CNIT 40 Proj 3: Dig (25 pts.)

What You Need for This Project

A computer running any OS, or any device that can render Web pages, like an iPad or iPhone.
The instructions below assume you are using Windows 7
If the network you are using limits DNS queries (like Starbucks), use this Web-based Dig tool:
http://networking.ringofsaturn.com/Tools/dig.php

Purpose

Use dig to see the structure of the DNS hierarchy.

Installing Dig

If you are using a Mac or Linux, dig is already installed.

If you are using Windows, follow these instructions to install Dig.

If you can't install software on your device (such as iPad users), use this Web-based Dig tool:

http://networking.ringofsaturn.com/Tools/dig.php

Authoritative Servers for the Root

In a Command Prompt window, execute this command:

dig

This command asks the default DNS server set on your machine for information about the empty domain, which means the root.

You see the authoritative root servers, as shown below.

Understanding DNS Replies

In the "ANSWER SECTION", the first field is empty, indicating that this is the root domain.

The second field is the TTL. This should be a large number of seconds. If you are using VMware, as I did, you may see a lot of "5" values, as shown above. That is a defect of VMware.

The third field contains "IN", indicating that these are Internet records. DNS has the capacity to carry other types of data, but it's almost never used.

The fourth field contains "NS", indicating that these are Name Servers.

In the "ANSWER SECTION", the fifth field contains the names of the authoritative root servers.

In the "ADDITIONAL SECTION", the fifth field contains IP addresses for some of the servers.

At the bottom, this information is shown:

The time it took to perform the query
The DNS server that provided this data to you
A timestamp
Message size (max. 512 bytes for classical UDP-based DNS)

Specifying the DNS Server

In a Command Prompt window, execute this command:

dig @8.8.8.8

The answer is very similar to the one you saw before, but this time it comes from 8.8.8.8, which is Google's public DNS server, as shown below.

In a Command Prompt window, execute this command:

dig @8.8.8.8

Notice that the TTL values change, as shown below.

They are counting down to zero.

Resolving CCSF's Address at Google

In a Command Prompt window, execute this command:

dig @8.8.8.8 www.ccsf.edu

Notice that "QUESTION SECTION" shows

www.ccsf IN A

This indicates that dig performed a default query for the IN A record--the IPv4 internet address of the server.

The "ANSWER SECTION" shows that www.ccsf.edu is a CNAME (an alias).

The real FQDN of CCSF's Web server is "cloud.ccsf.edu".

The ANSWER section also resolves that FQDN, finding the IPv4 address "147.144.1.212".

Finally, in the top section of the response, notice the "flags: qr rd ra" message.

These flags indicate:

QR: Query Response
RD: Recursion Desired
RA: Recursion Available

Resolving CCSF's Address from an Authoritative Server

In a Command Prompt window, execute this command:

dig @ns3.ccsf.edu www.ccsf.edu

At the top left, notice the "flags: qr aa rd" message. The "aa" indicates that this is an authoritative response for the CCSF domain.

Note: If you are using Starbucks Wi-Fi, you won't see the "aa" flag.

Finding SOA Servers

To find the Start of Authority for the ccsf.edu domain, in a Command Prompt window, execute this command:

dig @8.8.8.8 ccsf.edu soa

The answer is ns3.ccsf.edu, as shown below:

Reverse DNS Queries

To perform reverse DNS queries, use the "-x" switch, as shown below:

dig @ns3.ccsf.edu -x 147.144.1.212

The answer is cloud.ccsf.edu, as shown below:

Other Query Types: MX, ANY, RRSIG, AAAA

You can find mail exchanges with an "mx" query, like this:

dig @8.8.8.8 ccsf.edu mx

The "any" query finds all records on the server:

dig @8.8.8.8 ccsf.edu any

The RRSIG record finds DNSSEC signatures. For example, this query finds the signature of the .com top-level domain:

dig @8.8.8.8 com rrsig

Note: some networks block DNS over TCP. You may need to use this Web-based Dig tool:

http://networking.ringofsaturn.com/Tools/dig.php

The AAAA record finds IPv6 addresses, like this query that shows the IPv6 address for cisco.com:

dig @8.8.8.8 cisco.com aaaa

For more types, see http://en.wikipedia.org/wiki/List_of_DNS_record_types

Questions to Answer

Use dig to find the answers to these questions. Capture whole-desktop images to show how you found each answer.

A: What is the SOA for samsclass.info?
B: What is the IPv4 address for juniper.com?
C: What is the IPv6 address for google.com?
D: What is the IPv4 address for sans.org, obtained from an authoritative server? Your screen image must show the "aa" flag.
E: How many records are signed at ietf.org?
Note: Questions D and E may require you to use this Web-based Dig tool, if the network you are using is filtered:
http://networking.ringofsaturn.com/Tools/dig.php

Turning In Your Project

ANSWER THE QUESTIONS IN THE BODY OF YOUR EMAIL.

Attach the images. Send it to: cnit.40@gmail.com with a subject line of "Proj 3 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Grading note: For each item, the image is worth 3 pts. and the answer is worth 2 pts.

Last modified 1:10 PM 9-9-13