©"2005&21012,"J.F"Kurose"and"K.W."Ross,"All"Rights"Reserved"" Wireshark Lab: DNS v6.01 Supplement"to"Computer)Networking:)A)Top3Down)Approach,)6th)ed.,)J.F."Kurose"and"K .W."Ross""“Tell) me) and) I) forget.) Show) me) and ) I) reme m ber .) Involve ) me) an d) I)understand.”)Chinese"proverb"""As"described"in"Section"2.5"of"the"text1,"the"Do main"Na me"System"(DNS )"t r a n s la tes"hostna mes"to"IP"addresses,"fulfilling"a"critical"ro le"in"the"In tern et"infra struc ture ."In"this"lab,"w e’ll"take "a"close r"look"at"the"clie n t"side "of"D N S ."Recall"that"the"client’s"role"in"the"DNS"is"relatively"simple"–"a"client"sends"a"query)to"its"local"DNS"server,"and"receives"a"response)back.""As"shown"in"Figures"2.21"and"2.22"in"the"textbook,"much"can"go"on"“under"the"covers,”"invisible"to"the"DNS"clients,"as"the"hierarchical"DNS"servers"communicate"with"each"other"to"either"recursively"or"iteratively"resolve"the"client’s"DNS"query.""From"the"DN S"client’s"standpo int,"howe ver,"the"protoco l"is"quite"simple"–"a"query"is"formulated"to"the"local"DNS"server"and"a"response"is"received"from"that"server.""Before"beginning"this"lab,"you’ll"probably"want"to"review"DNS"by"reading"Section"2.5"of"the"text.""In"particular,"you"m a y"w a nt"to"re view "the "m ater ial"on" loc al%D N S %se rv er s,"DNS%caching,"DNS%records%and%messages,"and "th e"TYPE%field%in"the"DNS"reco rd .""1. nslookup In"this"lab,"we’ll"mak e"exte nsiv e"use "of"the" nslookup)tool,"which"is"available"in"m o st"Linu x/ Un ix"and"Microsoft"platforms"today."To"run"nslookup)in"Linux/Un ix,"y ou "ju s t"ty p e"t he "nslookup)command"on"the"comm and"line."To"run"it"in"Windows,"open"the"Command"Prompt"and"run"nslookup)on"the"command"line.""In"it"is"most"basic"oper ation ,"nslookup)tool"allows"the"hos t"run ning "the"too l"to"que ry"an y"specified"DNS"server"for"a"DNS"record."The"queried"DNS"server"can "be"a"root"DNS"server,"a"top&level&domain"DNS"server,"an"authoritative"DNS"server,"or"an"intermediate"DNS"server"(see"the"textbook"for"definition s"of"these "term s)."To"ac com p lish"this"task ,"nslookup)sends"a"DNS"query"to"the"specified"DNS"serv er,"receives "a"DN S"reply"from"that"same"DNS"server,"and"displays"the"result."" 1"References"to"figures"and"sections"are"for"the"6th"edition"of"our"text,"Computer)Networks,)A)Top3down)Approach,)6th)ed.,)J.F."Kurose"and"K.W."R os s,"A dd iso n &Wesley/Pearson,"2012."""The"above"screenshot"shows"the"results"of"three"independent"nslookup)commands"(displayed"in"the"Window s"Co m m an d"P rom p t)."In"this"exa m ple,"the"clien t"host"is"locate d"on "the"campus"of"Polytechnic"University"in"Brooklyn,"where"the"default"local"DNS"server"is"dns&prime.poly.edu."When"running"nslookup,"if"no"DNS"s e r v e r"i s"s p e c if ie d ,"t h e n " nslookup)sends"the"query"to"the"default"DNS"server,"which"in"this"case"is"dnsprime.poly.edu."Consider"the"first"command:""nslookup www.mit.edu In"words,"this"com m a n d"is"sayin g"“p lease "send "m e"the"IP"address"for"the"host"www.mit.edu”."As"shown"in"the"screenshot,"the"response"from"this"command"provides"two"pieces"of"informa tio n :"(1 )"th e "na me"and"IP"ad d re s s"o f"th e "D N S "se