While working on an upcoming article for QD I ran into an issue with the dnsenum.pl Perl script. I followed the process of installing the optional Perl modules and when I went back to test dnsenum it would no longer return any IP addresses. Instead of dnsenum returning actual IP addresses it was returning odd characters. It turns out there is some form of conflict between dnsenum.pl and the Net::DNS Perl module. Below I describe the dnsenum issue in more detail and provide a work around by manually downgrading the Net::DNS Perl module by hand.
I typically use Amazon’s AWS EC2 cloud services which include Route53 for DNS however I have certain clients that prefer RackSpace and therefore require RackSpace Cloud DNS services. One of the primary reasons for not just using an external DNS service such as Amazon’s Route53 DNS service is because when you setup large cloud deployments you typically are going to need internal DNS entries for communication between cloud instances and DNS services such as Route53 will not respond externally to RFC1918 or private IP space for those DNS entries. Anyhow one thing that is well documented or easy to accomplish on Route53 is creating A records with multiple IP’s for round robin DNS which provides a cheap easy to configure load balancing of sorts for different services such as MySQL. I could not find any documentation or mention of round robin DNS setup on RackSpace Cloud DNS so I wanted to explain how I was able to accomplish this.
If you want to spoof some DNS requests then dnschef is the tool to do it. I can never get enough of redirecting innocent Internet surfers to random locations. The main key for dnschef to be extremely useful is the fact that you will have to somehow get the traffic to the Backtrack Linux server running dnschef which could be done by gaining access and modifying DNS entries on a single server or by poisoning the real DNS server on a network. Below we show a couple examples of dnschef in action but overall it is really easy to use and the hard part will be figuring out the method you use to get the DNS (Domain Name Server) traffic to the Backtrack server running dnschef.
Xplico is a NFAT or Network Forensics Analysis Tool that is designed to either capture traffic in real time sessions or to provide an interface to upload PCAP (Packet Capture Data) files for analysis. The current version in Backtrack Linux 5 release 3 is 0.7 however the latest Xplico version is Xplico 1.0.1. I believe there are some dependencies required in the later versions of Xplico so I will write an updated article once Backtrack 6 comes up and the latest version of Xplico can easily be installed.
Recently I was looking to obtain a couple specific DNS record ID’s for domains with DNS hosted in the RackSpace Cloud so I could use the information to interact with RackSpace Instances through RightScale. Various RightScale ServerTemplates such as the MySQL Cluster ServerTemplates require you to enter the exact DNS record ID as RightScale Inputs for the ServerTemplate. I am not sure why the record ID’s are not listed in a column in the RackSpace Cloud DNS management interface but regardless the below method of querying the RackSpace API make it fairly easy to obtain them regardless.