Information

Author(s) Olivier Bonaventure
Deadline No deadline
Submission limit No limitation
Category tags dns

Tags

Sign in

DNS queries


Question 1: DNS queries

A packet trace may contain multiple queries for different records and different domain names as shown in the attached packet trace.

Download the packet trace and use wireshark to select which affirmations below are valid.

If you do not have wireshark on your computer, you can have a visualization in the next question.

Question 2: Packet trace

Here is a visualisation of this packet trace.


0000  d00d00350023f641  593e012000010000  
0010  0000000006676f6f  676c650262650000  
0020  020001                              

0000  Ð..5.#öAY>. ....
0010  .....google.be..
0020  ...             
  • User Datagram Protocol
    • Source Port: 53261
      • Destination Port: 53
        • Length: 35
          • Checksum: 0xf641 [unverified]
          • Domain Name System (query)
            • Transaction ID: 0x593e
              • Flags: 0x0120 Standard query
                • 0... .... .... .... = Response: Message is a query
                  • .000 0... .... .... = Opcode: Standard query (0)
                    • .... ..0. .... .... = Truncated: Message is not truncated
                      • .... ...1 .... .... = Recursion desired: Do query recursively
                        • .... .... .0.. .... = Z: reserved (0)
                          • .... .... ..1. .... = AD bit: Set
                            • .... .... ...0 .... = Non-authenticated data: Unacceptable
                            • Questions: 1
                              • Answer RRs: 0
                                • Authority RRs: 0
                                  • Additional RRs: 0
                                    • Queries
                                      • google.be: type NS, class IN
                                        • Name: google.be
                                          • Name Length: 9
                                            • Label Count: 2
                                              • Type: NS (authoritative Name Server) (2)
                                                • Class: IN (0x0001)