DNS Exercise 1.1
=================

1. 	Configure the resolver on your workstation

Create /etc/resolv.conf containing:

search ws3.conference.sanog.org
nameserver 119.2.100.245



2. 	Issue the following DNS queries using 'dig'


2a. 	Run each command below, look for the "ANSWER SECTION" and write
	down the result. Make a note of the TTL as well. 

Repeat the command. Is the TTL the same as in the first try?

Are the responses Authoritative?

                                           														
COMMAND					RESULT			TTL (1st)	TTL (2nd)
===========================		================	===========	==========

# dig www.tiscali.co.uk. a		________________	___________	__________					
# dig afnog.org. mx			________________	___________	__________		

# dig www.afrinic.net. aaaa		________________	___________	__________		
				
# dig psg.com. aaaa			________________	___________	__________		

# dig <domain of your choice> a		________________	___________	__________	

# dig <domain of your choice> mx	________________	___________	__________		

# dig tiscali.co.uk. txt		________________	___________	__________		

# dig ripe.net. txt			________________	___________	__________		

# dig afnog.org. txt			________________	___________	__________		

# dig geek.tiscali.co.uk. a		________________	___________	__________		




2b. 	Now send some queries to another caching server. How long did it take each answer to be received?

COMMAND								RESULT
===========================					==============

# dig @216.93.185.188 psg.com. a					______________

# dig @rip.psg.com. yahoo.com. a				______________

# dig @zoe.dns.gh. www.afrinic.net. aaaa			______________

# dig @<a-server-of-yours> <domain-of-yours> a			______________



3. 	Reverse DNS lookups

Now try some reverse DNS lookups. Remember to reverse the four parts of
the IP address, add '*.in-addr.arpa.*', and ask for a *PTR* resource record.

(For 128.223.157.19)
# dig 19.157.223.128.in-addr.arpa. ptr

Repeat for an IP address of your choice.

Now try the short form of dig using the '-x' flag for reverse lookups:

# dig -x 128.223.157.19

# dig -x 2001:42d0::200:2:1

# dig @<server-of-your-choice> -x <ip-address-of-your-choice>



4. 	Use tcpdump to show DNS traffic

In a separate window, run the following command (you must be 'root')

# tcpdump -n -s 1500 udp port 53

This shows all packets going in and out of your machine for UDP port 53
(DNS). Now go to another window and repeat some of the 'dig' queries
from earlier. Look at the output of tcpdump, check the source and
destination IP address of each packet

-n
Prevents tcpdump doing reverse DNS lookups on the packets it receives, which would generate additional (confusing) DNS traffic 

-s 1500
Read the entire packet (otherwise tcpdump only reads the headers)

udp port 53
    A filter which matches only packets to/from UDP port 53 

Note: you can also specify which interface to run tcpdump on, if you
have multiple interfaces, for example:

# tcpdump -n -i em0 -s 1500 udp port 53

Here, the option "-i em0" specifies that we want to listen on
interface "em0" (if this is your interface -- you can always use
the "ifconfig" to determine the name of your ethernet interface)