【Wireshark Lab v8.0】Lab3：DNS

实验步骤均来自实验指导手册。

实验指导手册下载地址：Jim Kurose Homepage (umass.edu)

1.nslookup

When running nslookup, if no DNS server is specified, then nslookup sends the query to the default DNS server.

Consider the first command:

nslookup www.mit.edu

As shown in the screenshot, the response from this command provides two pieces of information:

(1) the name and IP address of the DNS server that provides the answer;

(2) the answer itself, which is the host name and IP address of www.mit.edu.

consider the second command:

nslookup -type=NS mit.edu

返回mit.edu域的权威服务器

consider the third command:

nslookup www.aiit.or.kr bitsy.mit.edu

we indicate that we want to the query sent to the DNS server bitsy.mit.edu rather than to the default DNS server (dns-prime.poly.edu). Thus, the query and reply transaction takes place directly between our querying host and bitsy.mit.edu. In this example, **the DNS server bitsy.mit.edu **provides the IP address of the host www.aiit.or.kr, which is a web server at the Advanced Institute of Information Technology (in Korea).

general syntax of nslookup commands.

nslookup –option1 –option2 host-to-find dns-server

1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that server?

   

2. Run nslookup to determine the authoritative DNS servers for a university in Europe.

   

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail. What is its IP address?

   

2.ipconfig

ipconfig (for Windows) and ifconfig (for Linux/Unix) are among the most useful little
utilities in your host, especially for debugging network issues. Here we’ll only describe
ipconfig, although the Linux/Unix ifconfig is very similar. ipconfig can be used to

ipconfig /all

show current TCP/IP information, including address, DNS server addresses,adapter type and so on.

ipconfig /displaydns

Each entry shows the remaining Time to Live (TTL) in seconds.

ipconfig /flushdns

Flushing the DNS cache clears all entries and reloads the entries from the hosts file.

3.Tracing DNS with Wireshark

4. Locate the DNS query and response messages. Are then sent over UDP or TCP?

   ANSWER:

   yes

5. What is the destination port for the DNS query message? What is the source port of DNS response message?

   ANSWER:

   The destination port for the DNS query is 53 and the source port of the DNS response is 53.

6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are thesetwo IP addresses the same?

   ANSWER:

   It’s sent to 192.168.1.1, which is the IP address of one of my local DNS servers.

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

   ANSWER:

   It’s a type A Standard Query and it doesn’t contain any answers

8. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?

   ANSWER:

   There were 2 answers containing information about the name of the host, the type of address, class, the TTL, the data length and the IP address.

   

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?

   ANSWER:

   The first SYN packet was sent to 209.173.57.180 which corresponds to the first IP address provided in the DNS response message

10. This web page contains images. Before retrieving each image, does your host issue new DNS queries?

    Now let’s play with nslookup
    对nslookup www.mit.edu抓包

    ANSWER:

    No

11. What is the destination port for the DNS query message? What is the source port of DNS response message?

    ANSWER:

    The destination port of the DNS query is 53 and the source port of the DNS response is 53

12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?

    ANSWER:

    It’s sent to 192.168.1.1 which as we can see from the ipconfig –all screenshot, is the default local DNS server

13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

    ANSWER:

    The query is of type A and it doesn’t contain any answers.

14. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?

    ANSWER:

    The response DNS message contains one answer containing the name of the host, the type of address, the class, and the IP address

    

15. Provide a screenshot.

抓包nslookup –type=NS mit.edu

16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?

    ANSWER:

    It was sent to 128.238.29.22 which is my default DNS server

17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

    ANSWER:

    It’s a type NS DNS query that doesn’t contain any answers.

18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the MIT namesers?

    ANSWER:

    The nameservers are bitsy, strawb and w20ns. We can find their IP addresses if we expand the Additional records field in Wireshark as seen below

    

19. Provide a screenshot.

抓包nslookup www.aiit.or.kr bitsy.mit.edu

20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If not, what does the IP address correspond to?

    ANSWER:

    The query is sent to 18.72.0.3 which corresponds to bitsy.mit.edu.

21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

    ANSWER:

    It’s a standard type A query that doesn’t contain any answers

22. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?

    ANSWER:

    One answer is provided in the DNS response message. It contains the following

    

23. Provide a screenshot.