【Wireshark Lab v8.0】Lab3：DNS

实验步骤均来自实验指导手册。

实验指导手册下载地址：Jim Kurose Homepage (umass.edu)

1.nslookup

When running nslookup, if no DNS server is specified, then nslookup sends the query to the default DNS server.

Consider the first command:

nslookup www.mit.edu

As shown in the screenshot, the response from this command provides two pieces of information:

(1) the name and IP address of the DNS server that provides the answer;

(2) the answer itself, which is the host name and IP address of www.mit.edu.

consider the second command:

nslookup -type=NS mit.edu

返回mit.edu域的权威服务器

consider the third command:

nslookup www.aiit.or.kr bitsy.mit.edu

(待补充)

we indicate that we want to the query sent to the DNS server bitsy.mit.edu rather than to the default DNS server (dns-prime.poly.edu). Thus, the query and reply transaction takes place directly between our querying host and bitsy.mit.edu. In this example, **the DNS server bitsy.mit.edu **provides the IP address of the host www.aiit.or.kr, which is a web server at the Advanced Institute of Information
Technology (in Korea).

general syntax of nslookup commands.

nslookup –option1 –option2 host-to-find dns-server

1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP
   address of that server?

   

2. Run nslookup to determine the authoritative DNS servers for a university in
   Europe.

   

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for
   the mail servers for Yahoo! mail. What is its IP address?

   （待补充）

2.ipconfig

ipconfig (for Windows) and ifconfig (for Linux/Unix) are among the most useful little
utilities in your host, especially for debugging network issues. Here we’ll only describe
ipconfig, although the Linux/Unix ifconfig is very similar. ipconfig can be used to

ipconfig /all

show current TCP/IP information, including address, DNS server addresses,adapter type and so on.

ipconfig /displaydns

Each entry shows the remaining Time to Live (TTL) in seconds.

ipconfig /flushdns

Flushing the DNS cache clears all entries and reloads the entries from the hosts file.

3.Tracing DNS with Wireshark

抓包如下

4. Locate the DNS query and response messages. Are then sent over UDP or TCP?

   

5. What is the destination port for the DNS query message? What is the source port of DNS response message?

   

   

6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are thesetwo IP addresses the same?

   

   

   二者一样

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

   

   

8. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?

   

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?

   （待补充）

10. This web page contains images. Before retrieving each image, does your host issue new DNS queries?

    （待补充）

Now let’s play with nslookup
对nslookup www.mit.edu抓包

11. What is the destination port for the DNS query message? What is the source port
    of DNS response message?

    

12. To what IP address is the DNS query message sent? Is this the IP address of your
    default local DNS server?

    相同

    

13. Examine the DNS query message. What “Type” of DNS query is it? Does the
    query message contain any “answers”?

    

14. Examine the DNS response message. How many “answers” are provided? What
    do each of these answers contain?

    （待补充）

15. Provide a screenshot.

抓包nslookup –type=NS mit.edu

16. To what IP address is the DNS query message sent? Is this the IP address of your
    default local DNS server?

    

17. Examine the DNS query message. What “Type” of DNS query is it? Does the
    query message contain any “answers”?

    

18. Examine the DNS response message. What MIT nameservers does the response
    message provide? Does this response message also provide the IP addresses of the MIT namesers?

    

    

19. Provide a screenshot.

抓包nslookup www.aiit.or.kr bitsy.mit.edu

（不可达，余下问题待补充）

20. To what IP address is the DNS query message sent? Is this the IP address of your
    default local DNS server? If not, what does the IP address correspond to?

21. Examine the DNS query message. What “Type” of DNS query is it? Does the
    query message contain any “answers”?

22. Examine the DNS response message. How many “answers” are provided? What
    does each of these answers contain?

23. Provide a screenshot.