DNS queries

Paste this command into your terminal:

The password to connect is

Question 1: DNS queries

A packet trace may contain multiple queries for different records and different domain names as shown in the attached packet trace.

Download the packet trace and use wireshark to select which affirmations below are valid.

If you do not have wireshark on your computer, you can have a visualization in the next question.

There is only one IPv6 address associated with www.google.com

The trace contains five different queries.

The query for the TXT record returned five different records.

There are five mail exchange servers for the gmail.com domain

The A and AAAA records have the same Time to Live

The NS records have a longer Time to Live than the other DNS records retrieve in this trace.

The MX records have the same Time to Live as the TXT records

There are two different IPv4 addresses associated with www.google.fr

Question 2: Packet trace

Here is a visualisation of this packet trace.

#	Length	Summary
0	35 bytes	`Domain Name System (query)`
1	117 bytes	`Domain Name System (response)`
2	36 bytes	`Domain Name System (query)`
3	349 bytes	`Domain Name System (response)`
4	35 bytes	`Domain Name System (query)`
5	158 bytes	`Domain Name System (response)`
6	40 bytes	`Domain Name System (query)`
7	68 bytes	`Domain Name System (response)`
8	39 bytes	`Domain Name System (query)`
9	55 bytes	`Domain Name System (response)`

0000  d00d00350023f641  593e012000010000
0010  0000000006676f6f  676c650262650000
0020  020001

0000  Ð..5.#öAY>. ....
0010  .....google.be..
0020  ...

User Datagram Protocol
- Source Port: 53261
- Destination Port: 53
- Length: 35
- Checksum: 0xf641 [unverified]
Domain Name System (query)
- Transaction ID: 0x593e
- Flags: 0x0120 Standard query
  - 0... .... .... .... = Response: Message is a query
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..1. .... = AD bit: Set
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - google.be: type NS, class IN
    - Name: google.be
    - Name Length: 9
    - Label Count: 2
    - Type: NS (authoritative Name Server) (2)
    - Class: IN (0x0001)

0000  0035d00d0075d9b9  593e818000010004
0010  0000000006676f6f  676c650262650000
0020  020001c00c000200  010000545f001003
0030  6e733106676f6f67  6c6503636f6d00c0
0040  0c00020001000054  5f0006036e7333c0
0050  2bc00c0002000100  00545f0006036e73
0060  32c02bc00c000200  010000545f000603
0070  6e7334c02b

0000  .5Ð..uÙ¹Y>......
0010  .....google.be..
0020  ...À.......T_...
0030  ns1.google.com.À
0040  .......T_...ns3À
0050  +À.......T_...ns
0060  2À+À.......T_...
0070  ns4À+

User Datagram Protocol
- Source Port: 53
- Destination Port: 53261
- Length: 117
- Checksum: 0xd9b9 [unverified]
Domain Name System (response)
- Transaction ID: 0x593e
- Flags: 0x8180 Standard query response, No error
  - 1... .... .... .... = Response: Message is a response
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... .0.. .... .... = Authoritative: Server is not an authority for domain
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... 1... .... = Recursion available: Server can do recursive queries
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
  - .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 4
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - google.be: type NS, class IN
    - Name: google.be
    - Name Length: 9
    - Label Count: 2
    - Type: NS (authoritative Name Server) (2)
    - Class: IN (0x0001)
- Answers
  - google.be: type NS, class IN, ns ns1.google.com
    - Name: google.be
    - Type: NS (authoritative Name Server) (2)
    - Class: IN (0x0001)
    - Time to live: 21599
    - Data length: 16
    - Name Server: ns1.google.com
  - google.be: type NS, class IN, ns ns3.google.com
    - Name: google.be
    - Type: NS (authoritative Name Server) (2)
    - Class: IN (0x0001)
    - Time to live: 21599
    - Data length: 6
    - Name Server: ns3.google.com
  - google.be: type NS, class IN, ns ns2.google.com
    - Name: google.be
    - Type: NS (authoritative Name Server) (2)
    - Class: IN (0x0001)
    - Time to live: 21599
    - Data length: 6
    - Name Server: ns2.google.com
  - google.be: type NS, class IN, ns ns4.google.com
    - Name: google.be
    - Type: NS (authoritative Name Server) (2)
    - Class: IN (0x0001)
    - Time to live: 21599
    - Data length: 6
    - Name Server: ns4.google.com

0000  8127003500246de0  c567012000010000
0010  0000000006676f6f  676c6503636f6d00
0020  00100001

0000  .'.5.$màÅg. ....
0010  .....google.com.
0020  ....

