nslookup

1. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of
that server?

IP address: 13.107.246.73
2. Run nslookup to determine the authoritative DNS servers for a university in Europe.

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the
mail servers for Yahoo! mail. What is its IP address?
 Wireshark

Figure 1: DNS request message

Figure 2: DNS response message

4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
Sent over UDP.
5. What is the destination port for the DNS query message? What is the source
port of DNS response message?
Destination port: 53
Source port: 62736
6. To what IP address is the DNS query message sent? Use ipconfig to determine
the IP address of your local DNS server. Are these two IP addresses the same?
Sent to IP address 10.128.123.209. It is the same IP address as that of my local
DNS server.
7. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
The query message was a type “A” query, but the message did not contain any
“answers.”
8. Examine the DNS response message. How many “answers” are provided? What
do each of these answers contain?
One answer to the query which was the sites address [64.170.98.30].
9. Consider the subsequent TCP SYN packet sent by your host. Does the
destination IP address of the SYN packet correspond to any of the IP addresses
provided in the DNS response message?
The destination of the SYN packet is 64.170.98.30, the same address that
was provided in the DNS response message as the type “A” address of the
webpage.
10. This web page contains images. Before retrieving each image, does your host
issue new DNS queries?
Yes.
 nslookup

Figure 3: DNS request and response messages

11. What is the destination port for the DNS query message? What is the source
port of DNS response message?
Destination port: 53
Source port: 62736

12. To what IP address is the DNS query message sent? Is this the IP address of
your default local DNS server?
Sent to IP address 92.168.0.1, the same address as my default local DNS server.

13. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
Type “A” query, containing only one question and not containing any answers.

14. Examine the DNS response message. How many “answers” are provided?
What do each of these answers contain?
Three answers are provided, with the first two being CNAME (alias) records and
the third an A (address) record.
15. Provide a screenshot.

16. To what IP address is the DNS query message sent? Is this the IP address of
your default local DNS server?
Sent to IP address 92.168.0.1, the same address as my default local DNS server.

17. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
Type “A” query, containing only one question and not containing any answers.

18. Examine the DNS response message. What MIT nameservers does the
response message provide? Does this response message also provide the IP
addresses of the MIT namesers?
www.mit.edu with address 184.87.104.30

19. Provide a screenshot.

20. To what IP address is the DNS query message sent? Is this the IP address of
your default local DNS server? If not, what does the IP address correspond to?
The DNS query message is sent to IP 121.78.251.29, not my local DNS server but
that of the DNS response sender

21. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
This DNS query is a type “A” query. The message does not contain any answers.

22. Examine the DNS response message. How many “answers” are provided?
What does each of these answers contain?
One answer provided, containing the servers IP address.

23. Provide a screenshot.