IT Systems Security - ISS 610S

Lab Number: Lab2 - Web Services (DNS)

Student Name and Number: Tashinga Ryan Manunure

222002905

Lab Group Number : 3

Estimated Time: 60 Minutes

Objectives
To better understand how the web is structured and how DNS allows us to efficiently browse the web
without having to memorize IP Addresses of websites/web applications we intent to use on the web.

Tools:
1. Apache Web Server
2. DNS Server
3. Windows Operating System
4. Putty (Optional, but recommended)

NB: The Apache Web Server from Lab 1 will be used as the web server. A new DNS server will be created
to translate www.hackme.local into the IP address of the Apache Web Server. A Windows machine
(recommended to use a windows virtual machine) will be used to access the website hosted on our
Apache Web Server. The domain name of the apache web server created in lab 1 will be hackme.local.

Difficulty Scale:
Easy Medium Challenging Difficult

Summery

In the previous lab, the students were required to create an apache web server, create a self-signed
certificate and use that certificate to secure communication to the apache web server using SSL. Up to this
point, the web site is accessed through an IP Address, which is not ideal from an IT Systems Security
standpoint. This lab will allow us to make us of DNS services to translate the IP address to a hostname. So
that clients to the website can use a domain name to visit the site, instead of using an IP Address.
Configuring your Debian
A new debian virtual machine is needed for this exercise. We will use the new debian virtual machine as the
DNS server. Make sure the DNS server and the apache web server are on the same VLAN.

1. Change the hostname of your new debian virtual machine to “dns”. We’ll now be calling this virtual machine
a DNS Server. NB: Use the hostname file in the /etc directory.
(Insert Screenshot)

EXPLANATION:
sudo nano /etc/hostname
- using the nano text editor with administrative rights, accesses the "hostname" file in the "/etc" directory. (via the "sudo"
command).
The hostname, or name by which the computer is recognized on a network, is usually contained in this file. The command
gives the user the option to edit the file's content and modify the computer's hostname, which may be required for
specific network configurations or system management tasks.

2. Make sure your sources.list file is configured correctly to download applications from the repository.
(Insert Screenshot)

EXPLANATION:
nano /etc/apt/sources.list
- the nano text editor is used to view the "sources.list" file found in the "/etc/apt" directory.

The Advanced Package Tool (APT) uses this file to obtain and install software packages on Linux systems running
the Debian operating system. (such as Ubuntu).
 By using the command, a user can edit a file's contents and add, delete, or change repository URLs. Adding third-
party repositories that house software not found in the official repositories or changing the URLs of existing
repositories to refer to faster mirrors are both possible uses for this.

3. Update the new configurations made to the sources.list file.

(Insert Screenshots)

EXPLANATION:
Sudo apt update
-update the system-stored local package directory files using this method. These index files include details about the packages that
are accessible in the Debian repository, such as package dependencies, version numbers, and other information. The system will
update the local copies of these index files on your system and download the most recent version from the Debian repository
when you execute apt-get update. By doing this, you can install or upgrade packages on your system knowing that you have access
to the most recent information on the packages that are accessible and their dependencies.

4. Check if “named” daemon is installed. We will be using the “named” program to configure DNS services.
(Insert Screenshot)
If not installed, run the following commands to install it. This is the daemon that is used for DNS services.

EXPLANATION:
# apt-get install bind9 bind9-doc dnsutils
- The BIND DNS server and associated tools are installed in Debian 11 using the apt-get install bind9 bind9-doc
dnsutils command. What each bundle does is as follows:
Bind9 : This is the real package for the BIND DNS server. It offers a DNS server that can handle DNS zones and
respond to requests from DNS clients.
Bind9-doc : The BIND 9 DNSSEC Guide and the BIND 9 Administrator Reference Manual are both included in this
package of instructions for the BIND DNS server.
Dnsutils : A collection of DNS tools are included in this package that can be used to query DNS servers and
diagnose DNS problems. It contains instruments such as dig, nslookup, and host
 (Insert Screenshot)

5. Edit the following files with the following information.

5.a First file:

Open the hosts file /etc/hosts. The /etc/hosts is a very important file for DNS resolutions, as it helps with
translating hostnames or domain names to IP addresses.

Replace “debian” with the hostname of your DNS virtual machine, which is “dns” as shown in the picture
below. Leave everything else untouched.

(Insert Screenshot)
EXPLANATION:
nano /etc/hosts
- the nano text editor opens the "hosts" file found in the "/etc" directory.

IP address to hostname conversions are contained in this file. The operating system converts domain names to IP
numbers using these mappings.