User Datagram Protocol
- Source Port: 33063
- Destination Port: 53
- Length: 36
- Checksum: 0x6de0 [unverified]
Domain Name System (query)
- Transaction ID: 0xc567
- Flags: 0x0120 Standard query
  - 0... .... .... .... = Response: Message is a query
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..1. .... = AD bit: Set
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - google.com: type TXT, class IN
    - Name: google.com
    - Name Length: 10
    - Label Count: 2
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)

0000  00358127015dd87c  c567818000010005
0010  0000000006676f6f  676c6503636f6d00
0020  00100001c00c0010  000100000e0f0024
0030  23763d7370663120  696e636c7564653a
0040  5f7370662e676f6f  676c652e636f6d20
0050  7e616c6cc00c0010  000100000e0f0041
0060  40676c6f62616c73  69676e2d736d696d
0070  652d64763d434459  582b584648557732
0080  776d6c362f476238  2b35394273483331
0090  4b7a55723663316c  32425076714b5838
00A0  3dc00c0010000100  00012b002e2d646f
00B0  63757369676e3d30  353935383438382d
00C0  343735322d346566  322d393565622d61
00D0  6137626138613362  643065c00c001000
00E0  010000012b002e2d  646f63757369676e
00F0  3d31623061363735  342d343962312d34
0100  6462352d38353430  2d64326331323636
0110  3462323839c00c00  10000100000e0f00
0120  3c3b66616365626f  6f6b2d646f6d6169
0130  6e2d766572696669  636174696f6e3d32
0140  32726d3535316375  346b306162306278
0150  7377353336746c64  7334683935

0000  .5.'.]Ø|Åg......
0010  .....google.com.
0020  ....À..........$
0030  #v=spf1 include:
0040  _spf.google.com
0050  ~allÀ..........A
0060  @globalsign-smim
0070  e-dv=CDYX+XFHUw2
0080  wml6/Gb8+59BsH31
0090  KzUr6c1l2BPvqKX8
00A0  =À........+..-do
00B0  cusign=05958488-
00C0  4752-4ef2-95eb-a
00D0  a7ba8a3bd0eÀ....
00E0  ....+..-docusign
00F0  =1b0a6754-49b1-4
0100  db5-8540-d2c1266
0110  4b289À..........
0120  <;facebook-domai
0130  n-verification=2
0140  2rm551cu4k0ab0bx
0150  sw536tlds4h95

User Datagram Protocol
- Source Port: 53
- Destination Port: 33063
- Length: 349
- Checksum: 0xd87c [unverified]
Domain Name System (response)
- Transaction ID: 0xc567
- Flags: 0x8180 Standard query response, No error
  - 1... .... .... .... = Response: Message is a response
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... .0.. .... .... = Authoritative: Server is not an authority for domain
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... 1... .... = Recursion available: Server can do recursive queries
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
  - .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 5
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - google.com: type TXT, class IN
    - Name: google.com
    - Name Length: 10
    - Label Count: 2
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)
- Answers
  - google.com: type TXT, class IN
    - Name: google.com
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 36
    - TXT Length: 35
    - TXT: v=spf1 include:_spf.google.com ~all
  - google.com: type TXT, class IN
    - Name: google.com
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 65
    - TXT Length: 64
    - TXT: globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=
  - google.com: type TXT, class IN
    - Name: google.com
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)
    - Time to live: 299
    - Data length: 46
    - TXT Length: 45
    - TXT: docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
  - google.com: type TXT, class IN
    - Name: google.com
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)
    - Time to live: 299
    - Data length: 46
    - TXT Length: 45
    - TXT: docusign=1b0a6754-49b1-4db5-8540-d2c12664b289
  - google.com: type TXT, class IN
    - Name: google.com
    - Type: TXT (Text strings) (16)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 60
    - TXT Length: 59
    - TXT: facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95

0000  ede400350023671b  1333012000010000
0010  0000000005676d61  696c03636f6d0000
0020  0f0001

0000  íä.5.#g..3. ....
0010  .....gmail.com..
0020  ...

