Translation

English
English French Actions
Assume now that you are residing in a network where there is no DNS resolver and that you need to perform your query manually starting from the DNS root.
Use `dig` to send a query to one of these root servers to find the IPv6 address of the DNS server(s) (NS record) responsible for the `org` top-level domain
Use `dig` to send a query to one of these DNS servers to find the IP address of the DNS server(s) (NS record) responsible for `root-servers.org`
Continue until you find the server responsible for `www.root-servers.org`
What is the lifetime associated to this IPv6 address ?
Perform the same analysis for a popular website such as `www.google.com`. What is the lifetime associated to the corresponding IPv6 address ? If you perform the same request several times, do you always receive the same answer ? Can you explain why a lifetime is associated to the DNS replies ?
Use `dig` to find the mail relays used by the `uclouvain.be` and `student.uclouvain.be` domains. What is the `TTL` of these records ? Can you explain the preferences used by the `MX` records. You can find more information about the MX records in :rfc:`5321`.
When `dig` is run, the header section in its output indicates the `id` the DNS identifier used to send the query. Does your implementation of `dig` generates random identifiers ?
A DNS implementation such as `dig`, and more importantly a name resolver such as bind_ or unbound_, always checks that the received DNS reply contains the same identifier as the DNS request that it sent. Why is this so important ?
Imagine an attacker who is able to send forged DNS replies to, for example, associate `www.bigbank.com` to his own IP address. How could he attack a DNS implementation that
sends DNS requests containing always the same identifier
sends DNS requests containing identifiers that are incremented by one after each request
sends DNS requests containing random identifiers
The DNS protocol can run over UDP and over TCP. Most DNS servers prefer to use UDP because it consumes fewer resources on the server. However, TCP is useful when a large answer is expected. Compare `time dig +tcp` and `time dig` to query a root DNS server. Is it faster to receive an answer via TCP or via UDP ?
Besides `dig`, another way to analyze the DNS is to look at packet traces with tools such as `wireshark <https://www.wireshark.org>`_ or `tcpdump <https://www.tcpdump.org>`_ These tools can capture packets in a network and also display and analyze their content. `Wireshark <https://www.wireshark.org>`_ provides a flexible Graphical User Interface that eases the analysis of the captured packets. The three questions below should help you to better understand the important fields of DNS messages.
The next three questions ask you to go one step further by predicting the values of specific fields in the DNS messages.
When a client requests the mapping of a domain name into an IP address to its local resolver, the resolver may need to query a large number of nameservers starting from the root nameserver. The three exercises below show packet traces collected while the resolver was resolving the following names: `www.example.com`, `www.google.com` and `www.computer-networking.info`. If you understand how the DNS operates, you should be able to correctly reorder those packet traces.
Footnotes Notes de pied de page
On a Linux machine, the *Description* section of the `dig` man page tells you where `dig` finds the list of nameservers to query.
You may obtain additional information about the root DNS servers from http://www.root-servers.org

Loading…

User avatar None

New source string

cnp3-ebook / exercises/dnsFrench

New source string 2 years ago
Browse all component changes

Glossary

English French
No related strings found in the glossary.

String information

Source string location
../../exercises/dns.rst:93
String age
2 years ago
Source string age
2 years ago
Translation file
locale/fr/LC_MESSAGES/exercises/dns.po, string 31