A Deeper Look at DNS

Deliverables

Deliverable 1: In your capture, what are the destination IP addresses, ports, and protocols for DNS traffic?

The port numbers for the DNS packets were “Source Port: 51923” and “Destination Port: 53”. The Source and Destination IP addresses were “Src: 10.0.5.185” and “Dst: 10.0.5.5”. The protocol used was DNS and UDP or User Datagram Protocol.

Deliverable 2: Perform some basic research. Does DNS ever use a protocol different than the one found in Deliverable 1? If so, why?

I found that DNS will use both UDP and TCP port 53 from the start, with “UDP being the default, and fall back to use TCP when it is unable to communicate on UPD”.

Deliverable 3: Figure out how to create a display filter showing only DNS traffic, provide a screenshot that shows at least six DNS packets.

The filter I used to capture DNS traffic was using the display filter “dns”. This showed six specific packets using DNS.

Deliverable 4: For use case 1, what are the authoritative name servers for the .edu top-level domain?

The authoritative name server for packet 2 (the one I used in deliverable 1) is “edu: type SOA, class IN, name a.edu-servers.net” or just .edu.

Deliverable 5: For the use of case 1, Provide a screenshot that shows the reply code from your .edu lookup (note this will be part of the flags field)

This screenshot shows the entire flags field under the Domain Name System (response). The Reply code is “No such name (3)”.

Deliverable 6: For use case 2, provide a screenshot showing the Answer's section of the DNS response for the fw01-yourname query.

Under the Answer field in the response packet for pinging my fw01-kerry server, the field says “fw01-kerry.kerry.local: type A, class IN, addr 10.0.5.2”.

Deliverable 7: For use case 3, what server responds to the DNS request for champlain.edu, & is it authoritative?

For Champlain.edu, the server that responds to the DNS request is “champlain.edu: type A, class IN, addr 208.115.107.132” and it is not Authoritative as it says “Authoritative: Server is not an authority for domain”.

Deliverable 8: What are the different types of DNS Records? Provide a brief description of each in your own words. There are dozens of DNS record types, so discuss the more common ones (< 10 of them) but more than (CNAME, A, PTR) discussed in class.

Besides the CNAME Record (Canonical Name Record), A record (Address Record), and PTR Record (Pointer Record) there are many other DNS records. The AAAA Record (IPv6 Address Record) is similar to the A record, but it maps the domain name to an IPv6 address. This is used as a way to support the IPv6 protocol which came out in 2012. The MX Record (Mail Exchange Record) is used to specify the mail servers responsible for receiving mail messages on behalf of a domain. These records contain information about the mail server’s hostname and priority. TXT Records (Text Records) are used to store readable text information about a domain. They are often used for verification purposes. These text records are also stored in a way that a human can be able to read them. NS Records (Name Server Records) specify the authoritative name servers for a domain. Those name servers are responsible for providing DNS information to the domain. SOA Records (Start of Authority Record) contains administrative information about the DNS, such as the primary name server, the email address of the administrator, and various timing parameters. These parameters are when the domain was last updated and how long the server should wait between each refresh. SRV Records (Service Records) are used to define the location of services within a domain. This information includes details about the service, protocol, and port number. CAA Records (Certification Authority Authorization) specifies which certificate authorities are authorized to issue SSL (Secure Sockets Layer)/TLS (Transport Layer Security) certificates for a domain. These help enhance security by controlling who and what can issue certificates for a domain. NAPTR Records (Naming Authority Pointer) are used for advanced mapping between the domain names and other information. This record is often used in conjunction with ENUM (Telephone Number Mapping) to map phone numbers to SIP (Session Initiation Protocol) or to other communication services. These records are some of the most commonly used DNS records, there are some others but they aren’t used as much as these.