Computer Science Department - ITU

Computer Networks Lab

Course Instructor: Anam Zahid Dated: 06/03/2024

Lab Engineer: Ansa Niaz & Ghulam Ruqia Semester: Spring 2024

Session: 2023-2027 Batch: BSCS2023 & BSAI2023

Lab 5. Introduction of Domain Name System(DNS)

Report Viva Total Marks

Haiusm BSCS23091

Checked on: ____________________________

Signature: ____________________________
Objective
The objective of this lab is to do some networking commands to help us better understand
networking and, in its troubleshooting, as well as its administration.
Equipment and Component
Component Description Value Quantity
Computer Available in lab 1

Conduct of Lab
1. Students have to perform this experiment on Wireshark.
2. Students are required to perform this experiment individually.
3. In case the lab experiment is not understood, the students are advised to seek help from the
course instructor, lab engineers and assigned teaching assistants (TAs)
4. At the end of the lab, every student is required to save the completed lab manual in PDF format
and submit this single PDF file on Google Classroom at the submission link created for this
lab..
Theory and Background
An Internet Protocol address is a numerical label such as 192.0.2.1 that is connected to a
computer network that uses the Internet Protocol for communication. They establish the
framework for data exchange, with key examples including TCP/IP for internet communication
and HTTP/DNS for web-related functions.
The Domain Name System (DNS) translates hostnames to IP addresses, fulfilling a critical role
in the Internet infrastructure. In this lab, we’ll take a closer look at the client side of DNS. Recall
that the client’s role in the DNS is relatively simple – a client sends a query to its local DNS
server, and receives a response back. The hierarchical DNS servers communicate with each other
to either recursively or iteratively resolve the client’s DNS query
.
Lab Tasks
Task 1

1.Nslookup

● To run it in Windows, open the Command Prompt and run nslookup on the command
line.
● nslookup tool allows the host running the tool to query any specified DNS server for a
DNS record. The nslookup sends a DNS query to the specified DNS server, receives a
DNS reply from that same DNS server, and displays the result.

Consider the first command:

This command is saying “please send me the IP address for the host www.mit.edu”. As shown in
the screenshot, the response from this command provides two pieces of information: (1) the
name and IP address of the DNS server that provides the answer; and (2) the answer itself, which
is the host name and IP address of www.mit.edu

● nslookup –type=NS mit.edu

In this example, we have provided the option “-type=NS” and the domain “mit.edu”. This causes
nslookup to send a query for a type-NS record to the default local DNS server. In words, the
query is saying, “please send me the host names of the authoritative DNS for mit.edu”.
However, nslookup also indicates that the answer is “non-authoritative,” meaning that this
answer came from the cache of some server rather than from an authoritative MIT DNS server.
Finally, the answer also includes the IP addresses of the authoritative DNS servers at MIT.

● nslookup www.aiit.or.kr bitsy.mit.edu

In this example, we indicate that we want to the query sent to the DNS server bitsy.mit.edu
rather than to the default DNS server. Thus, the query and reply transaction takes place directly
between our querying host and bitsy.mit.edu. In this example, the DNS server bitsy.mit.edu
provides the IP address of the host www.aiit.or.kr, which is a web server at the Advanced
Institute of Information Technology (in Korea).
● nslookup –option1 –option2 host-to-find dns-server
, nslookup can be run with zero, one, two or more options. And as we have seen in the above
examples, the dns-server is optional as well; if it is not supplied, the query is sent to the default
local DNS server.
Now that we have provided an overview of nslookup, it is time for you to test drive it yourself.
Do the following (and write down the results):
1. Run nslookup to obtain the IP address of a Web server in Asia(www.asdu.ait.ac.th).
What is the IP address of that server?

IP Address: 203.159.12.3
 2. Run nslookup to determine the authoritative DNS servers for a university in
Europe( www.cam.ac.uk).

3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for
the mail servers for Yahoo! mail(www.cam.ac.uk mail.yahoo.com). What is its IP
address?

IP Address: 87.248.119.251

2. Ipconfig
ipconfig is the most useful little utilities in your host, especially for debugging network issues.
ipconfig can be used to show your current TCP/IP information, including your address, DNS
server addresses, adapter type and so on. For example, if you all this information about your host
simply by entering

● ipconfig \all

ipconfig is also very useful for managing the DNS information stored in your host. In Section
2.5 we learned that a host can cache DNS records it recently obtained. To see these cached
records, after the prompt C:\> provide the following command:
● ipconfig /displaydns
Each entry shows the remaining Time to Live (TTL) in seconds. To clear the cache, enter:
● ipconfig /flushdns

Flushing the DNS cache clears all entries and reloads the entries from the hosts file.

Task 2

3.Tracing DNS with Wireshark

Now that we are familiar with nslookup and ipconfig, we’re ready to get down to some serious
business. Let’s first capture the DNS packets that are generated by ordinary Websurfing activity.
● Use ipconfig to empty the DNS cache in your host.

● Open your browser and empty your browser cache. (With Internet Explorer, go to Tools
menu and select Internet Options; then in the General tab select Delete Files.)
● Open Wireshark and enter “ip.addr == your_IP_address” into the filter, where you obtain
your_IP_address with ipconfig. This filter removes all packets that neither originate nor
are destined to your host.
● Start packet capture in Wireshark.
● With your browser, visit the Web page: http://www.ietf.org
● Stop packet capture.
If you are unable to run Wireshark on a live network connection, you can download a packet
trace file that was captured while following the steps above on one of the author’s computers.
Answer the following questions. Whenever possible, when answering a question below, you
should hand in a printout of the packet(s) within the trace that you used to answer the question
asked. Annotate the printout to explain your answer. To print a packet, use File->Print, choose
Selected packet only, choose Packet summary line, and select the minimum amount of packet
detail that you need to answer the question.
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
UDP

5. What is the destination port for the DNS query message? What is the source port of
DNS response message?

Source Port: 53
Destination Port: 65477
6. To what IP address is the DNS query message sent? Use ipconfig to determine the
IP address of your local DNS server. Are these two IP addresses the same?
Yes they are same

172.16.20.3

7. Examine the DNS query message. What “Type” of DNS query is it? Does the query
message contain any “answers”?
The type is Standard Query and the message does not contain any answer.

8. Examine the DNS response message. How many “answers” are provided? What do
each of these answers contain?

There are 2 answers.

Since there is a single A, it means that there is an ip v4 address.

They are telling the type, class, name and address of the server.