No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DNS Spoofing Implementation

DNS Spoofing Implementation

When the DNS server IP address is not configured or the route to the DNS server does not exist on the DNS proxy or relay that is enabled with DNS spoofing, the DNS proxy or relay sends a spoofing IP address as the domain name resolution result to any DNS client that sends a DNS query message.

DNS spoofing is applied to a dial-up network, as shown in Figure 4-3.

Figure 4-3  DNS spoofing application scenario

As shown in Figure 4-3, the device functions as the DNS proxy and connects to the network using the dial-up interface. The dial-up interface is triggered to set up a connection only when data packets are forwarded by the dial-up interface. When the device functions as the DNS proxy, hosts A and B consider the device as the DNS server. When the dial-up connection is set up, the device obtains the DNS server IP address using DHCP.

When receiving a DNS query message from a DNS client, the device not enabled with DNS spoofing sends a DNS query message to the DNS server when no matching entry is found. If the dial-up connection is not set up, the device cannot obtain the DNS server IP address. The device does not send a DNS query message to the DNS server or respond to the request from the DNS client. The domain name resolution fails. No data packet traffic triggers the dial-up interface to set up a connection.

DNS spoofing enables the device to send a spoofing IP address to the DNS client that sends a DNS query message regardless of whether the DNS server IP address is configured or the route to the DNS server exists on the device. Data packets sent by the DNS client triggers the dial-up interface to set up a connection.

As shown in Figure 4-3, a DNS client wants to access the HTTP server. The process is described as follows:
  1. A DNS client sends a DNS query message to the DNS proxy for resolving the HTTP server domain name to an IP address.
  2. After receiving the DNS query message, the DNS proxy cannot send the correct IP address to the DNS client because no matching entry is found locally, no dial-up connection is set up, and the DNS server IP address is not obtained. The DNS proxy sends the spoofing IP address as the resolution result to the DNS client. The aging time of a DNS resolution response message is 0. A reachable route between the DNS client and the IP address in the response message must exist. The outbound interface of the route is the dial-up interface.
  3. After receiving the response message, the host sends an HTTP request to the IP address in the response message.
  4. The DNS proxy forwards the HTTP request using the dial-up interface. The traffic triggers the dial-up interface to set up a connection with the DNS server. Then the DNS proxy obtains the DNS server IP address using DHCP.
  5. After the DNS resolution response message is aged, the DNS client sends a DNS query message again.
  6. The DNS proxy sends the correct IP address to the DNS client.
  7. After obtaining the correct HTTP server IP address, the DNS client can access the HTTP server.
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 33740

Downloads: 169

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next