Content uploaded by Ahmed Elnaggar
Author content
All content in this area was uploaded by Ahmed Elnaggar on Nov 15, 2018
Content may be subject to copyright.
Page 1 of 6
Lab 2.1: Domain Name Service (DNS)
Definition of The Application Layer: The application layer is the seven layer
in the Open Systems Interconnection (OSI) model. It consists of protocols that focus
on process-to-process communication across an IP network and provides a firm
communication interface and end-user services. The application layer provides many
services including; Domain Name Service (DNS), Simple Mail Transfer Protocol
(SMTP), File Transfer (FTP), Web surfing, Web chat, Email clients, Network data
sharing, Virtual terminals, and Various file and data operations.
Learning Objectives
How does DNS work and what is the DNS concept?
Display the DNS cache and how to delete cached info
Query about a specific domain to resolve its IP
Background
Domain Name Service is what resolve hostnames to IP addresses. When you
have DNS server running on your network, you do not have to type the IP address of
the host you want to connect to or ping as long as a hostname is set. You just type the
hostname, Internet name or Fully Qualified Domain Name (FQDN) then DNS server
works out the rest for you so it is a distributed database and looks like a simple phone
book but for computers. DNS Server listens on UDP port 53.
Scenario
In this lab, we will take a closer look at the client side of DNS. Recall that the
client’s role in the DNS is relatively simple.
Task 1: How does DNS work and what is the DNS concept
When a client types the Internet name or Fully Qualified Domain Name (FQDN)
There is a sequence, that client follows to resolve FQDN to its IP:
Network Fundamentals
Network Fundamentals Lab 2.1: Domain Name Service (DNS)
Page 2 of 6
Search in hosts file (C:\Windows\System32\drivers\etc\hosts)
If there is no answer it begins to search in machine cache
If not found finally sends a query to its local DNS server, and receives a
response back.
Much can go on “under the hood” invisible to the DNS clients, as the hierarchical
DNS servers communicate with each other to either recursively or iteratively resolve
the client’s DNS query. A DNS server answers queries in one of the following ways:
If the answer is in its cache, it answers the query from the cache
If the answer is in a zone hosted by the DNS server, it answers the query from
its zone. A zone is a portion of the DNS tree stored on a DNS server. When a
DNS server hosts a zone, it is authoritative for the names in that zone (that is,
the DNS server can answer queries for any name in the zone). For example, a
server hosting the zone contoso.com can answer queries for any name in
contoso.com.
If the server cannot answer the query from its cache or zones, it queries the
parent servers for the answer, as shown in the figure below.
From DNS client’s standpoint, however, the protocol is quite simple, a query is
formulated to the local DNS server and a response is received from that server
1- Try to edit in the hosts file
i. Go to throw the destination C:\Windows\System32\ drivers\etc\hosts
open file by notepad program
ii. To edit or modify in this file, the user should have a write access on that
file or by Select Start > All Programs > Accessories.
Right-click Notepad and select Run as administrator.
The Windows needs your permission UAC window appears
Network Fundamentals Lab 2.1: Domain Name Service (DNS)
Page 3 of 6
Click Continue to grant permission
Notepad opens
In Notepad, select File > Open
In the File name field, enter the following path:
C:\Windows\System32\Drivers\etc\hosts
Select Open
iii. Make the necessary changes to the file.
Network Fundamentals Lab 2.1: Domain Name Service (DNS)
Page 4 of 6
What do you think about modification in the hosts file, does this consider a
vulnerability, and how can you take advantage and exploit that security issue?
__________________________________________________________
__________________________________________________________
Task 2: Display the DNS cache and how to delete cached info
ipconfig (for Windows) and ifconfig (for Linux/Unix) are among the most
useful little utilities in your host, especially for debugging network issues. Here we
will only describe ipconfig, although the Linux/Unix ifconfig is very similar.
ipconfig can be used to show your current TCP/IP information, including your
address, DNS server addresses, adapter type and so on. For example, if you want to
view all information about your host; simply enter the command below into the
Command Prompt, as shown in the screenshot below too:
> ipconfig \all
ipconfig is also very useful for managing the DNS information stored in your host.