The user can add, delete, or change the IP address and hostname mappings by using the command to edit the file's
contents. Setting up local development environments or restricting access to particular websites by rerouting their
domain names to a local location are two common uses for this.

5.b Second File:

Open /etc/resolv.conf file and enter the IP address of your DNS server as shown in the picture. The
/etc/resolv.conf is another important file for name resolutions in Linux operating systems. It contains information
 that identifies the IP Address of the DNS server (nameserver), that deals with DNS translations. The whole process
is called resolving.

EXPLANATION:
# chattr +i /etc/resolv.conf (This command will keep this file intact even after restart)
- the "immutable" attribute is put on the file /etc/resolv.conf using the chattr +i command. This means that no user,
not even root or a user with root-level access, can change, rename, or delete the file. On Linux platforms, changing
file attributes is done using the chattr command. The "immutable" attribute, which forbids any modifications to the file,
is specified by the +i option. Usually, this is done to prevent malicious or unintentional alteration of crucial system files
that could compromise system security or make it unstable. The DNS resolver configuration for the machine is kept in
the /etc/resolv.conf file. The immutable attribute is put on this file by the system to prevent malicious or unintentional
modification of the DNS resolver configuration, which may jeopardize network security or stability.

NB: For nameserver, enter the IP Address of your DNS Server. In this case, mine is 192.168.10.176.

(Insert Screenshot)
5.c Third File:
Open /etc/bind/named.conf.local and enter the information below.

EXPLANATION:
etc/bind/named.conf.local
-pertains to the location of a configuration file used by the Linux system's BIND DNS server (Berkeley
Internet Name Domain).

The configuration directives in the file specify the local zone data, such as the zone name, type, and file
name containing the zone's resource records. A system administrator usually edits this file to add or
remove DNS zones on the local server.

The "named.conf.local" file is one of the configuration files that the BIND DNS server sees when it is
launched to determine how to respond to DNS requests. When using a text editor or command-line
interface to view or modify this particular file, the path is used to specify its location.

zone "hackme.local" {
type

file "/etc/bind/zones/hackme.local"; This number is the network number in Reverse.

Make sure to put your network number in reverse
too.
Example: 192.168.10
zone "10.168.192.in-addr.arpa" { ------------> 10.168.192
master;

};

type master;
 file
};
It should look like this (grey area):

This number is the network number in Reverse.

Example: 192.168.10
------------> 10.168.192

"/etc/bind/zones/hackme.local";

(Insert Screenshot)
6. Create a directory in the /etc/bind directory, and call it “zones”. You’ll be using this directory to store the
zone file.
(Insert Screenshot)

7. In the directory “zones” (created at step 6). Create a zone file called hackme.local
(Insert Screenshot)
8. a. Edit the file “hackme.local” with the following details. Copy and Paste if you can’t write.
;
; BIND data for example.com
;
 3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
;
@ NS dns A

(Insert Screenshot)
8. b. Make sure the bind9 service is running, then restart it.
EXPLANATION:
# service bind9 status
is used to examine the functionality of the BIND DNS server, a popular DNS (Domain Name System) server
program.

Upon execution, the query will show details regarding the status of the BIND DNS server. The output, if the server
is up and operating, will display details about its uptime, the total number of connections, and the BIND version
that is currently in use. On the other hand, if the server is not operating, a message stating that the service is not
running will be displayed in the output.

Overall, this command can be used to diagnose DNS server problems and to verify the BIND DNS server's status
(Insert Screenshot)
EXPLANATION:
# service bind9 restart
- is used to restart the commonly used DNS (Domain Name System) server software known as BIND.

If the BIND service is already operating when the command is run, it will be stopped and restarted with the same
configuration data. This is helpful when the setup files have been modified or when the DNS server needs to be
restarted to address problems.

It's important to note that restarting the BIND process might briefly disrupt DNS resolution, which could affect
clients accessing the DNS server.
(Insert Screenshot)

9. Using a Windows computer on the same VNet as the Apache and DNS servers, configure it to use your
new DNS server as the primary DNS server. This can be achieved by inserting the IP Address of your
DNS Server in the IP configuration settings of your Windows computer.

NB: Allow the Windows computer to obtained IP Address automatically but configure the Preferred
DNS Address manually.
Use this windows computer to access your website using the domain name instead of the IP address.
The domain name we used in this lab is “hackme.local”, so enter this in the url:
www.hackme.local

It should look like this:

NOTE: The purpose is to learn. Have fun. If you need assistance, just ask and it will be offered.