And so that's what you use for phone book, contains their name to the phone number of maybe the same 24 00:01:50,210 --> 00:01:53,200 DNS contents, the domain names to the IP address. 25 00:01:53,950 --> 00:01:56,350 So let's see how this business works. 26 00:01:57,280 --> 00:01:58,600 So I have the piece you want. 27 00:01:58,610 --> 00:02:00,320 This is my computer piece you want. 28 00:02:00,410 --> 00:02:06,300 And I want to get the home of the Google dot com in browser. 29 00:02:06,310 --> 00:02:12,910 I like the Google column and this browser contains some cash and in the KARRAKER cache it searches for 30 00:02:12,910 --> 00:02:18,310 Google dot com Sapientis if I am for visiting the Google dot com website. 31 00:02:19,750 --> 00:02:29,270 Then the cash does not contain any entry, if I have ordered it put 100 times, then the cash that the 32 00:02:29,410 --> 00:02:32,280 that comes by my name and that I purchase. 33 00:02:32,770 --> 00:02:39,430 But let's assume that I am typing a guru.com since my brother does not have any cash. 34 00:02:40,030 --> 00:02:47,470 Then this request will be sent to the ISP Internet service provider, your wife, a provider or some 35 00:02:47,740 --> 00:02:50,140 third party, some Verizon providers. 36 00:02:51,580 --> 00:02:54,090 So ISP also contains some cash. 37 00:02:54,430 --> 00:03:02,880 If even though in that cash our courier comes IP at the center is not there, then ISP fraud was this 38 00:03:02,890 --> 00:03:04,210 request to the root server. 39 00:03:04,770 --> 00:03:08,680 So another good outcome is adept at that. 40 00:03:08,770 --> 00:03:16,740 This the root server and this root server does not do anything except it knows about this building servers. 41 00:03:17,170 --> 00:03:23,980 This deal stands on top of other domain and this coupledom enter dot com, dot org, dot net. 42 00:03:24,340 --> 00:03:26,710 And these are the famous popular domains. 43 00:03:27,640 --> 00:03:34,810 And whatever your request was and why you speak to these other Goulder come this route server identifies 44 00:03:34,810 --> 00:03:35,350 this. 45 00:03:36,640 --> 00:03:43,120 Uh, dark, and then it was under the cost to the respective server. 46 00:03:43,660 --> 00:03:50,420 So this year the server contains the dot com, dot net and dot org server. 47 00:03:50,950 --> 00:03:53,070 So unseen Google dot com. 48 00:03:53,530 --> 00:04:00,630 This particular dot com theaters are responses because it is dot com and they are the servers. 49 00:04:01,720 --> 00:04:08,700 This dot com tildy server transfer, that is the IP address of these name servers to this ISP. 50 00:04:08,920 --> 00:04:10,330 So it is IP addresses. 51 00:04:11,500 --> 00:04:17,410 ISP can contact this name servers so that these names can actually contain this Google. 52 00:04:21,150 --> 00:04:28,050 So these names always contains only the names like Google, Microsoft, and within that Google, it 53 00:04:28,050 --> 00:04:30,090 will have to respond to IP addresses. 54 00:04:30,330 --> 00:04:34,500 So names are on the scene that be for the Google. 55 00:04:34,800 --> 00:04:40,350 Then the corresponding IP address in the table from the Google is sent to the ISP. 56 00:04:40,680 --> 00:04:44,460 Then I speak cash in its database or sent to the PC world. 57 00:04:44,670 --> 00:04:48,830 So no ISP since the IP address are the Google computer perceiver. 58 00:04:49,350 --> 00:04:56,100 And this computer will initiate the connection to that IP address using TCP prevention and get the webpage. 59 00:04:56,370 --> 00:05:00,620 So you don't see this process when you're accessing just Google. 60 00:05:00,630 --> 00:05:04,550 Can you just take Rock'em and you get the webpage? 61 00:05:04,830 --> 00:05:11,880 But these are process just, uh, completing a fraction of seconds. 62 00:05:11,940 --> 00:05:15,060 That's why you see just Google Comesa one web page. 63 00:05:16,350 --> 00:05:17,610 So let's see. 64 00:05:18,000 --> 00:05:25,730 These names are also very important for from the point of view and these names Chavez holds, some papers 65 00:05:25,830 --> 00:05:26,850 are like entries. 