# Lab 3 : DNS ## nslookup * nslookup nccu.edu.tw * nslookup -type=NS nccu.edu.tw * nslookup nccu.edu.tw 8.8.4.4 ## Questions #### 3-1 Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that server? :::info  ::: :::warning <span style="color: red">nslookup nccu.edu.tw</span> ::: #### 3-2 Run nslookup to determine the authoritative DNS servers for a university in Europe :::info  ::: :::warning <span style="color: red">nslookup -type=NS www.cam.ac.uk</span> ::: #### 3-3 Run nslookup so that one of the DNS servers obtained in Question 3-2 is queried for the mail servers for Yahoo mail. What is its IP address? :::info  ::: :::warning <span style="color: red">nslookup mail.yahoo.com[domain.name.sever]</span> ::: ## ipconfig 會顯示所有介面卡的 IP address, subnet mask, default gateway * ipconfig /all * ipconfig /displaydns * ipconfig /flushdns ## Steps * Step 1 : 打開 cmd 輸入以下指令： ipconfig /flushdns * Step 2 : 打開瀏覽器（建議用無痕模式) * Step 3 : 打開 Wireshark (建議以系統管理員執行) * Step 4 : 開始抓 Packet * Step 5 : 複製下方網址，貼上網址列 Enter</br> http://www.ietf.org * Step 6 : 停止抓 Packet ，並在 Filter 輸入 dns ## Questions #### 3-4 Locate the DNS query and response messages. Are then sent over UDP or TCP? :::info UDP ::: #### 3-5 What is the destination port for the DNS query message? What is the source port of DNS response message? :::info 53, 53 ::: #### 3-6 To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same? :::info * 8.8.8.8 * same ::: #### 3-7 Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? :::info   ::: #### 3-8 Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? :::info  * 3個 ::: #### 3-9 Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message? :::info * same ::: #### 3-10 This web page contains images. Before retrieving each image, does your host issue new DNS queries? :::info No, the images are all loaded from www.ietf.org, so no additional DNS queries are necessary (the host uses a cached address). ::: ## Steps * Step 1 : 打開 Wireshark (建議以系統管理員執行)，開始抓 Packet * Step 2 : 在 cmd 上輸入 nslookup www.mit.edu * Step 3 : 停止抓 Packet ，並在 Filter 輸入 dns #### 3-11 What is the destination port for the DNS query message? What is the source port of DNS response message?   #### 3-12 To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?  #### 3-13 Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?  * Nope #### 3-14 To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? :::info * 三個，包含 Name, Type, Class, TTL, Data length, CNAME等等  ::: ## Steps * Step 1 : 打開 Wireshark (建議以系統管理員執行)，開始抓 Packet * Step 2 : 在 cmd 上輸入 nslookup -type=NS www.mit.edu * Step 3 : 停止抓 Packet ，並在 Filter 輸入 dns #### 3-15 To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? :::info * same   ::: #### 3-16 Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? :::info  ::: #### 3-17 Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the MIT namesers? :::info * Contain name, type, class, TTL, Data length, CNAME etc. We can find their IP addresses if we expand the Additional records field in Wireshark as seen below. :::