The world of Black Screen

 

This is a sample remote system we are going to investigate..

 

Then I started playing inside..

 

Later I made sure if the DNS server is working or not.. by using Dig command

 

Now I stopped the Name server: "service named stop"

 

Dig localhost, to ensure which name server is working . Since our name server is stopped just a second ago, It might be another parent server that would reply by the dig. Here was the case that 202.52.242.65 replied at port 53. [This follows the precedence from /etc/resolv.conf]

Below is the famous "Cannot Find server" lol  .. because the name server is down 

The files resolv.conf contains the information about which servers to contact. It is usually found at /etc/resolv.conf .

I have here two of the name servers listed. If one fails it contacts the another. However most of the queries will be fetched from the first server.

Now since our local DNS (Domain Name Server) is down. Lets try to find the ip of hotmail.com by invoking : dig hotmail.com

This will return obviously the ip of hotmail.com as well as the ip of the Server which did the job for us. Most probably here will be 202.52.242.65 to do this for us , because we have kept its name at the second place. The one in the first place is 202.52.242.110, which is our local ip, and its DNS (Domain Name Server) is down now.

Now lets start our name server. Service named start.

 

The Error logs, or any logs are printed inside the /var/log/messages at the last portion. You may use tail function, or cat to print the latest log messages about the starting of the name server. Usually during starting name servers.. when there are errors .. I have found no error log is printed at the console, rather errors are printed at the log files. So Its better to find these stuffs there.. Remember /var/log/messages

Here it goes .. Now our DNS is running and, there is at least one server who will reply to our query for the domain. Remember last cannot find server. This time.. it won't say  so.. Rather it worked.. See my domain is working now..

Okay what is there in the files of name servers? These files are situated inside the folder /var/named/ .  Actually name server is configured by a configuration file /etc/named.conf, in which the directory /var/named is defined. I too have used the same configuration. Hence my files reside at /var/named. Inside that file are other files, within which, we can define different zones, and different subdomains.. like I have used a domain here kucc.ku.edu.np and defined different subdomains within this domain. So simple create any file and define subdomains. like A records, the www subdomain of  kucc.ku.edu.np is defined inside kucc.ku.edu.np as :
www IN A 202.52.242.110.
Which means that, the ip of the subdomain "www.kucc.ku.edu.np"  is 202.52.242.110.

Okay well we talked about named.conf Here is the screenshot of /var/named/named.conf

Now lets check it out what the DNS analyzers say, like DNSSTUFF.com has something to say about us.. whether working or not..

Okay just click the lookup button and there you go: the details of dns related stuff.

/var/named/named.ca

/var/named/kucc.ku.edu.np

Below is the history of whatever we did until now..

Now lets start towards mail servers. Lets perform nmap scan to see which ports are open for us to watch. If mail servers are on, smtp port 25,and pop3 port 111 must be open.

Now lets check by telnetting the ports. telnet at port 25 and telnet at port 110.

Okay our mail server is running.. Lets login

and after logging we get mails inside it:

One benefit of having a mail server is that, the system mails all the attacks and logs to the mail server, so that we can check them periodically. Not that you have to go to /var/log/message to check them all the time .. The logs are sent to the mail box as shown above. In traditional way, we had to check the attacks manually like below: