Lab Eight : The Domain Name System Members: Edmund Chang 70813570 Lin He __________ Negar Mohades __________ Prelab 8 1.) host - DNS lookup utility. host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options. 2.) Terms used in the Domain Name System: a. Top-level domain = The top portion of the hierarchical name space. Divides up the Internet Name Space into categories such as COM, EDU, GOV, MIL, NET, ORG, INT, US, ARPA. The DNS has a root domain at the top of the hierarchy and directly under are the top-level domains. b. CNAME (canonical name) = A host's official name as opposed to an alias. The official name is the first hostname listed for its Internet address in the hostname database. c. Resolver = The resolver is the DNS client used on most Linux and BSD systems. It comes with glibc. Its configuration file /etc/resolv.conf (note the spelling) determines the DNS servers to use, and various other options. d. Name server = A name server's purpose is to receive queries from resolvers and return answers to those queries. Usually, a resolver, or some other program, will make a query and the name server will either return an answer, or the address of the place that the resolver can look to find an answer. Name servers hold information about a domain's structure. If a name server holds complete information for a specific zone, it is considered authoritative for that zone. Being authoritative, that server is responsible for maintaining accurate information about that zone. e. Label = Naming in DNS begins with giving each domain, or node, in the DNS name space a text label. The label identifies the domain within the structure, and must follow certain syntax rules. f. FQDN (fully qualified domain name) = A fully qualified domain name consists of a host and domain name, including top-level domain. For example, www.webopedia.com is a fully qualified domain name. www is the host, webopedia is the second-level domain, and.com is the top level domain. A FQDN always starts with a host name and continues all the way up to the top-level domain name, so www.parc.xerox.com is also a FQDN. g. BIND = BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service. h. Inverse lookup = Inverse queries where you perform a lookup for the hostname belonging to an IP address. i. RR (resource record) = A DNS uses resource records to resolve host names and IP addresses. These records are stored in the DNS zone files. The record types NS, SOA, CNAME, and PTR form the basic infrastructure of DNS. j. SOA (start of authority) = Start of authority record. Specifies the server that contains the zone files for the domain. 3.) Types of DNS queries: a. Inverse queries work differently. When a DNS server receives an inverse query, it returns the friendly name for an IP address, rather than an IP address for a friendly name. However, searching the entire Internet for a friendly name match would prove time consuming. Rather than waste resources, use of the in-addr.arpa domain notifies name servers of an inverse query. Special pointer (PTR) records are added to the in-addr.arpa domain, and these PTR records match IP addresses (whose octets are actually reversed to delegate administration of A, B, and C class addresses) to friendly domain names. For example, clients seeking to determine the friendly name for the IP address 192.168.1.2 would send the local name server a request for the PTR record for 2.1.168.192.in-addr.arpa. b. Iterative queries: When the name server of a host cannot resolve a query, it sends a referral to another server to the resolver. c. Recursive query: When the name server of a host cannot resolve a query, the server issues a query to resolve the query. 