x

AD DNS (53)

DNS is responsible for translating human readable domain names (dc01.nelsondouglas.lab) into machine-readable IP addresses (192.168.123.30). This allows browsers and other applications to connect to websites and services on the internet using easy-to-remember names instead of numerical IPs. 

nslookup -type=SRV dc01.nelsondouglas.lab

In context to AD, the DNS protocol plays a critical role in helping clients and servers locate resources within the AD domain. Without DNS, clients would have difficulty locating and interacting with AD resources.

  • Remember that AD networks likely have hundreds of machines in them, far easier to structure machines by department (hr, IT, accounting, etc) under separate domain names (hr.nelsondouglas.lab)

9.17 - DNS Zone Transfer Attacks attacks are the most applicable here.

Left-click: follow link, Right-click: select node, Scroll: zoom
x