rv er "th at "pr o vid e s"t he "a ns wer;"and"(2)"the"answer"itself,"wh ich"is"the"hos t"name"and"IP"address"of"www.mit.edu."Although"the"response"came"from "the"local"DNS "server"at"Polytech nic"Un iversity,"it"is"quite"possible"that"this"local"DNS"server"iterative ly"con tacte d"seve ral"oth er"DN S"ser vers"to "get"the"a nsw e r,"as"described"in"Section"2.5"of"the"textbook.""Now"consider"the"second"command:""nslookup -type=NS mit.edu In"this"example ,"we"h ave "pro vide d"the "optio n"“ &type=NS”"and"the"do m ain "“mit.edu ”."This"ca use s"nslookup)to"send"a"query"for"a"type&NS"record"to"the"default"local"DNS"server."In"""words,"the"query"is"saying,"“please"send"me"the"host"names"of"the"authoritative"DNS"for"mit.edu”."(When"the"–type"option"is"not"used,"nslookup)uses"the"default,"which"is"to"query"for"type"A"records.)"The"answer,"displayed "in"the"above "screensh ot,"first"indicate s "th e"D NS"server"th at "is"providing"the"answer"(which"is"the"default"local"DNS"server)"along"with"three"MIT"nameservers."Each"of"these"servers"is"indeed"an"authoritative"DNS"server"for"the"hosts"on"the"MIT"campus."However,"nslookup)also"indicates"that"the"answer"is"“non&authoritative,”"meaning"that"this"answer"came"from"the"cache"of"some"server"rather"than"from"an"authoritative"MIT"DNS"server."Finally,"the"answer"also"includes"the"IP"addresses"of"the"authoritative"DNS"servers"at"MIT."(Even"though"the"typ e&NS"query"generated"by"nslookup)did"not"explicitly"ask"for"the"IP"addresses,"the"local"DNS "ser ve r"re tu rn ed "th ese "“fo r"fre e”"a n d"nslookup)displays"the"result.)""Now"finally"consider"the"third"command"(WARNING:"the%example%below%uses%the%server%“bitsy.mit.edu”.%When%you%try%this%command%at%home,%please%replace%“bitsy.mit.edu”%with"Google’s%public%DNS%server%“8.8.8.8”,%since%“bitsy.mit.edu”%is%no%longer%in%use %an d%it%will%not%respond!):""nslookup www.aiit.or.kr bitsy.mit.edu In"this"example,"we"indicate"that"we"want"to"the"query"sent"to"the"DNS"server"bitsy.mit.edu"rather"than"to"the"default"DNS"server"(dn s&prime.poly.edu)."Thus,"the"query"and"reply"transaction"takes "place "directly"be tw een "ou r"que rying "host"a nd "bitsy.mit.edu."In"this"e x a mple,"the"DNS"server"bitsy.mit.edu"provides"the"IP"address"of"the"host"www.aiit.or.kr,"which"is"a"web"server"at"the"Advanced"Institute"of"Information"Techno logy"(in"Korea).""Now"that"we"have"gone"through"a"few"illustrative"examples,"you"are"perhaps"wondering"about"the"general"synta x"of"nslookup)commands."The"syntax"is:""nslookup –option1 –option2 host-to-find dns-server In"general,"nslookup)can"be"run"with"zero,"one,"two"or"more"options."And"as"we"have"seen"in"the"above"examples,"the"dns&server"is"optional"as"well;"if"it"is"not"supplied,"the"query"is"sent"to"the"default"local"DNS"server.""Now"that"we"have"provided"an"overview"of"nslookup,"it"is"time"fo r "y o u "t o "t e s t"d r iv e "i t"yourself."Do"the"following"(and"write"down"the"results):""1. Run"nslookup)to"obtain"the"IP"ad dre ss"of"a"W e b"ser ver"in "Asia."W h at"is"the"IP "add ress "of"that"server?""2. Run"nslookup)to"determine"the "auth oritative "DN S"serve rs"for"a"u niver sity"in"Eu rop e.""3.