User Tools

Site Tools


bdnog5:track2agenda:dns-lab
//[lab source : NSRC]//

1. Exercises: DNS

1.1 Verify the resolv.conf configuration on your workstation.

cat /etc/resolv.conf The output should look like

nameserver 192.168.30.249
nameserver 192.168.30.250

1.2 Issue the following DNS queries using 'dig' Run each command below, look for the “ANSWER SECTION” and write down the result. Make a note of the TTL as well. Repeat the command. Is the TTL the same as in the first try? Are the responses Authoritative?

COMMAND                         RESULT              TTL (1st)   TTL (2nd)
-----------------------------  ------------------ ------------ --------------
dig nms.apnictraining.net. a    ________________    ___________ __________
dig bdnog.org. a                ________________    ___________ __________                  
dig sanog.org. mx               ________________    ___________ __________      
dig www.facebook.com. aaaa      ________________    ___________ __________      
dig com.bd. ns                  ________________    ___________ __________      
dig <domain of your choice> a   ________________    ___________ __________  
dig <domain of your choice> mx  ________________    ___________ __________      
dig apnic.net. txt              ________________    ___________ __________           
dig isc.org. +dnssec +multi     ________________    ___________ __________ 

Now send some queries to another caching server. How long did it take each answer to be received?

COMMAND                                         RESULT
--------------------------------------------    ------------------

dig @8.8.8.8 bdnog.org. a                       ______________
dig @4.2.2.2 google.com. a                      ______________
dig @8.8.4.4 www.facebook.com. aaaa             ______________
dig @<a-server-of-yours> <domain-of-yours> a    ______________

1.3 Reverse DNS lookups

Now try some reverse DNS lookups. Remember to reverse the four parts of the IP address, add '.in-addr.arpa.', and ask for a PTR resource record. (for 192.168.30.254)

dig 254.30.168.192.in-addr.arpa. ptr

Repeat for an IP address of your choice.

Now try the short form of dig using the '-x' flag for reverse lookups:

dig -x 196.1.95.15
dig --x 2405:7600:0:6::5
dig -x 2001:468:d01:103::80df:9d13
dig @<server-of-your-choice> -x <ip-address-of-your-choice>

1.4 Use tcpdump to show DNS traffic In a separate window, run the following command (you must be 'root')

 # tcpdump -n -s 1500 -i eth0 udp port 53 

This shows all packets going in and out of your machine for UDP port 53 (DNS). Now go to another window and repeat some of the 'dig' queries from earlier. Look at the output of tcpdump, check the source and destination IP address of each packet

  • -n: Prevents tcpdump doing reverse DNS lookups on the packets it receives, which would generate additional (confusing) DNS traffic
  • -s 1500: Read the entire packet (otherwise tcpdump only reads the headers)
  • -i eth0: Which interface to listen on (use ifconfig to determine the name of your ethernet interface)
  • udp port 53: A filter which matches only packets to/from UDP port 53
bdnog5/track2agenda/dns-lab.txt · Last modified: 2016/04/03 18:38 by Fakrul Alam