1 Jae Sook Lee FA16 CSIT 340 – 01 Dr. Constantine Coutras Extra Credit Wireshark Lab: DNS v7.0 nslookup 1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that server? Answer: IP Address: 1) 23.67.251.17, 2) 23.67.251.10 2. Run nslookup to determine the authoritative DNS servers for a university in Europe. 3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! Mail. What is its IP address? Answer: IP Address: 74.6.50.150
Transcript
1
Jae Sook Lee
FA16 CSIT 340 – 01
Dr. Constantine Coutras
Extra Credit
Wireshark Lab: DNS v7.0
nslookup
1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that
server?
Answer: IP Address: 1) 23.67.251.17, 2) 23.67.251.10
2. Run nslookup to determine the authoritative DNS servers for a university in Europe.
3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail
servers for Yahoo! Mail. What is its IP address?
Answer: IP Address: 74.6.50.150
2
Ipconfig 4. ipconfig /all
3
5. ipconfig /displaydns
6. ipconfig /flushdns
4
Tracing DNS with Wireshark
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
Answer: UDP
5. What is the destination port for the DNS query message? What is the source port of DNS
response message?
Answer: Destination port: 53, Source port: 49529
6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address
of your local DNS server. Are these two IP addresses the same?
Answer: 1) 8.8.8.8, 2) 8.8.8.4
5
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answers”?
Answer: 0x0100 Standard query
8. Examine the DNS response message. How many “answers” are provided? What do each
these answers contain?
Answer: 3 answers provided
www.ietf.org: type CNAME, class IN, cname www.ietf.org.cdn.cloudflare-dnssec.net
-> Change alias to machine host name by cname
www.ietf.org.cdn.cloudflare-dnssec.net: type A, class IN, addr 104.20.0.85
www.ietf.org.cdn.cloudflare-dnssec.net: type A, class IN, addr 104.20.1.85
->Two different machine IP address under DNS
6
9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address
of the SYN packet correspond to any of the IP addresses provided in the DNS response
message?
Answer: IP: 104.20.0.85 Port: 80
10. This web page contains images. Before retrieving each image, does your host issue new DNS
queries?
Answer
No. Host does not issue new DNS queries. DNS query and messages are the same format.
7
Now let’s play with nslook. • Start packet capture. • Do an nslookup on www.mit.edu • Stop packet capture.
11. What is the destination port for the DNS query message? What is the source port of DNS
response message?
Answer
Destination port for the DNS query message: 53
Source port of DNS response message: 53
8
Destination
Source
9
12. To what IP address is the DNS query message sent? Is this the IP address of your default
local DNS server?
Answer: 8.8.8.8
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message
contain any “answer”?
Answer: Type: A (Host Address) 1
14. Examine the DNS response message. How many “answers” are provided? What do each of
these answers contain?
Answer
3 answers provided
1) www.mit.edu: type CNAME, class IN, cname www.mit.edu.edgekey.net
-> Change alias to machine host name as www.mit.edu.edgekey.net
2) www.mit.edu.edgekey.net: type CNAME, class IN, cname e9566.dscb.akamaiedge.net
-> Change alias to machine host name as e9566.dscb.akamaiedge.net
3) e9566.dscb.akamaiedge.net: type A class IN, addr 23.10.80.128
-> e9566.dscb.akamaiedge.net name has IP Address 23.10.80.128
Now repeat the previous experiment, but instead issue the command: nslookup –type=NS mit.edu Answer the following questions :
16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? Answer: IP Address: 8.8.8.8
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? Answer: DNS query has type NS. No answer contains.
11
18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the MIT namesers? Answer: It does provide response massages and doesn’t not provide IP Address.
mit.edu: type NS, class IN, ns asial.akam.net
mit.edu: type NS, class IN, ns asia2.akam.net
mit.edu: type NS, class IN, ns ns1-173.akam.net
mit.edu: type NS, class IN, eur5.akam.net
mit.edu: type NS, class IN, ns1-37.akam.net
mit.edu: type NS, class IN, usw2.akam.net
mit.edu: type NS, class IN, ns use5.akam.net
19. Provide a screenshot.
12
Now repeat the previous experiment, but instead issue the command: nslookup www.aiit.or.kr bitsy.mit.edu Answer the following questions:
20. To what IP address is the DNS query message sent? Is this the IP address of your default
local DNS server? If not, what does the IP address correspond to?
Answer: Two IP Addresses: 1) 8.8.8.8, 2) 8.8.4.4
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? Answer: Type: A (Host Address) (1), and It doesn’t contain any answer
IP: 8.8.8.8
13
IP: 8.8.4.4
22. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain? Answer
IP Address: 8.8.8.8 and 8.8.4.4 both have one answer and contains the same answer.
![Welcome! [nsrc.org] · •Recursive Server ... •Lab 3 – Configuring Domains –TEA BREAK •DNS Registries •Troubleshooting (dig, traceroute, nslookup, ethereal) ... triggers](https://static.documents.pub/doc/80x56/5f04af277e708231d40f3122/welcome-nsrcorg-arecursive-server-alab-3-a-configuring-domains-atea.jpg)