66 00:05:27,090 --> 00:05:28,680 These are called business records. 67 00:05:30,050 --> 00:05:39,440 So DNS records contain some mappings, fustiness records, as you can see here, blogs and you want 68 00:05:39,440 --> 00:05:42,770 to ask for these records, contain this IP address. 69 00:05:43,070 --> 00:05:51,020 And if anyone asks for zero and this IP address is featured and in the same way, if anyone asks for 70 00:05:52,250 --> 00:05:53,630 this, IP addresses Fitchett. 71 00:05:54,470 --> 00:06:00,260 So these are the very useful and very commonly used records. 72 00:06:02,070 --> 00:06:08,670 And it makes it cuts and makes sense for me to exchange cuts if any company wants to use the main server 73 00:06:08,910 --> 00:06:12,480 and it has some priority during the highest priority. 74 00:06:12,750 --> 00:06:18,380 And the email will be sent by this server because it's priority zero. 75 00:06:18,660 --> 00:06:27,090 And if this e-mail server is off or any good, if it went to any maintenance purpose, then the next 76 00:06:27,090 --> 00:06:28,710 private email server will be used. 77 00:06:30,630 --> 00:06:32,100 This is causing them to cut. 78 00:06:32,100 --> 00:06:33,590 It also stands for Canonical. 79 00:06:33,650 --> 00:06:37,230 Now, suppose you have some blog and in the blog post. 80 00:06:37,380 --> 00:06:40,450 In that blog Web site, it is. 81 00:06:41,320 --> 00:06:43,770 It is pointed by the donor. 82 00:06:44,310 --> 00:06:50,340 So whenever who don't you do the blog that I am a robot leader. 83 00:06:50,880 --> 00:06:57,990 So what this user, this character name is is the IP address of this website is all of this web server 84 00:06:57,990 --> 00:06:59,360 is constantly changing. 85 00:06:59,850 --> 00:07:03,440 You need to update all these records, those many times. 86 00:07:03,780 --> 00:07:10,290 So in order to avoid the time consuming, you just point to this website and this website points to 87 00:07:10,290 --> 00:07:16,890 another IP address, which is constantly changing, which you do not get because you just point the 88 00:07:16,890 --> 00:07:19,640 donor to the browser or whatever. 89 00:07:20,190 --> 00:07:22,650 OK, that is the current column. 90 00:07:23,220 --> 00:07:27,120 So these are the main business records you need to know. 91 00:07:28,870 --> 00:07:35,500 And you need to know one more concept called the stone transfer so you can see these are the names there 92 00:07:35,500 --> 00:07:41,110 was no my organization can help more than one names are so positive. 93 00:07:41,120 --> 00:07:42,290 I have three names. 94 00:07:42,460 --> 00:07:46,410 Was these three names or was they just the. 95 00:07:47,820 --> 00:07:52,240 IP addresses from these requests and turns to the computer. 96 00:07:52,260 --> 00:07:53,010 OK, that's fine. 97 00:07:53,520 --> 00:07:59,010 So what this security so other security risk lies in same services. 98 00:07:59,340 --> 00:08:09,080 If if you can figure out these names are was me and they can transfer into these records to anyone. 99 00:08:09,870 --> 00:08:10,290 Right. 100 00:08:10,590 --> 00:08:16,100 If one name fails, then the backup will be sent to the other names. 101 00:08:16,620 --> 00:08:18,570 This is called the transfer. 102 00:08:18,960 --> 00:08:25,680 So if I say that anyone can access this transfer, I mean, if anyone can access the records, these 103 00:08:25,680 --> 00:08:30,680 names, servers can send any one this DNS records. 104 00:08:30,870 --> 00:08:39,690 So that is one security issue because ongoing are these subdomains are many servers and anyone can it 105 00:08:39,690 --> 00:08:44,940 increases attacks, surface area and anyone can try to help them. 106 00:08:45,720 --> 00:08:52,110 And one important thing is if you have some hefting websites here and those websites are highly prone 107 00:08:52,110 --> 00:08:52,980 to these attacks. 108 00:08:53,910 --> 00:09:00,820 So that's why you need to configure these servers to not to send the business records to anyone. 109 00:09:01,440 --> 00:09:06,600 So you see this DNS don't transfer in business enumeration with the practical example.