Description
DNS (Domain Name System) is the Internet’s phone book; it translates hostnames to IP addresses (and vice versa). This translation is through DNS resolution, which happens behind the scene.
The objectives of this lab are to understand:
• DNS and how it works
• Install and set up a DNS server
• Functionality and operations
Lab Setup
DNS Server: 10.2.22.184 User/Client: 10.2.22.195
Note: Use the default IP address provided by PESU LAN.
First Test:
Ping a computer such as www.flipkart.com. Please use Wireshark to show the DNS query triggered by your ping command and DNS response. Describe your observation. (Take a screenshot).
Part 1: Setting Up a Local DNS Server
Task 1: Configure the User Machine
On the client machine 10.2.22.195, we need to use 10.2.22.184 as the local DNS server. This is achieved by changing the resolver configuration file (/etc/resolv.conf) of the user machine, so the server 10.2.22.184 is added as the first nameserver entry in the file, i.e., this server will be used as the primary DNS server. Add the following entry to the /etc/resolvconf/resolv.conf.d/head file.
nameserver 10.2.22.184
Run the following command for the change to take effect.
sudo resolvconf -u
The following screenshot shows how to set DNS server on the client machine.
Page1
Also, add 10.2.22.184 in ‘Additional DNS servers’ field in IPv4 settings of client machine.
Second Test:
Ping a computer such as www.flipkart.com. Please use Wireshark to show the DNS query triggered by your ping command and DNS response. Describe your observation. (Take a screenshot).
Task 2: Set Up a Local DNS Server
Note: If bind9 server is not already installed, install using the command $ sudo apt-get update
$ sudo apt-get install bind9
Step 1: Configure the BIND9 Server.
BIND9 gets its configuration from a file called /etc/bind/named.conf. This file is the primary configuration file, and it usually contains several “include” entries. One of the included files is called /etc/bind/named.conf.options. This is where we typically set up the configuration options. Let us first set up an option related to DNS cache by adding a dump-file entry to the options block. The above option specifies where the cache content should be dumped to if BIND is asked to dump its cache.
Page2
The above option specifies where the cache content should be dumped to if BIND is asked to dump its cache. If this option is not specified, BIND dumps the cache to a default file called /var/cache/bind/named_dump.db.
Step 2: Start DNS server
We start the DNS server using the command:
$ sudo service bind9 restart
The two commands shown below are related to DNS cache. The first command dumps the content of the cache to the file specified above, and the second command clears the cache.
Page3
Step 3: Use the DNS server
Third Test:
Now, go back to your user machine (10.2.22.195), and ping a computer such as www.flipkart.com and describe your observation. Please use Wireshark to show the DNS query triggered by your ping command. Please also indicate when the DNS cache is used. (Take a screenshot).
Note: Compare the above three Wireshark DNS packet capture screenshots taken above.
Task 3: Host a Zone in the Local DNS server.
Assume that we own a domain, we will be responsible for providing the definitive answer regarding this domain. We will use our local DNS server as the authoritative nameserver for the domain. In this lab, we will set up an authoritative server for the example.com domain.
Page4
This domain name is reserved for use in documentation, and is not owned by anybody, so it is safe to use it.
Step 1: Create Zones
We had two zone entries in the DNS server by adding the following contents to /etc/bind/named.conf as shown in the below screenshot. The first zone is for forward lookup (from hostname to IP), and the second zone is for reverse lookup (from IP to hostname).
Note: In above screenshot, 10.2.22.0 is the subnet mask of your IP address.
Step 2: Setup the forward lookup zone file
We create example.com.db zone file with the following contents in the /etc/bind/ directory where the actual DNS resolution is stored.
The symbol ‘@’ is a special notation representing the origin specified in named.conf (the string after “zone”). Therefore, ‘@’ here stands for example.com. This zone file contains 7 resource records (RRs), including a SOA (Start Of Authority) RR, a NS (Name Server) RR, a MX (Mail eXchanger) RR, and 4 A (host Address) RRs.
Page5
Step 3: Setup the reverse lookup zone file
We create a reverse DNS lookup file called 10.2.22.db for the example.net domain to support DNS reverse lookup, i.e., from IP address to hostname in the /etc/bind/ directory with the following contents.
Step 4: Copy the above files into /etc/bind location.
Task 4: Restart the BIND server and test
Step 1: When all the changes are made, remember to restart the BIND server. Now we will restart the DNS server using the following command:
$ sudo service bind9 restart
Step 2: Now, go back to the client machine and ask the local DNS server for the IP address of www.example.com using the dig command.
Dig stands for (Domain Information Groper) is a network administration command-line tool for querying DNS name servers. It is useful for verifying and troubleshooting DNS problems
and also to perform DNS lookups and displays the answers that are returned from the name server that were queried. dig is part of the BIND domain name server software suite.
We can see that the ANSWER SECTION contains the DNS mapping. We can see that the IP address of www.example.com is now 10.2.22.101, which is what we have setup in the DNS server.
Step 3: Observe the results in Wireshark capture.
Page6
To load and clear DNS cache, use the below commands.
Page7
Edmodo Requirements:
1) Three Wireshark packet capture screenshots for pinging (Packet list pane and Packet details pane) – ping www.flipkart.com command
2) dig www.example.com command (in Terminal)
3) Wireshark packet capture – dig www.example.com command (Packet list pane and Packet details pane)
4) Local DNS cache on server machine
Observation Notebook Requirements:
For ‘ping www.flipkart.com’, answer the following questions
1) Locate the DNS query and response messages. Are then sent over UDP or TCP?
2) What is the destination port for the DNS query message? What is the source port of DNS response message?
3) To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?
4) Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
5) Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
6) Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message?
7) What is the destination port for the DNS query message? What is the source port of DNS response message?
8) To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
9) Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
10) Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
Page8