4.) Domain name servers store information about part of the domain name space called a zone. The name server is authoritative for a particular zone. A single name server can be authoritative for many zones. Understanding the difference between a zone and a domain is sometimes confusing. A zone is simply a portion of a domain. For example, the Domain Microsoft.com may contain all of the data for Microsoft.com, Marketing.microsoft.com and Development.microsoft.com. However, the zone Microsoft.com contains only information for Microsoft.com and references to the authoritative name servers for the subdomains. The zone Microsoft.com can contain the data for subdomains of Microsoft.com if they have not been delegated to another server. For example, Marketing.microsoft.com may manage its own delegated zone. Development.microsoft.com may be managed by the parent, Microsoft.com. If there are no subdomains, then the zone and domain are essentially the same. In this case the zone contains all data for the domain. 5.) Some of the top-level domains in the DNS namespace: com Commercial organizations edu Educational institutions gov Government institutions int International organizations mil U.S. military institutions net Networking organizations org Non-profit organizations 6.) No, domain names are not case sensitive. The constraints on the length of domain names is that each label can be at most 63 characters and the total length of the FQDN can be at most 255 characters. 7.) Root Servers of the Internet: A.ROOT-SERVERS.NET. (VeriSign, Dulles, VA) 198.41.0.4 B.ROOT-SERVERS.NET. (ISI, Marina Del Rey CA) 192.228.79.201 C.ROOT-SERVERS.NET. (Cogent Communications) 192.33.4.12 D.ROOT-SERVERS.NET. (University of Maryland) 128.8.10.90 E.ROOT-SERVERS.NET. (Nasa Ames Research Center) 192.203.230.10 F.ROOT-SERVERS.NET. (Internet Systems Consortium) 192.5.5.241 G.ROOT-SERVERS.NET. (US Department of Defense) 192.112.36.4 H.ROOT-SERVERS.NET. (US Army Research Lab) 128.63.2.53 I.ROOT-SERVERS.NET. (Stockholm, Sweden) 192.36.148.17 J.ROOT-SERVERS.NET. (Herndon, VA) 192.58.128.30 K.ROOT-SERVERS.NET. (London, United Kingdom) 193.0.14.129 L.ROOT-SERVERS.NET. (IANA, Los Angeles) 198.32.64.12 M.ROOT-SERVERS.NET. (WIDE, Tokyo) 202.12.27.33 8.) The .arpa domain is the Address and Routing Parameter Area domain and is designated to be used exclusively for Internet-infrastructure purposes. 9.) Result of nslookup: C:\Documents and Settings\Edmund Chang>nslookup www.cnn.com *** Can't find server name for address 192.168.0.1: Non-existent domain *** Default servers are not available Server: UnKnown Address: 192.168.0.1 Non-authoritative answer: Name: cnn.com Addresses: 64.236.16.84, 64.236.16.116, 64.236.24.4, 64.236.24.12 64.236.24.20, 64.236.24.28, 64.236.16.20, 64.236.16.52 Aliases: www.cnn.com The computer chose 64.236.24.28. Report Questions from EXERCISE 2: 1.) The 1st IP address assigned to that name from top-down order will be chosen. Questions from EXERCISE 3(A): 1.) The roles of each resource record in file db.mylab.com: a. Asdf b. Asdf c. Asdf d. Asdf The line “$TTL 86400” specified the Time-To-Live asdfasdf Questions from EXERCISE 3(C): Trying "PC3.mylab.com" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21982 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;PC3.mylab.com. ;; ANSWER SECTION: PC3.mylab.com. IN A 86400 IN A 10.0.1.31 ;; AUTHORITY SECTION: mylab.com. 86400 IN NS PC4.mylab.com. ;; ADDITIONAL SECTION: PC4.mylab.com. 86400 IN A 10.0.1.41 Received 81 bytes from 127.0.0.1#53 in 1 ms --------------------------------------------------------------------------Trying "21.1.0.10.in-addr.arpa" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60777 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;21.1.0.