A Deeper Look at DNS Lab - Zacham17/my-tech-journal GitHub Wiki

Purpose

In this lab, I used Wireshark to capture the DNS traffic when performing pings.

Notes

• To start off, I first cleared the DNS cache using the command ipconfig /flushdns
• I then performed a Wireshark capture of 3 pings. One of a non-existent website, one of a local address, and one of a remote address.
• I analyzed the packets captured in Wireshark
• The DNS port number is 53
• DNS uses UDP by default, but can also use TCP if the size of the request or response is to big for UDP.

Common DNS Record Types

The following are common DNS record types. I found information on DNS record types here

• A : Has an ID of 1. A host address. Resolves a hostname to an IP address
• NS : Has an ID of 2. An authoritative name server.
• CNAME : Has an ID of 5. The canonical name for an alias.
• SOA : Has an ID of 6. Marks the start of a zone of authority.
• WKS : Has an ID of 11. A well known service description. Specifies supported well known services.
• PTR : Has an ID of 12. A domain name pointer. Resolves IP Address to hostname
• HINFO : Has an ID of 13. Host information. Defines hardware type and operating system.
• MINFO : Has an ID of 14. Mailbox or mail list information.
• MX : Has an ID of 15. Mail exchange. Directs email to a mail server.
• TXT : Has an ID of 16. Text strings. Lets the admin enter text strings into the domain name system.