Lab 11.2: DNS and nslookup - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objective: Observe the function of DNS hierarchy and resolution using the nslookup command

Lab Prep:

This lab can be completed on any machine with nslookup installed.

---

Lab Steps

Basic nslookup usage: If you are having problems with DNS request timed out: Run nslookup, hit return, type: server 8.8.8.8

• Open a terminal and try "nslookup www.champlain.edu" or any other hostname.

You should see the address of the name server that you asked and the IP address answer to the query

• nslookup also has an interactive mode. Just type "nslookup" and hit enter

  • You should now be at a ">" prompt

• Type a hostname and hit enter - it will try and resolve

• In interactive mode, you can set specific parameters - like the type of Resource Records you want to query (the default are A records).

  • This is done through the "set type=" syntax
  • While in interactive mode, set the type to query the name server records (NS) only
    • set type=ns
    • champlain.edu

This will give you a response on the name server for the champlain.edu domain

• Just enter a period "." in the terminal. This will show you all of the ROOT Zone servers

• Enter the code for any TLD (Top-Level-Domain) (e.g. edu) with a period after the code (for example, "com." or "edu.")

Here is a website with a list of fun domains

beats. TLD

diamonds. TLD

MX Records

MX Records are the Resource records that provide the hostname of the mail servers for a domain.

For example, if we look at the e-mail address [email protected]

• grandpa is the mailbox on a mail server
• And whatever comes after the @, has to ultimately resolve to an IP address of a mail server
• Therefore, hotmail.com needs an MX record

Use nslookup to resolve MX records by setting the type

set type=mx

• Lookup the MX record for hotmail.com
• Lookup the MX record for Champlain.edu
• Lookup the MX record for mymail.champlain.edu
• Lookup another mail domain that you may be familiar with

SUBMIT: Screenshot of "champlain.edu." MX records (don't use mymail.champlain.edu, and don't forget the trailing period) (2 points)

Querying Specific DNS Servers

It is possible to use nslookup to query DNS servers other than your local one

• Exit your current nslookup interactive session if needed (exit or Ctrl-C)
• Start nslookup again
• Type "server 8.8.8.8" (no ='s sign")
  • this will allow you to query Google's Public DNS
  • Try some resolutions, and you should see that 8.8.8.8 is the responding server

Using "Quad 9" DNS

Quad 9 (9.9.9.9) is another public DNS server

• Quad9 is a free, public, recursive DNS server that blocks against known malicious domains
• Run through a non-profit and no personal information is collected
• Malicious domains are continually updated based on malware analysis, compromised web servers, phishing and malware download sites

• Use nslookup and set your query to use the 9.9.9.9 server
• Now, try and resolve isitblocked.org again - it should come back as "Non-Existent"

9.9.9.9 does not work

8.8.8.8 works