Jump to content
  • Advertisement
Sign in to follow this  
DrCoolSanta

DNS Queries in WinSock2, Data sent and Recieved

This topic is 4131 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I need to use DNS queries somewhere, and I can't use the functions of the library to get the data I need, I would like to know how I would go around doing that in WinSock. Currently I know that: A DNS server works on the port 53. A DNS server uses UDP (though I am only able to connect from TCP Sockets) I have also heard that a DNS server does not work with sockets. A DNS server takes and gives binery in/output A DNS server takes the host, type of record, and type of connection. The problem is I don't know that in which order should the queries give the things it needs to know, and how to make it binery. I also don't know what DNS servers need if not sockets and how to initialize them in WinSock. If you can give me a simple idea of how to write, and what functions, it will be good. And I need this to get records other than A or NS, specifically MX, and no i am not making an SMTP client/server. Please help.

Share this post


Link to post
Share on other sites
Advertisement
DNS-related RFC.

Disclaimer: Messing with DNS servers can get you unusual results, result in no response, or in some cases, be classified as hacking or DOS attempt, which, under extreme circumstances, can be classified as act of terrorism.

Take it with a grain of salt, but there's really no reason to do anything with DNS servers that isn't provided by existing APIs. Especially not with public servers.

Besides, this all sounds like a WHOIS problem.

Share this post


Link to post
Share on other sites
Well I figured out that I need to use a datagramm connection and then UDP connection. But I guess if it can be a terrorist act, I won't do it.

Share this post


Link to post
Share on other sites
I'm sure there are third party asynchronous DNS lookup libraries that you can use.

If you're doing this in your own server infrastructure, I recommend running a local DNS (e.g. on the same machine or LAN) to do caching etc.

Mark

Share this post


Link to post
Share on other sites
Quote:
Original post by DrCoolSanta
Well I figured out that I need to use a datagramm connection and then UDP connection. But I guess if it can be a terrorist act, I won't do it.


Like I said, take that with a grain of salt.

My point was merely that DNS is the core internet infrastructure. And while seemingly robust, DNS isn't reliable at design level.

This makes it quite possible to design attacks the poison DNS data exchange. Since DNS is so lightweight, the only way to defend against it is to exclude the attacker physically.

If you intend to talk to external DNS servers, make sure your protocol implementation is fully RFC compliant, complete with all MUST, MUST NOT and SHOULD requirements.

Or you may find that suddenly your IP can no longer connect to DNS servers.

Share this post


Link to post
Share on other sites
I do understand you, and I understand the risks, and maybe that is the reason I will still not try to create the piece of program I wanted to, so it is ok.
And I know I can run a DNS server at home to do what I want, I'll do when I'll be more confident, my ISP is run by the govt. so that scares me more, you know, jail and stuff.

Share this post


Link to post
Share on other sites
I guess some corrupted DNS packets wont put you in jail :)

Antheus talked about MANY attempts (1000 or more).

But is there some DNS blacklist of banned IPs? Because that would make me scared too...

Share this post


Link to post
Share on other sites
The answer is most likely "yes, there exists black-lists for pretty much any important Internet service."

Poisoning isn't QUITE as easy as it's been said here -- you need physical control of a machine that is in the chain of trust -- but the chain of trust is sometimes quite tenuous. For example, a lot of universities used to be delegees from the root servers, which means you could possibly poison a .com by being on staff at one of those universities. Don't know if that's still true.

If you want to write your own library, then you should test it against two different DNS server implementations on your own machine, first. You can easily install BIND and DJBDNS on your own machine, and point your library at those processes for testing. You can even run them on non-standard ports (say, 5353 instead) while testing, to avoid any risk of breaking anything else.

To get asynchronous DNS resolution, putting calls to gethostbyname() inside a thread works pretty well for small to medium scale processes, but the serialization of a single request at a time will suck when trying to scale up.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!