A student collected a packet trace while running the following command:
dig -t AAAA www.google.com
This trace was collected with a resolver that does not store any record in its cache. Can you reorder the packets of this trace by looking and the succession of the types of DNS requests starting from the root ?
| # |
Length |
Summary |
Status |
| 0 |
21 bytes |
Domain Name System (query) |
|
| 1 |
276 bytes |
Domain Name System (response) |
|
| 2 |
509 bytes |
Domain Name System (response) |
|
| 3 |
60 bytes |
Domain Name System (response) |
|
| 4 |
32 bytes |
Domain Name System (query) |
|
| 5 |
28 bytes |
Domain Name System (query) |
|
0000 d76d012000010000 0000000003636f6d
0010 0000020001
0000 ×m. .........com
0010 .....
- Domain Name System (query)
- Transaction ID: 0xd76d
- Flags: 0x0120 Standard query
- 0... .... .... .... = Response: Message is a query
- .000 0... .... .... = Opcode: Standard query (0)
- .... ..0. .... .... = Truncated: Message is not truncated
- .... ...1 .... .... = Recursion desired: Do query recursively
- .... .... .0.. .... = Z: reserved (0)
- .... .... ..1. .... = AD bit: Set
- .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
- com: type NS, class IN
- Name: com
- Name Length: 3
- Label Count: 1
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
0000 a1a2810000010000 0004000806676f6f
0010 676c6503636f6d00 00020001c00c0002
0020 00010002a3000006 036e7332c00cc00c
0030 000200010002a300 0006036e7331c00c
0040 c00c000200010002 a3000006036e7333
0050 c00cc00c00020001 0002a3000006036e
0060 7334c00cc028001c 00010002a3000010
0070 2001486048020034 000000000000000a
0080 c028000100010002 a3000004d8ef220a
0090 c03a001c00010002 a300001020014860
00A0 4802003200000000 0000000ac03a0001
00B0 00010002a3000004 d8ef200ac04c001c
00C0 00010002a3000010 2001486048020036
00D0 000000000000000a c04c000100010002
00E0 a3000004d8ef240a c05e001c00010002
00F0 a300001020014860 4802003800000000
0100 0000000ac05e0001 00010002a3000004
0110 d8ef260a
0000 ¡¢...........goo
0010 gle.com.....À...
0020 ....£....ns2À.À.
0030 ......£....ns1À.
0040 À.......£....ns3
0050 À.À.......£....n
0060 s4À.À(......£...
0070 .H`H..4........
0080 À(......£...Øï".
0090 À:......£... .H`
00A0 H..2........À:..
00B0 ....£...Øï .ÀL..
00C0 ....£... .H`H..6
00D0 ........ÀL......
00E0 £...Øï$.À^......
00F0 £... .H`H..8....
0100 ....À^......£...
0110 Øï&.
- Domain Name System (response)
- Transaction ID: 0xa1a2
- Flags: 0x8100 Standard query response, No error
- 1... .... .... .... = Response: Message is a response
- .000 0... .... .... = Opcode: Standard query (0)
- .... .0.. .... .... = Authoritative: Server is not an authority for domain
- .... ..0. .... .... = Truncated: Message is not truncated
- .... ...1 .... .... = Recursion desired: Do query recursively
- .... .... 0... .... = Recursion available: Server can't do recursive queries
- .... .... .0.. .... = Z: reserved (0)
- .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
- .... .... ...0 .... = Non-authenticated data: Unacceptable
- .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 0
- Authority RRs: 4
- Additional RRs: 8
- Queries
- google.com: type NS, class IN
- Name: google.com
- Name Length: 10
- Label Count: 2
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Authoritative nameservers
- google.com: type NS, class IN, ns ns2.google.com
- Name: google.com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 6
- Name Server: ns2.google.com
- google.com: type NS, class IN, ns ns1.google.com
- Name: google.com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 6
- Name Server: ns1.google.com
- google.com: type NS, class IN, ns ns3.google.com
- Name: google.com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 6
- Name Server: ns3.google.com
- google.com: type NS, class IN, ns ns4.google.com
- Name: google.com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 6
- Name Server: ns4.google.com
- Additional records
