DNS Exercise 1.1 ================= 1. Configure the resolver on your workstation Create /etc/resolv.conf containing: search sse.ws.afnog.org nameserver 197.4.15.10 2. Issue the following DNS queries using 'dig' 2a. Run each command below, look for the "ANSWER SECTION" and write down the result. Make a note of the TTL as well. Repeat the command. Is the TTL the same as in the first try? Are the responses Authoritative? COMMAND RESULT TTL (1st) TTL (2nd) =========================== ================ =========== ========== # dig www.tiscali.co.uk. a ________________ ___________ __________ # dig afnog.org. mx ________________ ___________ __________ # dig www.afrinic.net. aaaa ________________ ___________ __________ # dig psg.com. aaaa ________________ ___________ __________ # dig a ________________ ___________ __________ # dig mx ________________ ___________ __________ # dig tiscali.co.uk. txt ________________ ___________ __________ # dig ripe.net. txt ________________ ___________ __________ # dig afnog.org. txt ________________ ___________ __________ # dig geek.tiscali.co.uk. a ________________ ___________ __________ 2b. Now send some queries to another caching server. How long did it take each answer to be received? COMMAND RESULT =========================== ============== # dig @8.8.8.8 psg.com. a ______________ # dig @rip.psg.com. yahoo.com. a ______________ # dig @zoe.dns.gh. www.afrinic.net. aaaa ______________ # dig @ a ______________ 3. Reverse DNS lookups Now try some reverse DNS lookups. Remember to reverse the four parts of the IP address, add '*.in-addr.arpa.*', and ask for a *PTR* resource record. (For 216.235.14.38) # dig 38.14.235.216.in-addr.arpa. ptr Repeat for an IP address of your choice. Now try the short form of dig using the '-x' flag for reverse lookups: # dig -x 216.235.14.38 # dig -x 2001:4900:1:392::38 # dig @ -x 4. Use tcpdump to show DNS traffic In a separate window, run the following command (you must be 'root') # tcpdump -n -s 0 -v udp port 53 (if tcpdump is not installed, you can install it by typing "apt-get install tcpdump" as root) This shows all packets going in and out of your machine for UDP port 53 (DNS). Now go to another window and repeat some of the 'dig' queries from earlier. Look at the output of tcpdump, check the source and destination IP address of each packet -n Prevents tcpdump doing reverse DNS lookups on the packets it receives, which would generate additional (confusing) DNS traffic -s 0 Read the entire packet (otherwise tcpdump only reads the headers) -i bge0 Which interface to listen on (use ifconfig to determine the name of your ethernet interface) udp port 53 A filter which matches only packets to/from UDP port 53