User Datagram Protocol
- Source Port: 60900
- Destination Port: 53
- Length: 35
- Checksum: 0x671b [unverified]
Domain Name System (query)
- Transaction ID: 0x1333
- Flags: 0x0120 Standard query
  - 0... .... .... .... = Response: Message is a query
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..1. .... = AD bit: Set
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - gmail.com: type MX, class IN
    - Name: gmail.com
    - Name Length: 9
    - Label Count: 2
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)

0000  0035ede4009e6256  1333818000010005
0010  0000000005676d61  696c03636f6d0000
0020  0f0001c00c000f00  0100000e0f001b00
0030  050d676d61696c2d  736d74702d696e01
0040  6c06676f6f676c65  c012c00c000f0001
0050  00000e0f00090014  04616c7432c029c0
0060  0c000f000100000e  0f0009002804616c
0070  7434c029c00c000f  000100000e0f0009
0080  000a04616c7431c0  29c00c000f000100
0090  000e0f0009001e04  616c7433c029

0000  .5íä..bV.3......
0010  .....gmail.com..
0020  ...À............
0030  ..gmail-smtp-in.
0040  l.googleÀ.À.....
0050  .........alt2À)À
0060  ............(.al
0070  t4À)À...........
0080  ...alt1À)À......
0090  ........alt3À)

User Datagram Protocol
- Source Port: 53
- Destination Port: 60900
- Length: 158
- Checksum: 0x6256 [unverified]
Domain Name System (response)
- Transaction ID: 0x1333
- Flags: 0x8180 Standard query response, No error
  - 1... .... .... .... = Response: Message is a response
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... .0.. .... .... = Authoritative: Server is not an authority for domain
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... 1... .... = Recursion available: Server can do recursive queries
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
  - .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 5
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - gmail.com: type MX, class IN
    - Name: gmail.com
    - Name Length: 9
    - Label Count: 2
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)
- Answers
  - gmail.com: type MX, class IN, preference 5, mx gmail-smtp-in.l.google.com
    - Name: gmail.com
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 27
    - Preference: 5
    - Mail Exchange: gmail-smtp-in.l.google.com
  - gmail.com: type MX, class IN, preference 20, mx alt2.gmail-smtp-in.l.google.com
    - Name: gmail.com
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 9
    - Preference: 20
    - Mail Exchange: alt2.gmail-smtp-in.l.google.com
  - gmail.com: type MX, class IN, preference 40, mx alt4.gmail-smtp-in.l.google.com
    - Name: gmail.com
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 9
    - Preference: 40
    - Mail Exchange: alt4.gmail-smtp-in.l.google.com
  - gmail.com: type MX, class IN, preference 10, mx alt1.gmail-smtp-in.l.google.com
    - Name: gmail.com
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 9
    - Preference: 10
    - Mail Exchange: alt1.gmail-smtp-in.l.google.com
  - gmail.com: type MX, class IN, preference 30, mx alt3.gmail-smtp-in.l.google.com
    - Name: gmail.com
    - Type: MX (Mail eXchange) (15)
    - Class: IN (0x0001)
    - Time to live: 3599
    - Data length: 9
    - Preference: 30
    - Mail Exchange: alt3.gmail-smtp-in.l.google.com

0000  8bf300350028bf69  ee0f012000010000
0010  0000000003777777  06676f6f676c6503
0020  636f6d00001c0001

0000  .ó.5.(¿iî.. ....
0010  .....www.google.
0020  com.....

