Computer Networks SEECS, NUST

Lab4: DNS

IP

Exercise 01: nslookup

1.1 Run nslookup to obtain the IP address of the Web server hosting
www.seecs.nust.edu.pk.

1.2 Run nslookup to determine the authoritative DNS servers for domain
seecs.edu.pk. Provide both the names of these DNS servers and also the IP
addresses of one of the DNS servers.
Computer Networks SEECS, NUST
Lab4: DNS

1.3 Run nslookup to determine the mail servers for seecs.edu.pk. Provide both the
names of these Mail servers and also the IP address of one of these Mail
servers.

1.4 Query the public DNS service provided by Google at 8.8.8.8 to query for the IPv6
address of www.seecs.edu.pk. Provide the IPv6 address. Note how this address
is different from the IPv4 addresses that you were getting for the previous
questions.
ANS:IPV6 address is in HEX while IPV4 is in decimal

Exercise 02: Tracing DNS with Wireshark (while using browser)

Now that we are familiar with nslookup and ipconfig, we’re ready to get down to some serious
business. Let’s first capture the DNS packets that are generated by ordinary Web-surfing activity.
Computer Networks SEECS, NUST
Lab4: DNS

 Use ipconfig to empty the DNS cache in your host.

 Open your browser and empty your browser cache. (With Internet Explorer, go to
Tools menu and select Internet Options; then in the General tab select Delete Files.)
 Open Wireshark and enter “ip.addr == your_IP_address” into the filter, where you obtain
your_IP_address with ipconfig. This filter removes all packets that neither originate nor
are destined to your host.
 Start packet capture in Wireshark.
 With your browser, visit the Web page: http://www.cse.unsw.edu.au
 Stop packet capture.

Answer the following questions:

2.1 Locate the DNS query and response messages. Are these sent over UDP or TCP (i.e.,
what transport layer protocol is being used)?
ANS:UDP protocol is being used

2.2 To what IP address is the DNS query message sent? Use ipconfig to determine the IP
address of your local DNS server. Are these two IP addresses the same?

ANS:Yes, both ip addresses of both DNS are same

2.3 What is contained in the flag field of your DNS request and response? Explain
each set bit.

ANS: Response Bit: If 1, then message is response. If 0,then message is query.

Opcode:It explains the type of query. If it is standard query, then opcode = 0000
Truncated Bit: If 1,then message was long and was shortened. If 0,then it is not
truncated.
Recursion Bit: If 1, query resolved recursively. If 0, then solved non-recursively.
Z bit: Ignore this bit.
Computer Networks SEECS, NUST
Lab4: DNS

Authentication Bit: If 1, data is authenticated. If 0, then non-authenticated data.

2.4 Find out the IP address of at-least one ROOT name server.

2.5 Find out the fully qualified domain name for IP address 149.171.96.2