Blue Team DNS¶

IScorE can handle DNS for Blue Teams in one of two ways: Provided DNS and Competitor DNS. By default, IScorE will handle DNS for Blue Teams. They can manage their records in the DNS section of the Blue Team Area. For Competitor DNS, Blue Teams are expected to provide their own DNS and provide the address for their DNS server through IScorE. For each method, IScorE includes scripts that will generate the appropriate zone and configuration files for each method.

In either configuration, the IScorE database needs to have a user that has read permissions specifically for the sync scripts. These script generate the configuration/zone files based on information in the database.

Provided DNS¶

This mode requires a master zone for each team. The default IScorE image has zones defined for 40 teams. These zone files live in /etc/bind/teams. For example, a configuration file for a CDC with 2 teams using isucdc.net would look like this:

zone "isucdc.com." {
    type master;
    file "/etc/bind/db.empty";
}

zone "team1.isucdc.com." {
    type master;
    file "/etc/bind/teams/team1";
}

zone "team2.isucdc.com." {
    type master;
    file "/etc/bind/teams/team2";
}

Using this setup, there is a sync script (/etc/bind/teams/iscore_sync.sh on the ISERink image). This script should be run every minute.

Note

The iscore_sync script automatically generates an MX record pointing to mail.$ORIGIN.

Competitor DNS¶

This mode requires a forwarder zone for each team that points to the team’s DNS server. There is a generation script (/etc/bind/iscore_forwarders_sync.sh on the ISERink image) that should be run every hour. Additionally rndc flush should be run immediately after the sync script.

Warning

When using this mode, the root zone, isucdc.com in this case, CAN NOT exist. DNS will not work if it does. If that is not possible in your environment, you will need to generate glue NS records for each team’s DNS server.

Custom Domains¶

By default, IScorE assumes domain names to take the pattern teamN.<TEAM_DOMAIN_SUFFIX>. Alternatively, if a team has a custom domain assigned, the team will have a domain of the pattern <custom>.<TEAM_DOMAIN_SUFFIX>. Currently the scripts included with IScorE to generate DNS zones do not support custom domains. Custom domains are intended to be used when team domains names do not follow a pattern. For example, if a scenario says that each team is in it’s own “city”, the teams could have custom domains for their city (chicago, atlanta, etc.) rather than teamN.

DNS API¶

The IScorE API provides the ability to manage DNS records as well as get dns zones for each team. An example script for provided and competitor DNS can be found in the scripts directory. More information about the DNS API can be found here.