DNS
1. nslookup
general syntax of nslookup command:
nslookup –option1 –option2 host-to-find dns-server
按照handout中的最后一个测试命令,发现bitsy.mit.edu的DNS服务器没有响应。
将DNS服务器更改为科大DNS域名ns.ustc.edu.cn,能够得到返回的地址:
Q&A
-
Run nslookup to obtain the IP address of a Web server in Asia.
-
Run nslookup to determine the authoritative DNS servers for a university in Europe.
英国曼彻斯特大学:
-
Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail.
然而,igor.mcc.ac.uk的DNS服务器找不到yahoo.com
尝试一下Google:
同样是没能够成功解析
再尝试一下Facebook:
这次终于成功了!
由此看来,Facebook不愧是当前全球最大的社交网站(误)
2. ipconfig
- ipconfig /all
- ipconfig /displaydns
- ipconfig /flushdns
3. Tracing DNS with Wireshark
- Locate the DNS query and response messages. Are they sent over UDP or TCP?
通过UDP协议发送
- What is the destination port for the DNS query message? What is the source port of DNS response message?
destination port: 53 (DNS专用端口)
source port: 53(DNS专用端口)
- To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?
202.141.180.1
它与本机DNS服务器是同一个地址
观察发现,这里的DNS服务器和DHCP服务器具有相同的地址
- Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type: A。不包含"answers"
- Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?
3 answers. 每个answer中包含返回的域名、addr或CNAME以及Type、Class等等其他相关信息
- Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
通过过滤查找DNS返回的IP地址,发现没有后续TCP SYN包的目的地是DNS返回消息的IP地址 - This web page contains images. Before retrieving each image, does your host issue new DNS queries?
host没有发起新的DNS请求
4. Play with nslookup
1) nslookup domain
Q&A
- What is the destination port for the DNS query message? What is the source port of DNS response message?
DNS query destination port: 53
DNS response source port: 53 - To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
202.141.180.1。是我的本机默认DNS服务器地址 - Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type A。 请求消息不包含任何"answer" - Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?
两条返回的消息中分别包含3条、4条answers。每条answer中包括type、class、cname或IP地址、Data length等等信息。
- Provide a screenshot.
见如上实验截图
2) nslookup –type=NS mit.edu
Q&A
- To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
202.141.180.1。是我的本机默认DNS地址 - Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type NS。请求信息不包含任何answer。 - Examine the DNS response message. What MIT name servers does the response message provide? Does this response message also provide the IP addresses of the MIT name servers?
ns1-173.akam.net
use5.akam.net
asia1.akam.net
usw2.akam.net
nsl-37.akam.net
asia2.akam.net
eur5.akam.net
use2.akam.net
返回消息的"Additional records中给出了IP地址"
- Provide a screenshot.
见如上实验截图
3) nslookup www.aiit.or.kr bitsy.mit.edu
由于在实验2中我们发现 bitsy.mit.edu 这个DNS服务器没有响应,而www.aiit.or.kr在很多DNS服务器解析时都找不到其对应的IP地址,从而导致请求失败。我们换用如下命令进行实验:
nslookup www.facebook.com igor.mcc.ac.uk
(二者均不使用本机默认DNS服务器[后者是英国曼彻斯特大学提供的DNS服务器],均查询国外域名)
Q&A
- To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If not, what does the IP address correspond to?
第一次:202.141.180.1。这个是本机默认DNS服务器地址。host向它请求我们需要的DNS服务器的地址。
第二次:130.88.200.2。不是本机默认DNS服务器。这个地址是从本机DNS服务器得到的,人为选择的远程DNS服务器的地址。 - Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Type A、AAAA。请求消息不含answer。 - Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?
第一次:1条answer,包括请求的远程DNS服务器addr及返回消息的type、data length等信息。
第二次:1条answer,包括请求的facebook的addr及返回消息的type、data length等信息。
- Provide a screenshot.
见如上实验截图。
3930
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
