Nguyen Dang Minh Quan

1911930
Computer Networks
Wireshark Lab
DNS v8.0

1. Run nslookup to obtain the IP address of a Web server in Asia. What is its IP address?

I performed nslookup for www.dsvn.vn. Its IP address is 42.112.23.173.

2. Run nslookup to determine the authoritative DNS servers for a university in Europe. What is its IP
address?

I performed nslookup for a European University in Ioannina Greece. Its IP address is 128.238.29.22

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for
Yahoo! mail. What is its IP address?

The IP address of the mail server(s) is 18.72.0.3

4. Locate the DNS query and response messages. Are then sent over UDP or TCP?

They are sent over UDP

5. What is the destination port for the DNS query message? What is the source port of DNS response
message?

The destination port for the DNS query is 53 and the source port of the DNS response is 53
6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your
local DNS server. Are these two IP addresses the same?

It’s sent to 192.168.1.1, which is the IP address of one of my local DNS servers

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain
any “answers”?

It’s a type A Standard Query and it doesn’t contain any answers. I dont see any headers within the data.

8. Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?

There were 2 answers containing information about the name of the host, the type of address, class, the
TTL, the data length and the IP address.

9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN
packet correspond to any of the IP addresses provided in the DNS response message?

The first SYN packet was sent to 209.173.57.180 which corresponds to the first IP address provided in the
DNS response message

10. This web page contains images. Before retrieving each image, does your host issue new DNS queries?

No
11. What is the destination port for the DNS query message? What is the source port of DNS response
message?

The destination port of the DNS query is 53 and the source port of the DNS response is 53.

12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS
server?

It’s sent to 192.168.1.1 which as we can see from the ipconfig –all screenshot, is the default local DNS
server.

13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain
any “answers”?

The query is of type A and it doesn’t contain any answers.

14. Examine the DNS response message. How many “answers” are provided? What do each of these
answers contain?

The response DNS message contains one answer containing the name of the host, the type of address,
the class, and the IP address.

15. Provide a screenshot

16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS
server?

It was sent to 172.17.24.226 which is my default DNS server.

17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain
any “answers”?

It’s a type NS DNS query that doesn’t contain any answers.

18. Examine the DNS response message. What MIT nameservers does the response message provide?
Does this response message also provide the IP addresses of the MIT nameservers?

The nameservers are bitsy, strawb and w20ns. We can find their IP addresses if we expand the Additional
records field in Wireshark as seen below

19. Provide a screenshot

20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS
server? If not, what does the IP address correspond to?

The query is sent to 183.57.211.24 which corresponds to bitsy.mit.edu.

21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain
any “answers”?

It’s a standard type A query that doesn’t contain any answers.

22. Examine the DNS response message. How many “answers” are provided? What does each of these
answers contain?

One answer is provided in the DNS response message. It contains the following:

23. Provide a screenshot