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 21.1.0.10.in-addr.arpa. 86400 IN PTR ;; AUTHORITY SECTION: 1.0.10.in-addr.arpa. 86400 IN NS PC4.mylab.com. ;; ADDITIONAL SECTION: PC4.mylab.com. 86400 IN A 10.0.1.41 PC2.mylab.com. Received 101 bytes from 127.0.0.1#53 in 1 ms Explanation: Since PC4 is running as a DNS server, when PC1 ping “PC3.mylab.com,” PC1 asks PC4 for the corresponding address. Questions from EXERCISE 3(D): Trying "PC3.lab8.net" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 559 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;PC3.lab8.net. IN A 86400 IN A 10.0.2.32 ;; AUTHORITY SECTION: lab8.net. 86400 IN NS PC4.lab8.net. ;; ADDITIONAL SECTION: PC4.lab8.net. 86400 IN A 10.0.2.42 ;; ANSWER SECTION: PC3.lab8.net. Received 80 bytes from 10.0.1.41#53 in 1 ms Questions from EXERCISE 3(E): 10.0.2 $TTL 86400 2.0.10.in0addr.arpa. IN SOA PC4.lab8.net. hostmaster.lab8.net. ( 1 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) 2.0.10.in-addr.arpa. IN NS PC4.lab8.net. 12 22 32 42 12 22 32 42 IN IN IN IN IN IN IN IN PTR PTR PTR PTR PTR PTR PTR PTR PC1.lab8.net. PC2.lab8.net. PC3.lab8.net. PC4.lab8.net. PC1.mylab.com. PC2.mylab.com. PC3.mylab.com. PC4.mylab.com. mylab.com $TTL 86400 mylab.com. ; mylab.com. ; localhost PC4.mylab.com. PC3.mylab.com. PC2.mylab.com. PC1.mylab.com. PC4.mylab.com. PC3.mylab.com. PC2.mylab.com. PC1.mylab.com. IN SOA PC4.mylab.com. hostmaster.mylab.com. ( 1 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) IN NS A A A A A A A A A 127.0.0.1 10.0.1.41 10.0.1.31 10.0.1.21 10.0.1.11 10.0.2.42 10.0.2.32 10.0.2.22 10.0.2.12 PC4.mylab.com. PC1% host –v PC3.lab8.net Trying "PC3.lab8.net" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15992 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;PC3.lab8.net. IN A ;; ANSWER SECTION: PC3.lab8.net. 86400 IN A 10.0.2.32 ;; AUTHORITY SECTION: lab8.net. 86400 IN NS PC4.lab8.net. ;; ADDITIONAL SECTION: PC4.lab8.net. 86400 IN A 10.0.2.42 Received 80 bytes from 10.0.1.41#53 in 1 ms PC1% host –v PC3.mylab.com Trying "PC3.mylab.com" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48472 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;PC3.mylab.com. ;; ANSWER SECTION: PC3.mylab.com. PC3.mylab.com. IN A 86400 86400 IN IN A A 10.0.1.31 10.0.2.32 ;; AUTHORITY SECTION: mylab.com. 86400 IN NS PC4.mylab.com. ;; ADDITIONAL SECTION: PC4.mylab.com. 86400 PC4.mylab.com. 86400 IN IN A A 10.0.2.42 10.0.1.41 Received 113 bytes from 10.0.1.41#53 in 1 ms Questions from EXERCISE 4: 1. NOT all commands generate a DNS message. 2. Domain Name System (query) Transaction ID: 0xe675 Flags: 0x0100 (Standard query) 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries PC1: type A, class inet Name: PC1 Type: Host address Class: inet A DNS uses resource records to resolve host names and IP addresses. These records are stored in the DNS zone files. The record types NS, SOA, CNAME, and PTR form the basic infrastructure of DNS. 3. For iterative queries, when the name server of a host cannot resolve a query, it sends a referral to another server to the resolver. For recursive queries, when the name server of a host cannot resolve a query, the server issues a query to resolve the query. 4. PC1 caches the previous response 5. No No. Time 2 0.001036 4 2.292099 6 4.473754 7 4.474485 Server failure 8 4.476915 9 4.477485 Server failure 10 5.933165 12 6.672161 14 9.466753 10.0.1.41 15 9.466781 00:50:bf:73:47:6a 17 10.024658 19 12.313375 Source 00:0d:29:2c:e0:00 00:0d:29:35:56:60 10.0.1.11 10.0.1.41 Destination 00:0d:29:2c:e0:00 00:0d:29:35:56:60 10.0.1.41 10.0.1.11 Protocol Info LOOP Loopback LOOP Loopback DNS Standard query A PC1 DNS Standard query response, 10.0.1.11 10.0.1.41 10.0.1.41 10.0.1.11 DNS DNS Standard query A PC1 Standard query response, 00:0a:b7:c2:3b:80 00:0a:b7:c2:39:80 00:04:75:ad:04:73 00:0a:b7:c2:3b:80 00:0a:b7:c2:39:80 00:50:bf:73:47:6a LOOP LOOP ARP Loopback Loopback Who has 10.0.1.11? 