DNS Exercise 1

1. Issue DNS queries using 'dig':

1a. Run each command, look for the ANSWER section and write down the result.
    Make a note the TTL as well.

Repeat the command. Is the TTL the same? Are the responses Authoritative?

                                        RESULT 1            RESULT 2
                                        --------            --------
    $ dig your-favorite-domain a
    $ dig www.tiscali.co.uk. a
    $ dig afnog.org. mx
    $ dig news.bbc.co.uk. a
    $ dig NonExistentDomain.ma any
    $ dig tiscali.co.uk. txt
    $ dig ripe.net. txt
    $ dig geek.tiscali.co.uk. a
    $ dig www.afrinic.net aaaa
    $ dig ipv6.google.com aaaa

1b. Now send some queries to another caching server.

    (Run each of the following twice, and note the time in ms for each attempt)

    $ dig @8.8.8.8 news.bbc.co.uk. a
    $ dig @resolver1.opendns.com yahoo.com. a
    $ dig @<a server of your choice> <domain of your choice> a

    How long did it take each answer to be received? (on the first, and
    on the second lookup)

2. Reverse DNS lookups

    Now try some reverse DNS lookups.

    $ dig -x 10.10.X.1
    $ dig -x 10.10.X.2
    $ dig -x 10.10.X.3

    ... where X is an IP address in the range 1-25

    Repeat for an IP address of your choice, on the Internet

    Now try to lookup:

    $ dig 1.X.10.10.in-addr.arpa. PTR

    ... where X is in the range 1-25.

    What do you notice ?

	Let's try IPv6 now:

	$ dig -x 2001:42d0::200:2:1

	What are the differences you can observe in the results, between reverse
	DNS for IPv6 and IPv4 addresses ?

3. Use tcpdump to show DNS traffic

    Open a NEW connection to your master.grpX machine (log in a second
    time), so that you can have both windows side-by-site.

    In the new window, run the following command (you must be 'root', that's
    why we use sudo):

# sudo tcpdump -n -s 1500 udp and port 53

    This shows all packets going in and out of your machine for UDP port 53
    (DNS).
    
    Now go to another window and repeat some of the 'dig' queries from earlier.

    Look at the output of tcpdump, check the source and destination IP address
    of each packet:

Explanation:

    -n  Prevents tcpdump doing reverse DNS lookups on the packets it receives,
        which would generate additional (confusing) DNS traffic

    -s 1500 Read the entire packet (otherwise tcpdump only reads 96 bytes)

    udp and port 53
        A filter which matches only packets to/from UDP port 53



4. Configure the caching nameserver and resolver on your server

    (Exercises to be performed as the super-user)

    We're going to enable your caching nameserver and configure your resolver
    configuration:

a) edit the file /etc/rc.conf and add:

    named_chrootdir=""
    named_enable=”YES”

b) start named, the name server process

    # /etc/rc.d/named start

c) test that resolution works with dig:

    # dig @127.0.0.1 noc.ws.nsrc.org

d) if all works, change your /etc/resolv.conf file so that it now contains:

    search ws.nsrc.org
    nameserver 127.0.0.1

    This will have the effect that you are now using your own nameserver to
    resolve queries on the Internet.

2. Test that DNS works

    Ping other PCs in the room, where X is 101 - 125:

    ping master.grpX.ws.nsrc.org
    ping cache.grpX.ws.nsrc.org
    ping auth.grpX.ws.nsrc.org
    
    If in doubt, read the ping manpage (man ping)

