1
2
3
4
sudo apt update
sudo apt install wireshark
sudo apt install netwag 
sudo apt install bind9

在attacker上安装netwag,在attacker上wireshark,在dns server上安装bind9

1
sudo chmod +x /usr/bin/dumpcap

linux中wireshark要在sudo环境下运行。

首先,在client上修改/etc/hosts文件,添加

1
1.2.3.4 www.example.com
1
2
resolvectl status#查看不同网卡dns解析情况
cat /etc/resolv.conf#查看系统dns解析配置,可以修改
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
vim named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};

zone "192.168.3.x" {
    type master;
    file "/etc/bind/db.192.168.3";
}
1
2
3
4
5
6
vim named.conf.options
options {
        directory "/var/cache/bind";
        dump-file "/var/cache/bind/dump.db";
        禁用dnssec
        }
1
cd /var/cache/bind

修改域目录权限

1
sudo chmod -R 777 /var/cache/bind
1
2
3
4
5
6
7
8
9
10
11
12
13
vim db.192.168.3
$TTL 3D
@	IN	SOA	ns.example.com. admin.example.com. (
		2008111001
		8H
		2H
		4W
		1D)
@	IN	NS	ns.example.com.

200	IN	PTR	www.example.com.
102	IN	PTR	mail.example.com.
115	IN	PTR	ns.example.com.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
vim db.example.com
$TTL 3D
@       IN      SOA     ns.example.com. admin.example.com. (
                2008111001
                8H
                2H
                4W
                1D)

@       IN      NS      ns.example.com.
@       IN      MX      10 mail.example.com.

www     IN      A       192.168.3.200
mail    IN      A       192.168.3.102
ns      IN      A       192.168.3.115
*.example.com.  IN      A 192.168.3.200

重启dns服务

1
sudo service bind9 restart

image-20230930175505897

image-20230930175437934