Assignment: A Deeper Look at DNS - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

image

Log off and login to wks01 again as a named domain admin user, and install Wireshark on WKS01.

Capture DNS Traffic

  • Open Wireshark

  • Open elevated CMD

  • release any cached DNS records with ipconfig /flushdns

image

  • Ping a non-existent site hannelore_abc.edu

image

image

  • Ping an existing local host fw01-hannelore

image

image

  • Ping and existing site champlain.edu

image

image

  • Successful capture of all 4 labs

image

In your capture, what are the destination IP addresses, ports and protocols for DNS traffic?

Destination IP address: 10.0.5.5 (the ad01 DNS server we set up)

Perform some basic research. Does DNS ever use a protocol different than the one found in Deliverable 1? If so, why?

DNS does not use other protocols. DNS is a protocol itself.

Figure out how to create a display filter showing only DNS traffic, provide a screenshot that shows at least six DNS packets.

image

For use case 1, what are the authoritative name servers for the .edu top level domain?

  • The authoritative name server is a.edu.servers.net

image

For use case 1, Provide a screenshot that shows the reply code from your .edu lookup (note this will be part of the flags field)

  • The reply code says "no such name"

image

For use case 2, provide a screenshot showing the Answer's section of the DNS response for the fw01-yourname query.

image

For use case 3, what server responds to the DNS request for champlain.edu, & is it authoritative?

  • No it is not authoritative

image

  • The ad01 server replies to the DNS request for champlain.edu

image

What are the different types of DNS Records? Provide a brief description of each in your own words. There are dozens of DNS record types, so discuss the more common ones (< 10 of them) but more than (CNAME,A,PTR) discussed in class.

CNAME record

A canonical name DNS record points one domain name to another domain rather then pointing to an IP address.

NS record

A nameserver DNS record tells applications where they can find the IP address for a domain. Name servers connect a domain to the actual server that hosts a site.

MX record

A mail exchange DNS record shows where the emails for a certain domain should be routed to, essentially it routes emails to a mail server.

SOA record

A start of authority DNS record store administrative information about a domain such as the email address of the admin and when the domain was updated last.

TXT record

A text DNS record allows for the owner of a domain store text values within in. There are some services that use text records to verify the ownership of a domain.

SRV record

SRV records are used to identify what computers are hosting specific services. It is able to store the IP address and port for specific services.

CERT record

This record stores public key certificates in the DNS.

DCHID record

A DCHID record can be used and created by some servers/clients to store Dynamic Host Configuration Protocol(DHCP) Information.