2. cnp3-ebook
3. exercises/dns
4. French
5. Browse

2 / 2

/ 2

Untranslated strings

• Untranslated strings • state:empty
• Unfinished strings • state:<translated
• Translated strings • state:>=translated
• Strings marked for edit • state:needs-editing
• Strings with suggestions • has:suggestion
• Strings with variants • has:variant
• Strings with labels • has:label
• Strings with context • has:context
• Unfinished strings without suggestions • state:<translated AND NOT has:suggestion
• Strings with comments • has:comment
• Strings with any failing checks • has:check
• Approved strings • state:approved
• Strings waiting for review • state:translated

Position and priority

• Position and priority
• Position
• Priority
• Labels
• Source string
• Target string
• String age
• Number of words
• Number of comments
• Number of failing checks
• Key

	English	French
	Perform the same analysis for a popular website such as `www.google.com`. What is the lifetime associated to the corresponding IPv6 address ? If you perform the same request several times, do you always receive the same answer ? Can you explain why a lifetime is associated to the DNS replies ?
	Use `dig` to find the mail relays used by the `uclouvain.be` and `student.uclouvain.be` domains. What is the `TTL` of these records ? Can you explain the preferences used by the `MX` records. You can find more information about the MX records in :rfc:`5321`.
	When `dig` is run, the header section in its output indicates the `id` the DNS identifier used to send the query. Does your implementation of `dig` generates random identifiers ?
	A DNS implementation such as `dig`, and more importantly a name resolver such as bind_ or unbound_, always checks that the received DNS reply contains the same identifier as the DNS request that it sent. Why is this so important ?
	Imagine an attacker who is able to send forged DNS replies to, for example, associate `www.bigbank.com` to his own IP address. How could he attack a DNS implementation that
	sends DNS requests containing always the same identifier
	sends DNS requests containing identifiers that are incremented by one after each request
	sends DNS requests containing random identifiers
	The DNS protocol can run over UDP and over TCP. Most DNS servers prefer to use UDP because it consumes fewer resources on the server. However, TCP is useful when a large answer is expected. Compare `time dig +tcp` and `time dig` to query a root DNS server. Is it faster to receive an answer via TCP or via UDP ?
	Besides `dig`, another way to analyze the DNS is to look at packet traces with tools such as `wireshark <https://www.wireshark.org>`_ or `tcpdump <https://www.tcpdump.org>`_ These tools can capture packets in a network and also display and analyze their content. `Wireshark <https://www.wireshark.org>`_ provides a flexible Graphical User Interface that eases the analysis of the captured packets. The three questions below should help you to better understand the important fields of DNS messages.
	The next three questions ask you to go one step further by predicting the values of specific fields in the DNS messages.
	When a client requests the mapping of a domain name into an IP address to its local resolver, the resolver may need to query a large number of nameservers starting from the root nameserver. The three exercises below show packet traces collected while the resolver was resolving the following names: `www.example.com`, `www.google.com` and `www.computer-networking.info`. If you understand how the DNS operates, you should be able to correctly reorder those packet traces.
	On a Linux machine, the *Description* section of the `dig` man page tells you where `dig` finds the list of nameservers to query.
	You may obtain additional information about the root DNS servers from http://www.root-servers.org