00:50:bf:73:47:6a 00:04:75:ad:04:73 ARP 10.0.1.11 is at 00:0d:29:2c:e0:00 00:0d:29:35:56:60 00:0d:29:2c:e0:00 00:0d:29:35:56:60 LOOP LOOP Loopback Loopback Tell Explain the fields in flags fields: QR 1/8 (1 bit) Query/Response Flag: Differentiates between queries and responses. Set to 0 when the query is generated; changed to 1 when that query is changed to a response by a replying server. AA 1/8 (1 bit) Authoritative Answer Flag: This bit is set to 1 in a response to indicate that the server that created the response is authoritative for the zone in which the Additional section, it may choose not to bother. RD 1/8 (1 bit): Recursion Desired: When set in a query, requests that the server receiving the query attempt to answer the query recursively, if the server supports recursive resolution. The value of this bit is not changed in the response. Determine how domain names and IP addresses are encoded in the DNS message. DNS uses a special notation for DNS names. Each label is encoded one after the next in the name field. Before each label, a single byte is used that holds a binary number indicating the number of characters in the label. Then, the label's characters are encoded, one per byte. The end of the name is indicated by a null label, representing the root; this of course has a length of zero, so each name ends with just a “0” character, indicating this zero-length root label. Note that the “dots” between the labels aren't necessary, since the length numbers delineate the labels. The computer reading the name also knows how many bytes are in each label as it reads the name, so it can easily allocate space for the label as it reads it from the name. For example, “www.xyzindustries.com” would be encoded as: “[3] w w w [13] x y z i n d u s t r i e s [3] c o m [0]” Questions from EXERCISE 5: The command ping –c 3 PC3.mylab.com generates a DNS message. No. - - Advantage- Running a caching-only server gives you better performance than querying a name server on a remote system, especially if the remote system is on the other side of a gateway or router. Disadvantage- we are making more external queries, as none of the nameservers share their cached data. Questions from EXERCISE 5: For each command, explain how observed DNS queries are resolved. Source IP address, destination IP address, flags in the DNS message, and all resource records. Which queries have the recursion-desired flag set? List the authoritative servers for the .net domain and .com domain. Do you observe recursive or iterative queries, or both? What is the advantage/disadvantage of recursive DNS queries? What is the main advantage/disadvantage of iterative DNS queries? In general, host computers issue recursive queries against DNS servers. The host assumes that the DNS server either knows the answer to the query, or can find the answer. On the other hand, a DNS server will generally issue iterative queries against other DNS servers if it is unable to answer a recursive query from cached information. CHECKLIST FORM FOR LAB 8 Prelab 8 question sheet Checkoff for Part 1 Checkoff for Part 2 Checkoff for Part 3 Checkoff for Part 4 Checkoff for Part 5 Checkoff for Part 6 Feedback sheet Lab report FEEDBACK FORM FOR LAB 8 Part 1 Network Setup Part 2 Name Resolution without DNS Part 3 Configuring a DNS Server Part 4 DNS Traffic Part 5 Caching-Only Servers Part 6 Hierarchy of DNS Servers Difficulty 1 Interest Level 2 Time to Complete 73 minutes 1 2 60 minutes 1 2 73 minutes 1 2 60 minutes 1 0 50 minutes 1 2 60 minutes What I liked about this lab: -I liked the fact that it showed us how to use The Domain Name System. What I disliked about this lab: -The report questions were a little long and required extra research. My suggestion to improve this lab: -Make clearer questions and maybe a standard of what data to show since some of the captures are huge but I am not sure what parts they want to see even though I know which ones are relevant to my answers.