Hands-on 1: Internet Domain Name System

Complete the following hands-on assignment. Do the activities described, and submit your solutions using the online submission site by 11:59p.

This hands-on exercise is designed to introduce you to the Internet's Domain Name System (DNS). You probably use DNS every day --- you used it to get to this page. To prepare for this assignment, please read Section 4.4 of the class textbook, titled "Case study: The Internet Domain Name System (DNS)", which is also signed for recitation section.

Introduction

A good tool for exploring DNS is dig, short for Domain Information Groper. dig should be available on all recent Athena workstations.

Here is an example use of dig:

adehnert@mint-square:~$ dig wikipedia.org

; <<>> DiG 9.7.0-P1 <<>> wikipedia.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42867
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;wikipedia.org.                 IN      A

;; ANSWER SECTION:
wikipedia.org.          572     IN      A       208.80.152.201      (*)

;; AUTHORITY SECTION:
wikipedia.org.          572     IN      NS      ns2.wikimedia.org.
wikipedia.org.          572     IN      NS      ns1.wikimedia.org.
wikipedia.org.          572     IN      NS      ns0.wikimedia.org.

;; ADDITIONAL SECTION:
ns0.wikimedia.org.      572     IN      A       208.80.152.130
ns1.wikimedia.org.      572     IN      A       208.80.152.142
ns2.wikimedia.org.      572     IN      A       91.198.174.4

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb  5 03:08:21 2013
;; MSG SIZE  rcvd: 159

dig performs a DNS lookup and prints information about the request and the response it received. If you run dig, you may see results that differ from those presented here. At the bottom, we can see that the query was sent to our default server (127.0.0.1), and that it took roughly 0 milliseconds to respond. Most of the information we are interested in is in the ANSWER section, marked with a (*) above. Let's examine that section more closely:

        ;; ANSWER SECTION:
        wikipedia.org.          572     IN      A       208.80.152.201      (*)
          name                 expire  class   type     data (IP)

The AUTHORITY section contains records of type NS, indicating the names of DNS servers that have name records for a particular domain. Here, we can see that three DNS servers (ns0.wikimedia.org., ns1.wikimedia.org. and ns2.wikimedia.org.) are responsible for answering requests for names in the wikipedia.org domain.

We can ask a specific server (instead of the default) for information about a host by using the following syntax:

adehnert@mint-square:~$ dig @bitsy.mit.edu wikipedia.org

; <<>> DiG 9.7.0-P1 <<>> @bitsy.mit.edu wikipedia.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24050
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;wikipedia.org.                 IN      A

;; ANSWER SECTION:
wikipedia.org.          2853    IN      A       208.80.152.201

[output truncated]

The rd (recursion desired) flag indicates that dig requested a recursive lookup, and the ra (recursion available) flag indicates that the server permits recursive lookups (some do not).

dig only prints the final result of the recursive search. You can mimic the individual steps of a recursive search by sending a request to a particular DNS server and asking for no recursion, using the +norecurs flag. For example, to send a non-recursive query to one of the root servers:

adehnert@mint-square:~$ dig @a.ROOT-SERVERS.NET www.wikipedia.org +norecurs

; <<>> DiG 9.7.0-P1 <<>> @a.ROOT-SERVERS.NET www.wikipedia.org +norecurs
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51557
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12

;; QUESTION SECTION:
;www.wikipedia.org.             IN      A

;; AUTHORITY SECTION:
org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      d0.org.afilias-nst.org.

;; ADDITIONAL SECTION:
a0.org.afilias-nst.info. 172800 IN      AAAA    2001:500:e::1
a0.org.afilias-nst.info. 172800 IN      A       199.19.56.1
a2.org.afilias-nst.info. 172800 IN      AAAA    2001:500:40::1
a2.org.afilias-nst.info. 172800 IN      A       199.249.112.1
c0.org.afilias-nst.info. 172800 IN      AAAA    2001:500:b::1
c0.org.afilias-nst.info. 172800 IN      A       199.19.53.1
b0.org.afilias-nst.org. 172800  IN      AAAA    2001:500:c::1
b0.org.afilias-nst.org. 172800  IN      A       199.19.54.1
b2.org.afilias-nst.org. 172800  IN      AAAA    2001:500:48::1
b2.org.afilias-nst.org. 172800  IN      A       199.249.120.1
d0.org.afilias-nst.org. 172800  IN      AAAA    2001:500:f::1
d0.org.afilias-nst.org. 172800  IN      A       199.19.57.1

;; Query time: 226 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Tue Feb  5 03:23:19 2013
;; MSG SIZE  rcvd: 437

Here are some exercises. You should submit answers only to the questions asked. In particular, please do not include pages of output from dig unless specifically requested. As usual, submit your solutions using the online submission site.

I. Getting started

• (1) Using dig, find the IP address for thyme.lcs.mit.edu. What is the IP address?
• (2) The dig answer for thyme includes a record of type CNAME. In the terminology of chapter 4, what does CNAME mean?
• (3) What is the expiration time for the thyme CNAME record?
  

• (4) Run these commands to find what the computer you're using gets when it looks up "ai" and "ai.".

  dig +domain=mit.edu ai
  dig +domain=mit.edu ai.
  

  What are the two resulting IP addresses?
• (5) Why are the results different? Look at the man page for dig to see what the +domain= parameter does. Based on the output of the two commands, what is the difference between the DNS searches being performed for ai and ai.?

II. Understanding hierarchy

For this problem, you will go through the steps of resolving a particular hostname, mimicing a standard recursive query. Assuming it knows nothing else about a name, a DNS resolver will ask a well-known root server. The root servers on the Internet are in the domain root-servers.net. One way to get a list of them is with the command:

athena% dig . ns

• (6) Use dig to ask one of the root servers the address of lirone.csail.mit.edu, without recursion. What command do you use to do this?
• (7) It is unlikely that these servers actually know the answer so they will refer you to a server (or list of servers) that might know more. Go through the hierarchy from the root without recursion, following the referrals manually, until you have found the address of lirone.csail.mit.edu. What commands did you use to do this? What IP address did you find for lirone?

III. Understanding caching

• (8) Ask your default server for information, without recursion, about the host www.dmoz.org. What command did you use? Did your default server have the answer in its cache? How do you know? How long did this query take? If this information was cached, please find some other host name that is not cached and do this section with that other host.
• (9) Now, ask your default server this same query but with recursion. It should return an answer for you. How long did this take?
• (10) Finally, ask your default server again without recursion. How long does this request take? Has the cache served its purpose?