1 | DNS Exercise 1.1 |
---|
2 | ================= |
---|
3 | |
---|
4 | 1. Configure the resolver on your workstation |
---|
5 | |
---|
6 | Create /etc/resolv.conf containing: |
---|
7 | |
---|
8 | search ws3.conference.sanog.org |
---|
9 | nameserver 119.2.100.245 |
---|
10 | |
---|
11 | |
---|
12 | |
---|
13 | 2. Issue the following DNS queries using 'dig' |
---|
14 | |
---|
15 | |
---|
16 | 2a. Run each command below, look for the "ANSWER SECTION" and write |
---|
17 | down the result. Make a note of the TTL as well. |
---|
18 | |
---|
19 | Repeat the command. Is the TTL the same as in the first try? |
---|
20 | |
---|
21 | Are the responses Authoritative? |
---|
22 | |
---|
23 | |
---|
24 | COMMAND RESULT TTL (1st) TTL (2nd) |
---|
25 | =========================== ================ =========== ========== |
---|
26 | |
---|
27 | # dig www.tiscali.co.uk. a ________________ ___________ __________ |
---|
28 | # dig afnog.org. mx ________________ ___________ __________ |
---|
29 | |
---|
30 | # dig www.afrinic.net. aaaa ________________ ___________ __________ |
---|
31 | |
---|
32 | # dig psg.com. aaaa ________________ ___________ __________ |
---|
33 | |
---|
34 | # dig <domain of your choice> a ________________ ___________ __________ |
---|
35 | |
---|
36 | # dig <domain of your choice> mx ________________ ___________ __________ |
---|
37 | |
---|
38 | # dig tiscali.co.uk. txt ________________ ___________ __________ |
---|
39 | |
---|
40 | # dig ripe.net. txt ________________ ___________ __________ |
---|
41 | |
---|
42 | # dig afnog.org. txt ________________ ___________ __________ |
---|
43 | |
---|
44 | # dig geek.tiscali.co.uk. a ________________ ___________ __________ |
---|
45 | |
---|
46 | |
---|
47 | |
---|
48 | |
---|
49 | 2b. Now send some queries to another caching server. How long did it take each answer to be received? |
---|
50 | |
---|
51 | COMMAND RESULT |
---|
52 | =========================== ============== |
---|
53 | |
---|
54 | # dig @216.93.185.188 psg.com. a ______________ |
---|
55 | |
---|
56 | # dig @rip.psg.com. yahoo.com. a ______________ |
---|
57 | |
---|
58 | # dig @zoe.dns.gh. www.afrinic.net. aaaa ______________ |
---|
59 | |
---|
60 | # dig @<a-server-of-yours> <domain-of-yours> a ______________ |
---|
61 | |
---|
62 | |
---|
63 | |
---|
64 | 3. Reverse DNS lookups |
---|
65 | |
---|
66 | Now try some reverse DNS lookups. Remember to reverse the four parts of |
---|
67 | the IP address, add '*.in-addr.arpa.*', and ask for a *PTR* resource record. |
---|
68 | |
---|
69 | (For 128.223.157.19) |
---|
70 | # dig 19.157.223.128.in-addr.arpa. ptr |
---|
71 | |
---|
72 | Repeat for an IP address of your choice. |
---|
73 | |
---|
74 | Now try the short form of dig using the '-x' flag for reverse lookups: |
---|
75 | |
---|
76 | # dig -x 128.223.157.19 |
---|
77 | |
---|
78 | # dig -x 2001:42d0::200:2:1 |
---|
79 | |
---|
80 | # dig @<server-of-your-choice> -x <ip-address-of-your-choice> |
---|
81 | |
---|
82 | |
---|
83 | |
---|
84 | 4. Use tcpdump to show DNS traffic |
---|
85 | |
---|
86 | In a separate window, run the following command (you must be 'root') |
---|
87 | |
---|
88 | # tcpdump -n -s 1500 udp port 53 |
---|
89 | |
---|
90 | This shows all packets going in and out of your machine for UDP port 53 |
---|
91 | (DNS). Now go to another window and repeat some of the 'dig' queries |
---|
92 | from earlier. Look at the output of tcpdump, check the source and |
---|
93 | destination IP address of each packet |
---|
94 | |
---|
95 | -n |
---|
96 | Prevents tcpdump doing reverse DNS lookups on the packets it receives, which would generate additional (confusing) DNS traffic |
---|
97 | |
---|
98 | -s 1500 |
---|
99 | Read the entire packet (otherwise tcpdump only reads the headers) |
---|
100 | |
---|
101 | udp port 53 |
---|
102 | A filter which matches only packets to/from UDP port 53 |
---|
103 | |
---|
104 | Note: you can also specify which interface to run tcpdump on, if you |
---|
105 | have multiple interfaces, for example: |
---|
106 | |
---|
107 | # tcpdump -n -i em0 -s 1500 udp port 53 |
---|
108 | |
---|
109 | Here, the option "-i em0" specifies that we want to listen on |
---|
110 | interface "em0" (if this is your interface -- you can always use |
---|
111 | the "ifconfig" to determine the name of your ethernet interface) |
---|
112 | |
---|