As you know that, a host can cache DNS records it recently obtained. To see these
cached records, after the prompt C:\> provide the following command:
>ipconfig /displaydns
Each entry shows the remaining Time to Live (TTL) in seconds. To clear the cache,
>ipconfig /flushdns
Flushing the DNS cache clears all entries and reloads the entries from the hosts file.
Network Fundamentals Lab 2.1: Domain Name Service (DNS)
Page 5 of 6
Task 3: Query about specific domain to resolve its IP and the reverse
In this task, we are going to make extensive use of the nslookup tool, which is
available in most Linux/Unix and Microsoft platforms today. To run nslookup in
Linux/Unix, you just type the nslookup command on the command line. To run it in
Windows, open the Command Prompt and run nslookup on the command line.
In it is most basic operation, nslookup tool allows the host running the tool to query
any specified DNS server for a DNS record. The queried DNS server can be a root
DNS server, a top-level-domain DNS server, an authoritative DNS server, or an
intermediate DNS server (see the hierarchy figure in task 1). To accomplish this task,
nslookup sends a DNS query to the specified DNS server, receives a DNS reply from
that same DNS server, and displays the result.
The above screenshot shows the results of three independent nslookup commands
(displayed in the Windows Command Prompt). In this example, the client host is
located on the campus of Polytechnic University in Brooklyn, where the default local
DNS server is dns-prime.poly.edu. When running nslookup, if no DNS server is
specified, then nslookup sends the query to the default DNS server, which in this case
is dns-prime.poly.edu. Consider the first command:
>nslookup www.mit.edu
In other words, this command is saying, “please send me the IP address for the
host www.mit.edu”. As shown in the screenshot, the response from this command
provides two pieces of information:
The name and IP address of the DNS server that provides the answer; and
The answer itself, which is the host name and IP address of www.mit.edu.
Network Fundamentals Lab 2.1: Domain Name Service (DNS)
Page 6 of 6
Although the response came from the local DNS server at Polytechnic University, it
is quite possible that this local DNS server iteratively contacted several other DNS
servers to get the answer.
Now consider the second command:
>nslookup –type=NS mit.edu
In this example, we have provided the option “-type=NS” and the domain “mit.edu”.
This causes nslookup to send a query for a type NS record to the default local DNS
server. In words, the query is saying, “please send me the host names of the
authoritative DNS for mit.edu”. (When the –type option is not used, nslookup uses
the default, which is to query for type A records.) The answer, displayed in the above
screenshot, first indicates the DNS server that is providing the answer (which is the
default local DNS server) along with three MIT nameservers. Each of these servers is
indeed an authoritative DNS server for the hosts on the MIT campus. However,
nslookup also indicates that the answer is “non-authoritative” meaning that this
answer came from the cache of some server rather than from an authoritative MIT
DNS server. The answer also includes the IP addresses of the authoritative DNS
servers at MIT. (Even though the type-NS query generated by nslookup did not
explicitly ask for the IP addresses, the local DNS server returned these “for free” and
nslookup displays the result.)
Now finally consider the third command:
>nslookup www.aiit.or.kr bitsy.mit.edu
In this example, we indicate that we want to the query sent to the DNS server
bitsy.mit.edu rather than to the default DNS server (dns-prime.poly.edu). Thus, the
query and reply transaction takes place directly between our querying host and
bitsy.mit.edu. In this example, the DNS server bitsy.mit.edu provides the IP address
of the host www.aiit.or.kr, which is a web server at the Advanced Institute of
Information Technology (in Korea).
Now that we have provided an overview of nslookup, it is time you to test-drive
it yourself. Do the following (and write down the results):
1. Run nslookup to obtain the IP address of a Web server in Egypt. What is the
IP address of that server?
_____________________________________________________________
2. Run nslookup so that one of the DNS servers obtained in the above question
is queried form google-public-dns-a.google.com. What is its IP address?
_____________________________________________________________