先复习:
dns报文使用udp经过端口53发送,dns服务器是分层次的,根->顶级->权威
A:主机名->ip
NS:主机名->dns服务器
CNAME:主机名->规范主机名
MX:主机名->邮件服务器规范名
dns查询和回答报文有相同的形式:
nslookup的语法
nslookup–option1 –option2 host-to-find dns-server
nslookup的非权威应答是dns缓存的
- Run nslookup to obtain the IP address of a Web server in Asia. What is the IP address of that server?
- Run nslookup to determine the authoritative DNS servers for a university in Europe.
- Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail. What is its IP address?
1.baidu的ip:180.97.33.108
2.牛津大学的dns,nighthawk.dns.ox.ac.uk
3.题目意思是用第二题的dns服务器查询雅虎,nslookup yahoo.mail nighthawk.dns.ox.ac.uk
显示找不到
2.ipconfig命令
3.wireshark,让你访问一个网站,访问前ipconfig /flushdns
- Locate the DNS query and response messages. Are then sent over UDP or TCP?
- What is the destination port for the DNS query message? What is the source port of DNS response message?
- To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?
- Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
- Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
- Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
- This web page contains images. Before retrieving each image, does your host issue new DNS queries?
1.udp
2.服务器那边的dns端口都是53,自己这儿的无所谓
3. 10.0.20.146,和本地dns服务区相同
4.type:A,no
5.3
www.ietf.org: type CNAME, class IN, cname www.ietf.org.cdn.cloudflare.net
www.ietf.org.cdn.cloudflare.net: type A, class IN, addr 104.20.0.85
www.ietf.org.cdn.cloudflare.net: type A, class IN, addr 104.20.1.85
6.yes
7.no,可能因为都在那个找到的服务器里
最后用wireshark看nslookup
首先:nslookup www.mit.edu
- What is the destination port for the DNS query message? What is the source port of DNS response message?
- To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
- Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
- Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
- Provide a screenshot.
1.53,63578
2.同上
3.AAAA(ipv6),没
4.4个,
Answers
www.mit.edu: type CNAME, class IN, cname www.mit.edu.edgekey.net
www.mit.edu.edgekey.net: type CNAME, class IN, cname e9566.dscb.akamaiedge.net
e9566.dscb.akamaiedge.net: type AAAA, class IN, addr 2600:1417:9:19e::255e
e9566.dscb.akamaiedge.net: type AAAA, class IN, addr 2600:1417:9:1ae::255e
nslookup –type=NS mit.edu
- To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
- Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
- Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the MIT namesers?
- Provide a screenshot.
1.同上
2.ns,没有
3.名字,没有ip
nslookup www.aiit.or.kr bitsy.mit.edu
Answer the following questions[1]:
- To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If not, what does the IP address correspond to?
- Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
- Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?
- Provide a screenshot.
2.www.aiit.or.kr: type AAAA, class IN
3.这题惊到我了,其实dns很复杂,所以上面好像也做错了,所以先把百度的东西贴上来:
ttl值,time to live ,dns记录在dns服务器上的缓存时间,每个记录先查询,后为了方便就缓存下来,从缓存开始的ttl时间内,如果有相同的请求,就直接返回,超过这个时间就再一次的查询
泛域名和泛解析,通过*.domain.com形式,将这个域名指向一个ip,泛解析时候,任意前缀.domain.com都可以访问到这个ip,即使这个前缀不存在
域名绑定:把域名解析到服务器ip后,该服务器给你显示服务器主人设置好的内容
域名转向:输入一个域名,自动跳转到该域名服务器主人想要你去的ip
ptr:反向dns,将一个ip映射到一个主机名
然后看了实验报告上写的只要看最后两行就好了,所以没搞错,这些东西以后再看就行
这是第三题答案:www.aiit.or.kr: type A, class IN, addr 58.229.6.225