CSCI 251 Systems and
Networks
Lab 7 - Investigating DNS with host
and dig
Wednesday March 10, 2010
Note: The DNS tool, nslookup, is
deprecated and is considered by some to be deeply flawed. Consequently,
it has been supplanted by host
and dig - consequently host and dig will
be our exploration tools. All three tools are still included in the
Bind (Berkeley Internet Name Domain) package. We will not set up our
own DNS server; that is beyond the scope of this course. Should you
wish to explore this topic in depth, a good starting reference is the
online book:
DNS
and Bind, 4th Edition, by Paul Albitz and Cricket Liu
O'Reilly (2001) ISBN 0-596-00158-4
http://hell.org.ua/Docs/oreilly/tcpip2/dns/index.htm
Note that the 5th edition (2006) is available as hardcopy, should the
online copy not prove sufficient.
Although we will use host and
dig as exploration tools, they
are
generally considered as troubleshooting tools, to be used proactively
or when something isn't working correctly. The host tool is a basic,
no-frills tool; whereas dig
provides more power and flexibility.
Tasks
Use script to record the
results from each of the following tasks into
its own text file. Then combine the resulting text files into one file
and edit by adding explanatory comments and reducing the file size by
cutting any superfluous information.
To see how the script command
works, enter
man script
at the command line.
Task #1: System Readiness
We will use OS251 (not vbx) as our platform. To assess readiness
- determine the system gateway
- determine the system name server
- ensure that the network is up e.g. try
ping www.viu.ca
- determine if the host command is present (where is the excutable?)
- determine if the dig command is present (where is the executable?)
Examine the file produced by the script command to ensure that evidence
for this task has been recorded.
Task #2: Using host
Read the man page for host. Then give it a try with the following
sequence of commands:
- host www.viu.ca
- host viu.ca
- host 208.67.220.220
- host www.debian.org
208.67.220.220
Then try the same sequence with the interjection of the -a switch
- host -a www.viu.ca
- host -a viu.ca
- host -a 208.67.220.220
- host -a
www.debian.org 208.67.220.220
To get the authoritative
name server(s) for a domain, use the authoritative nameserver switch in
the command followed by the domain in which you are interested; e.g. try
- host -t NS debian.org
- host -t NS google.com
- host -t NS mala.bc.ca
- host -t NS viu.ca
To get the mail server for a domain, use the mailserver switch in the
command followed by the domain in which you are interested; e.g. try
- host -t mx debian.org
- host -t mx google.com
- host -t mx mala.bc.ca
- host -t mx viu.ca
Figure out and explain what these two examples do
- host -C google.com
- host -t SOA google.com
Examine the file produced by the script command to ensure that evidence
for this task has been recorded.
Task #3: Using dig
From the man page for dig:
dig (domain information groper) is a flexible tool for interrogating
DNS name
servers. It performs DNS lookups
and displays the answers that are returned from
the name server(s) that were
queried. Most DNS administrators use dig to
troubleshoot DNS problems because
of its flexibility, ease of use and clarity of
output. Other lookup tools tend to
have less functionality than dig.
Although dig is normally used with
command-line arguments, it also has a batch mode
of operation for reading lookup
requests from a file. A brief summary of its
command-line arguments and options
is printed when the -h option is given. Unlike
earlier versions, the BIND9
implementation of dig allows multiple lookups to be
issued from the command line.
Let's take a look at its output by trying
dig
www.isc.org
which would give output something like this:
; <<>> DiG 9.5.1-P3 <<>> www.isc.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19789
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 6
;; QUESTION SECTION:
;www.isc.org. IN A
;; ANSWER SECTION:
www.isc.org. 600 IN A 149.20.64.42
;; AUTHORITY SECTION:
isc.org.
21347 IN
NS ns.isc.afilias-nst.info.
isc.org.
21347 IN
NS ams.SNS-PB.isc.org.
isc.org.
21347 IN
NS ord.SNS-PB.isc.org.
isc.org.
21347 IN
NS sfba.SNS-PB.isc.org.
;; ADDITIONAL SECTION:
ams.SNS-PB.isc.org. 7609 IN A 199.6.1.30
ord.SNS-PB.isc.org. 19624 IN A 199.6.0.30
sfba.SNS-PB.isc.org. 27054 IN A 149.20.64.3
sfba.SNS-PB.isc.org. 27054 IN AAAA 2001:4f8:0:2::19
ns.isc.afilias-nst.info. 27047 IN A 199.254.63.254
ns.isc.afilias-nst.info. 27047 IN AAAA 2001:500:2c::254
;; Query time: 101 msec
;; SERVER: 142.25.115.12#53(142.25.115.12)
;; WHEN: Tue Mar 9 13:43:24 2010
;; MSG SIZE rcvd: 264
- The first section gives information such as version and which
global options are set.
- The second section tells us some of the technical details about
the answer received from the dns server. This is actually contiguous
with the first section - a blank line was subsequently inserted for
purposes of this description.
- The third section reiterates our question for handy reference.
- The fourth section is the actual answer.
- The fifth section tells what DNS servers can provide an
authoritative answer to our query; here we note that isc.org has the 4
nameservers listed.
- The sixth section typically gives IP addresses for the DNS
servers listed earlier (the AAAA entry indicates a IPv6 address).
- The seventh section gives statistics for the query.
Try these variants:
- dig yahoo.com
- dig yahoo.com A
- dig yahoo.com MX
- dig yahoo.com ANY
- dig yahoo.com NS
- dig yahoo.com AAAA
Using google and the man page for dig,
document what the above 6
commands actually do and how they might differ from each other.
Examine the file produced by the script command to ensure that evidence
for this task has been recorded.
Task #4: dig example 1, bulk
lookups
dig provides a way to lookup a (large) number of hostnames using the -f
option e.g.
dig
-f
some_file_containing_host_names
Try this documenting both your file contents and the results of the
search, but let's get a short answer by actually entering:
dig
-f
some_file_containing_host_names +short
Record the results and the contents of your hostnames file.
Examine the file produced by the script command to ensure that evidence
for this task has been recorded.
Task #5: dig's search route
Something like
dig www.yahoo.de
+trace
will show how dig does its search. See if you can use the above
command and see if dig
- first goes to the root name servers
- then the servers responsible for the *.de domains
- and finally the servers for www.yahoo.com
Identify which server gave back information at each step and record
this information.
Examine the file produced by the script command to ensure that
evidence for this task has been recorded.
Task #6: Cache TTLs (TTL = 'time to live')
When a local DNS server receives an initial query for an Internet
address, it searches for and obtains an authoritative answer. The
server then keeps that answer in a local
cache so that a subsequent query for the same address again a short
time later will receive the answer quickly rather than requiring a new
search for an authoritative answer.
When DNS records are configured, the time the records should remain
in such caches is set. This is the TTL number (usually expressed in
number of seconds). The server will only cache those records for the
length of time specified by the TTL. After that, the server will flush
its local cache and ask again for an authoritative answer.
When dig to queries a DNS server, dig will report the remaining TTL
for which that record will remain in cache.
We'll use the gmail.com servers to investigate cache TTL's. With a
timer (e.g. a wristwatch) ready type
dig
+nocmd gmail.com MX +noall +answer
then after perhaps 20 seconds, enter it again. Explain the
- original TTL value
- the final TTL value
Has the TTL value changed by the expected amount? Note that the TTL
value appears in the second field of each line.
Examine the file produced by the script command to ensure that evidence
for this task has been recorded.
Task #7: To receive credit for this lab
Submit your report for this assignment to the instructor by email
per the following specification:
Report Specification
- Submit as an email attachment
with this file name format:
Last_<user_name_on_host>-lab7.txt
e.g. jayeward-lab7.txt
- as a single file produced by concatenating any files generated
from the tasks above, but interject separators as appropriate.
- The file must be plain ascii (e.g. not a MS Word document, not
pdf
etc.). Be sure to check that the file is plain text with something
other than the editor used to create it e.g.
cat jayeward-lab7.txt
To receive credit, the properly configured email (with
attachment) must be received by 8 AM, Monday, March 15, 2010.