Get documents about "WiresharkDNS
Document Sample
CS420: Tutorials* on
High Speed Multimedia and
Multiservice Networks:
University of Cyprus
Wireshark Lab: DNS Department of
Computer Science
By: Pavlos Antoniou
Spring 2008
* The material is taken from J.F. Kurose & K.W. Ross, “Computer
Networking: A Top-Down Approach Featuring the Internet”, 4rd Edition.
Introduction
• Domain Name System:
– Distributed database implemented in hierarchy of many name servers
– Application-layer protocol: host, routers, name servers to communicate to
resolve names (address/name translation)
• DNS services
– hostname to IP address translation
– host aliasing
• Canonical, alias names
– mail server aliasing
– load distribution
• replicated Web servers: set of IP addresses for one canonical name
• Why not centralize DNS? doesn’t scale!
– single point of failure
– traffic volume
– distant centralized database
– maintenance
CS420: High Speed Multimedia and 2
Multiservice Networks
Distributed, Hierarchical Database
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
pbs.org poly.edu umass.edu
yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers
Client wants IP for www.amazon.com; 1st approx:
• client queries a root server to find com DNS server
• client queries com DNS server to get amazon.com DNS
server
• client queries amazon.com DNS server to get IP
address for www.amazon.com
CS420: High Speed Multimedia and 3
Multiservice Networks
DNS: Root name servers
• contacted by local name server that can not resolve name
• root name server:
– contacts authoritative name server if name mapping not known
– gets mapping
– returns mapping to local name server
a Verisign, Dulles, VA
c Cogent, Herndon, VA (also LA)
d U Maryland College Park, MD k RIPE London (also 16 other locations)
g US DoD Vienna, VA
h ARL Aberdeen, MD i Autonomica, Stockholm (plus
j Verisign, ( 21 locations) 28 other locations)
e NASA Mt View, CA m WIDE Tokyo (also Seoul,
f Internet Software C. Palo Alto, Paris, SF)
CA (and 36 other locations)
13 root name
servers worldwide
b USC-ISI Marina del Rey, CA
l ICANN Los Angeles, CA
CS420: High Speed Multimedia and 4
Multiservice Networks
Local Name Server
• Does not strictly belong to hierarchy
• Each ISP (residential ISP, company, university) has one.
– also called “default name server”
• When host makes DNS query, query is sent to its local
DNS server
– acts as proxy, forwards query into hierarchy
CS420: High Speed Multimedia and 5
Multiservice Networks
DNS name resolution example
root DNS server
• Host at cis.poly.edu 2
wants IP address for 3 TLD DNS server
gaia.cs.umass.edu 4
5
iterated query:
• contacted server local DNS server
replies with name of dns.poly.edu
server to contact 7 6
1 8
• “I don’t know this
name, but ask this authoritative DNS server
server” dns.cs.umass.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
CS420: High Speed Multimedia and 6
Multiservice Networks
DNS name resolution example
root DNS server
recursive query:
2 3
• puts burden of name
resolution on contacted 7 6
name server TLD DNS server
• heavy load?
local DNS server
dns.poly.edu 5 4
1 8
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
CS420: High Speed Multimedia and 7
Multiservice Networks
DNS: caching and updating records
• Once (any) name server learns mapping, it caches
mapping
– cache entries timeout (disappear) after some time
– TLD servers typically cached in local name servers
• Thus root name servers not often visited
• Update/notify mechanisms under design by IETF
– RFC 2136
– http://www.ietf.org/html.charters/dnsind-charter.html
CS420: High Speed Multimedia and 8
Multiservice Networks
DNS records
DNS: distributed database storing resource records (RR)
RR format: (name, value, type, ttl)
• Type=A • Type=CNAME
– name is hostname – name is alias name for some
– value is IP address “canonical” (the real) name
www.ibm.com is really
• Type=NS servereast.backup2.ibm.com
– name is domain (e.g. – value is canonical name
foo.com)
– value is hostname of • Type=MX
authoritative name server for – value is name of mailserver
this domain associated with name
CS420: High Speed Multimedia and 9
Multiservice Networks
DNS protocol, messages
DNS protocol : query and reply messages, both with
same message format
msg header
• identification: 16 bit # for
query, reply to query uses
same #
• flags:
– query or reply
– recursion desired
– recursion available
– reply is authoritative
CS420: High Speed Multimedia and 10
Multiservice Networks
DNS protocol, messages
Name, type fields
for a query
RRs in response
to query
records for
authoritative servers
additional “helpful”
info that may be used
CS420: High Speed Multimedia and 11
Multiservice Networks
DNS Wireshark Lab
• nslookup tool
– allows the host running the tool to query any specified DNS server for a
DNS record
– sends DNS query to dns-server, receives DNS reply, displays the result
– nslookup –option1 –option2 host-to-find dns-server
• dns-server is optional (otherwise query is sent to default local DNS server)
• Example: host on the campus of Polytechnic University in Brooklyn
– default DNS server: dns-prime.poly.edu
DNS server that provides
the answer (default local
DNS server)
DNS server reply
answer came from
the cache of some
server rather than from
an authoritative MIT
DNS server
CS420: High Speed Multimedia and 12
Multiservice Networks
DNS Wireshark Lab
• ipconfig /all
– shows current TCP/IP information including own IP address, DNS
server addresses, adapter type, and so on.
CS420: High Speed Multimedia and 13
Multiservice Networks
DNS Wireshark Lab
• ipconfig /displaydns
– See (recently obtained) cached records
• ipconfig /flushdns
– Flushing the DNS cache clears all entries and reloads the entries
from the host file
CS420: High Speed Multimedia and 14
Multiservice Networks