- ns2.google.com: type AAAA, class IN, addr 2001:4860:4802:34::a
- Name: ns2.google.com
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:4860:4802:34::a
- ns2.google.com: type A, class IN, addr 216.239.34.10
- Name: ns2.google.com
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 216.239.34.10
- ns1.google.com: type AAAA, class IN, addr 2001:4860:4802:32::a
- Name: ns1.google.com
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:4860:4802:32::a
- ns1.google.com: type A, class IN, addr 216.239.32.10
- Name: ns1.google.com
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 216.239.32.10
- ns3.google.com: type AAAA, class IN, addr 2001:4860:4802:36::a
- Name: ns3.google.com
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:4860:4802:36::a
- ns3.google.com: type A, class IN, addr 216.239.36.10
- Name: ns3.google.com
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 216.239.36.10
- ns4.google.com: type AAAA, class IN, addr 2001:4860:4802:38::a
- Name: ns4.google.com
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:4860:4802:38::a
- ns4.google.com: type A, class IN, addr 216.239.38.10
- Name: ns4.google.com
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 216.239.38.10
0000 d76d810000010000 000d000c03636f6d
0010 0000020001c00c00 0200010002a30000
0020 1401610c67746c64 2d73657276657273
0030 036e657400c00c00 0200010002a30000
0040 040162c023c00c00 0200010002a30000
0050 040163c023c00c00 0200010002a30000
0060 040164c023c00c00 0200010002a30000
0070 040165c023c00c00 0200010002a30000
0080 040166c023c00c00 0200010002a30000
0090 040167c023c00c00 0200010002a30000
00A0 040168c023c00c00 0200010002a30000
00B0 040169c023c00c00 0200010002a30000
00C0 04016ac023c00c00 0200010002a30000
00D0 04016bc023c00c00 0200010002a30000
00E0 04016cc023c00c00 0200010002a30000
00F0 04016dc023c02100 0100010002a30000
0100 04c005061ec02100 1c00010002a30000
0110 1020010503a83e00 0000000000000200
0120 30c0410001000100 02a3000004c0210e
0130 1ec041001c000100 02a3000010200105
0140 03231d0000000000 0000020030c05100
0150 0100010002a30000 04c01a5c1ec05100
0160 1c00010002a30000 102001050383eb00
0170 0000000000000000 30c0610001000100
0180 02a3000004c01f50 1ec061001c000100
0190 02a3000010200105 00856e0000000000
01A0 0000000030c07100 0100010002a30000
01B0 04c00c5e1ec07100 1c00010002a30000
01C0 10200105021ca100 0000000000000000
01D0 30c0810001000100 02a3000004c02333
01E0 1ec081001c000100 02a3000010200105
01F0 03d4140000000000 0000000030
0000 ×m...........com
0010 .....À.......£..
0020 ..a.gtld-servers
0030 .net.À.......£..
0040 ..bÀ#À.......£..
0050 ..cÀ#À.......£..
0060 ..dÀ#À.......£..
0070 ..eÀ#À.......£..
0080 ..fÀ#À.......£..
0090 ..gÀ#À.......£..
00A0 ..hÀ#À.......£..
00B0 ..iÀ#À.......£..
00C0 ..jÀ#À.......£..
00D0 ..kÀ#À.......£..
00E0 ..lÀ#À.......£..
00F0 ..mÀ#À!......£..
0100 .À...À!......£..
0110 . ...¨>.........
0120 0ÀA......£...À!.
0130 .ÀA......£... ..
0140 .#..........0ÀQ.
0150 .....£...À.\.ÀQ.
0160 .....£... ....ë.
0170 ........0Àa.....
0180 .£...À.P.Àa.....
0190 .£... ....n.....
01A0 ....0Àq......£..
01B0 .À.^.Àq......£..
01C0 . ....¡.........
01D0 0À.......£...À#3
01E0 .À.......£... ..
01F0 .Ô..........0
- Domain Name System (response)
- Transaction ID: 0xd76d
- Flags: 0x8100 Standard query response, No error
- 1... .... .... .... = Response: Message is a response
- .000 0... .... .... = Opcode: Standard query (0)
- .... .0.. .... .... = Authoritative: Server is not an authority for domain
- .... ..0. .... .... = Truncated: Message is not truncated
- .... ...1 .... .... = Recursion desired: Do query recursively
- .... .... 0... .... = Recursion available: Server can't do recursive queries
- .... .... .0.. .... = Z: reserved (0)
- .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
- .... .... ...0 .... = Non-authenticated data: Unacceptable
- .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 0
- Authority RRs: 13
- Additional RRs: 12
- