TL;DR
Skipping all DNS protocol, DNS tunneling and DNS data exfiltration. I've a custom built DNS server for a C2 and data exfiltration and I needed to add my nameservers to my domain provider.
Step #1 | Setup your DNS Server
Whether you're going to use bind9 or programmable server that you have coded (e.g. RubyDNS), all what you need is to add your records you want to serve. Explaining how to configure your own DNS is beyond this topic.
Step #2 | Register Your NameServer
Register the NameServer
- Click on the MY DOMAINS button, located on the top right hand corner.
- Click the domain name you would like to manage.
- Click NS Registration on the left side.
- In the Hostname field, enter a prefix, such as NS1. In the IP Address field, enter the IP address that you need the nameserver to point to.
- Click the Register New Nameserver button
Add Nameserver to the nameservers list
- Click on the My Domains button, located on the top right hand corner.
- Click the domain name you would like to manage.
- Click Nameservers on the left side.
- Click the Delete All button to clear the current nameservers away. Alternatively you can also Delete them one-by-one by clicking Delete, on the right-hand side. (If you do not delete the old nameservers before adding the new, it will create conflicts and the associated website/email will not work.)
- Enter the new nameserver in the empty box labeled Add Nameserver and then click the blue Add button. Be sure to only add one at a time. (You will need at least two nameservers for the domain to work)
- Click Apply Changes.
Step #3 | Test your Infrastructure
The best application for troubleshooting is dnstracer
command which is available on Kali by default or you can install it using apt install dnstracer
. Then run it as follows
$ dnstracer -c4o sub.domain.com
Another helpful dig checks is
$ dig sub.domain.com +short
$ dig TXT sub.domain.com +short
Resources