User Datagram Protocol
- Source Port: 35827
- Destination Port: 53
- Length: 40
- Checksum: 0xbf69 [unverified]
Domain Name System (query)
- Transaction ID: 0xee0f
- Flags: 0x0120 Standard query
  - 0... .... .... .... = Response: Message is a query
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..1. .... = AD bit: Set
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - www.google.com: type AAAA, class IN
    - Name: www.google.com
    - Name Length: 14
    - Label Count: 3
    - Type: AAAA (IPv6 Address) (28)
    - Class: IN (0x0001)

0000  00358bf30044f29c  ee0f818000010001
0010  0000000003777777  06676f6f676c6503
0020  636f6d00001c0001  c00c001c00010000
0030  012b00102a001450  40130c0300000000
0040  00000068

0000  .5.ó.Dò.î.......
0010  .....www.google.
0020  com.....À.......
0030  .+..*..P@.......
0040  ...h

User Datagram Protocol
- Source Port: 53
- Destination Port: 35827
- Length: 68
- Checksum: 0xf29c [unverified]
Domain Name System (response)
- Transaction ID: 0xee0f
- Flags: 0x8180 Standard query response, No error
  - 1... .... .... .... = Response: Message is a response
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... .0.. .... .... = Authoritative: Server is not an authority for domain
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... 1... .... = Recursion available: Server can do recursive queries
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
  - .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 1
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - www.google.com: type AAAA, class IN
    - Name: www.google.com
    - Name Length: 14
    - Label Count: 3
    - Type: AAAA (IPv6 Address) (28)
    - Class: IN (0x0001)
- Answers
  - www.google.com: type AAAA, class IN, addr 2a00:1450:4013:c03::68
    - Name: www.google.com
    - Type: AAAA (IPv6 Address) (28)
    - Class: IN (0x0001)
    - Time to live: 299
    - Data length: 16
    - AAAA Address: 2a00:1450:4013:c03::68

0000  d97b003500276367  64a7012000010000
0010  0000000003777777  06676f6f676c6502
0020  66720000010001

0000  Ù{.5.'cgd§. ....
0010  .....www.google.
0020  fr.....

User Datagram Protocol
- Source Port: 55675
- Destination Port: 53
- Length: 39
- Checksum: 0x6367 [unverified]
Domain Name System (query)
- Transaction ID: 0x64a7
- Flags: 0x0120 Standard query
  - 0... .... .... .... = Response: Message is a query
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..1. .... = AD bit: Set
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - www.google.fr: type A, class IN
    - Name: www.google.fr
    - Name Length: 13
    - Label Count: 3
    - Type: A (Host Address) (1)
    - Class: IN (0x0001)

0000  0035d97b00379540  64a7818000010001
0010  0000000003777777  06676f6f676c6502
0020  66720000010001c0  0c00010001000001
0030  2b00046cb1775e

0000  .5Ù{.7.@d§......
0010  .....www.google.
0020  fr.....À........
0030  +..l±w^

User Datagram Protocol
- Source Port: 53
- Destination Port: 55675
- Length: 55
- Checksum: 0x9540 [unverified]
Domain Name System (response)
- Transaction ID: 0x64a7
- Flags: 0x8180 Standard query response, No error
  - 1... .... .... .... = Response: Message is a response
  - .000 0... .... .... = Opcode: Standard query (0)
  - .... .0.. .... .... = Authoritative: Server is not an authority for domain
  - .... ..0. .... .... = Truncated: Message is not truncated
  - .... ...1 .... .... = Recursion desired: Do query recursively
  - .... .... 1... .... = Recursion available: Server can do recursive queries
  - .... .... .0.. .... = Z: reserved (0)
  - .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
  - .... .... ...0 .... = Non-authenticated data: Unacceptable
  - .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 1
- Authority RRs: 0
- Additional RRs: 0
- Queries
  - www.google.fr: type A, class IN
    - Name: www.google.fr
    - Name Length: 13
    - Label Count: 3
    - Type: A (Host Address) (1)
    - Class: IN (0x0001)
- Answers
  - www.google.fr: type A, class IN, addr 108.177.119.94
    - Name: www.google.fr
    - Type: A (Host Address) (1)
    - Class: IN (0x0001)
    - Time to live: 299
    - Data length: 4
    - Address: 108.177.119.94

Author(s)	Olivier Bonaventure
Deadline	No deadline
Submission limit	No limitation
Category tags	dns

Information

Tags

Sign in

DNS queries

Question 1: DNS queries

Question 2: Packet trace

Information

Tags

Sign in

DNS queries Collapse context

Question 1: DNS queries

Question 2: Packet trace

DNS queries