Hands-on 4: Internet Domain Name System

Complete the following hands-on assignment. Do the activities described, and hand in the answers to the numbered questions at the beginning of recitation on Tuesday, March 30. As usual, submit your solutions using the online submission site before recitation.

This hands-on exercise is designed to introduce you to the Internet's Domain Name System (DNS). You probably use DNS every day --- you used it to get to this page. To prepare for this assignment, please read Section 4.4 of the class textbook, titled "Case study: The Internet Domain Name System (DNS)".

Introduction

A good tool for exploring DNS is dig, short for Domain Information Groper. dig should be available on all recent Athena workstations. It should work by default, but if it does not, please try running add watchmaker first. If that still does not work, try an Athena Sun workstation.

Here is an example use of dig:

athena% dig slashdot.org

; <<>> DiG 9.3.1 <<>> slashdot.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 997
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;slashdot.org.                  IN      A

;; ANSWER SECTION:
slashdot.org.           3600    IN      A       216.34.181.45           (*)

;; AUTHORITY SECTION:
slashdot.org.		86399	IN	NS	ns-2.ch3.sourceforge.com.
slashdot.org.		86399	IN	NS	ns-1.ch3.sourceforge.com.
slashdot.org.		86399	IN	NS	ns-1.sourceforge.com.

;; ADDITIONAL SECTION:
ns-1.ch3.sourceforge.com. 172800 IN	A	216.34.181.21
ns-1.sourceforge.com.	172800	IN	A	208.122.22.23
ns-2.ch3.sourceforge.com. 172800 IN	A	216.34.181.22

;; Query time: 69 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 11 17:32:51 2009
;; MSG SIZE rcvd: 170

dig performs a DNS lookup and prints information about the request and the response it received. If you run dig, you may see results that differ from those presented here. At the bottom, we can see that the query was sent to our default server (127.0.0.1), and that it took roughly 69 msecs to respond. Most of the information we are interested in is in the ANSWER section, marked with a (*) above. Let's examine that section more closely:

        ;; ANSWER SECTION:
        slashdot.org.    3600    IN      A    216.34.181.45 
          name          expire  class   type     data (IP)

The AUTHORITY section contains records of type NS, indicating the names of DNS servers that have name records for a particular domain. Here, we can see that three DNS servers (ns-1.ch3.sourceforge.com., ns-1.sourceforge.com. and ns-2.ch3.sourceforge.com.) are responsible for answering requests for names in the slashdot.org domain.

We can ask a specific server (instead of the default) for information about a host by using the following syntax:

athena% dig @amsterdam.lcs.mit.edu slashdot.org

; <<>> DiG 9.3.1 <<>> @amsterdam.lcs.mit.edu slashdot.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1988
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;slashdot.org.			IN	A

;; ANSWER SECTION:
slashdot.org.		3600	IN	A	216.34.181.45

...[output truncated]

The rd (recursion desired) flag indicates that dig requested a recursive lookup, and the ra (recursion available) flag indicates that the server permits recursive lookups (some do not).

dig only prints the final result of the recursive search. You can mimic the individual steps of a recursive search by sending a request to a particular DNS server and asking for no recursion, using the +norecurs flag. For example, to send a non-recursive query to one of the root servers:

athena% dig @a.ROOT-SERVERS.NET www.slashdot.org +norecurs

; <<>> DiG 9.3.1 <<>> @a.ROOT-SERVERS.NET www.slashdot.org +norecurs
;; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1888
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12

;; QUESTION SECTION:
;www.slashdot.org.              IN      A

;; AUTHORITY SECTION:
org.			172800	IN	NS	B0.ORG.AFILIAS-NST.org.
org.			172800	IN	NS	A0.ORG.AFILIAS-NST.INFO.
org.			172800	IN	NS	A2.ORG.AFILIAS-NST.INFO.
org.			172800	IN	NS	D0.ORG.AFILIAS-NST.org.
org.			172800	IN	NS	C0.ORG.AFILIAS-NST.INFO.
org.			172800	IN	NS	B2.ORG.AFILIAS-NST.org.

;; ADDITIONAL SECTION:
A0.ORG.AFILIAS-NST.INFO. 172800	IN	A	199.19.56.1
A0.ORG.AFILIAS-NST.INFO. 172800	IN	AAAA	2001:500:e::1
A2.ORG.AFILIAS-NST.INFO. 172800	IN	A	199.249.112.1
A2.ORG.AFILIAS-NST.INFO. 172800	IN	AAAA	2001:500:40::1
B0.ORG.AFILIAS-NST.org.	172800	IN	A	199.19.54.1
B0.ORG.AFILIAS-NST.org.	172800	IN	AAAA	2001:500:c::1
B2.ORG.AFILIAS-NST.org.	172800	IN	A	199.249.120.1
B2.ORG.AFILIAS-NST.org.	172800	IN	AAAA	2001:500:48::1
C0.ORG.AFILIAS-NST.INFO. 172800	IN	A	199.19.53.1
C0.ORG.AFILIAS-NST.INFO. 172800	IN	AAAA	2001:500:b::1
D0.ORG.AFILIAS-NST.org.	172800	IN	A	199.19.57.1
D0.ORG.AFILIAS-NST.org.	172800	IN	AAAA	2001:500:f::1

;; Query time: 84 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Wed Mar 11 17:45:41 2009
;; MSG SIZE  rcvd: 436

Here are some exercises. You should submit answers only to the questions asked. In particular, please do not include pages of output from dig unless specifically requested. As usual, submit your solutions using the online submission site, before recitation.

I. Getting started

• (1) Using dig, find the IP address for thyme.lcs.mit.edu. What is the IP address?
• (2) The dig answer for thyme includes a record of type CNAME. In the terminology of chapter 4, what does CNAME mean?
• (3) What is the expiration time for the thyme CNAME record?
  

• (4) Note that a previous version of this hands-on had you run different commands for this question. If you already answered questions 4 and 5 with the older version, you don't need to redo this part of the assignment.
  Run these commands to find what the computer you're using gets when it looks up "ai" and "ai.".

  dig +domain=mit.edu ai
  dig +domain=mit.edu ai.
  

  What are the two resulting IP addresses?
• (5) Why are the results different? Look at the man page for dig to see what the +domain= parameter does. Based on the output of the two commands, what is the difference between the DNS searches being performed for ai and ai.?

II. Understanding hierarchy

For this problem, you will go through the steps of resolving a particular hostname, mimicing a standard recursive query. Assuming it knows nothing else about a name, a DNS resolver will ask a well-known root server. The root servers on the Internet are in the domain root-servers.net. One way to get a list of them is with the command:

athena% dig . ns

• (6) Use dig to ask one of the root servers the address of lirone.csail.mit.edu, without recursion. What command do you use to do this?
• (7) It is unlikely that these servers actually know the answer so they will refer you to a server (or list of servers) that might know more. Go through the hierarchy from the root without recursion, following the referrals manually, until you have found the address of lirone.csail.mit.edu. What commands did you use to do this? What IP address did you find for lirone?

III. Understanding caching

• (8) Ask your default server for information, without recursion, about the host www.dmoz.org. What command did you use? Did your default server have the answer in its cache? How do you know? How long did this query take? If this information was cached, please find some other host name that is not cached and do this section with that other host.
• (9) Now, ask your default server this same query but with recursion. It should return an answer for you. How long did this take?
• (10) Finally, ask your default server again without recursion. How long does this request take? Has the cache served its purpose?