| 1 | DNS Exercise 1.1 |
|---|
| 2 | ================= |
|---|
| 3 | |
|---|
| 4 | 1. Configure the resolver on your workstation |
|---|
| 5 | |
|---|
| 6 | Create /etc/resolv.conf containing: |
|---|
| 7 | |
|---|
| 8 | search ws3.conference.sanog.org |
|---|
| 9 | nameserver 119.2.100.245 |
|---|
| 10 | |
|---|
| 11 | |
|---|
| 12 | |
|---|
| 13 | 2. Issue the following DNS queries using 'dig' |
|---|
| 14 | |
|---|
| 15 | |
|---|
| 16 | 2a. Run each command below, look for the "ANSWER SECTION" and write |
|---|
| 17 | down the result. Make a note of the TTL as well. |
|---|
| 18 | |
|---|
| 19 | Repeat the command. Is the TTL the same as in the first try? |
|---|
| 20 | |
|---|
| 21 | Are the responses Authoritative? |
|---|
| 22 | |
|---|
| 23 | |
|---|
| 24 | COMMAND RESULT TTL (1st) TTL (2nd) |
|---|
| 25 | =========================== ================ =========== ========== |
|---|
| 26 | |
|---|
| 27 | # dig www.tiscali.co.uk. a ________________ ___________ __________ |
|---|
| 28 | # dig afnog.org. mx ________________ ___________ __________ |
|---|
| 29 | |
|---|
| 30 | # dig www.afrinic.net. aaaa ________________ ___________ __________ |
|---|
| 31 | |
|---|
| 32 | # dig psg.com. aaaa ________________ ___________ __________ |
|---|
| 33 | |
|---|
| 34 | # dig <domain of your choice> a ________________ ___________ __________ |
|---|
| 35 | |
|---|
| 36 | # dig <domain of your choice> mx ________________ ___________ __________ |
|---|
| 37 | |
|---|
| 38 | # dig tiscali.co.uk. txt ________________ ___________ __________ |
|---|
| 39 | |
|---|
| 40 | # dig ripe.net. txt ________________ ___________ __________ |
|---|
| 41 | |
|---|
| 42 | # dig afnog.org. txt ________________ ___________ __________ |
|---|
| 43 | |
|---|
| 44 | # dig geek.tiscali.co.uk. a ________________ ___________ __________ |
|---|
| 45 | |
|---|
| 46 | |
|---|
| 47 | |
|---|
| 48 | |
|---|
| 49 | 2b. Now send some queries to another caching server. How long did it take each answer to be received? |
|---|
| 50 | |
|---|
| 51 | COMMAND RESULT |
|---|
| 52 | =========================== ============== |
|---|
| 53 | |
|---|
| 54 | # dig @216.93.185.188 psg.com. a ______________ |
|---|
| 55 | |
|---|
| 56 | # dig @rip.psg.com. yahoo.com. a ______________ |
|---|
| 57 | |
|---|
| 58 | # dig @zoe.dns.gh. www.afrinic.net. aaaa ______________ |
|---|
| 59 | |
|---|
| 60 | # dig @<a-server-of-yours> <domain-of-yours> a ______________ |
|---|
| 61 | |
|---|
| 62 | |
|---|
| 63 | |
|---|
| 64 | 3. Reverse DNS lookups |
|---|
| 65 | |
|---|
| 66 | Now try some reverse DNS lookups. Remember to reverse the four parts of |
|---|
| 67 | the IP address, add '*.in-addr.arpa.*', and ask for a *PTR* resource record. |
|---|
| 68 | |
|---|
| 69 | (For 128.223.157.19) |
|---|
| 70 | # dig 19.157.223.128.in-addr.arpa. ptr |
|---|
| 71 | |
|---|
| 72 | Repeat for an IP address of your choice. |
|---|
| 73 | |
|---|
| 74 | Now try the short form of dig using the '-x' flag for reverse lookups: |
|---|
| 75 | |
|---|
| 76 | # dig -x 128.223.157.19 |
|---|
| 77 | |
|---|
| 78 | # dig -x 2001:42d0::200:2:1 |
|---|
| 79 | |
|---|
| 80 | # dig @<server-of-your-choice> -x <ip-address-of-your-choice> |
|---|
| 81 | |
|---|
| 82 | |
|---|
| 83 | |
|---|
| 84 | 4. Use tcpdump to show DNS traffic |
|---|
| 85 | |
|---|
| 86 | In a separate window, run the following command (you must be 'root') |
|---|
| 87 | |
|---|
| 88 | # tcpdump -n -s 1500 udp port 53 |
|---|
| 89 | |
|---|
| 90 | This shows all packets going in and out of your machine for UDP port 53 |
|---|
| 91 | (DNS). Now go to another window and repeat some of the 'dig' queries |
|---|
| 92 | from earlier. Look at the output of tcpdump, check the source and |
|---|
| 93 | destination IP address of each packet |
|---|
| 94 | |
|---|
| 95 | -n |
|---|
| 96 | Prevents tcpdump doing reverse DNS lookups on the packets it receives, which would generate additional (confusing) DNS traffic |
|---|
| 97 | |
|---|
| 98 | -s 1500 |
|---|
| 99 | Read the entire packet (otherwise tcpdump only reads the headers) |
|---|
| 100 | |
|---|
| 101 | udp port 53 |
|---|
| 102 | A filter which matches only packets to/from UDP port 53 |
|---|
| 103 | |
|---|
| 104 | Note: you can also specify which interface to run tcpdump on, if you |
|---|
| 105 | have multiple interfaces, for example: |
|---|
| 106 | |
|---|
| 107 | # tcpdump -n -i em0 -s 1500 udp port 53 |
|---|
| 108 | |
|---|
| 109 | Here, the option "-i em0" specifies that we want to listen on |
|---|
| 110 | interface "em0" (if this is your interface -- you can always use |
|---|
| 111 | the "ifconfig" to determine the name of your ethernet interface) |
|---|
| 112 | |
|---|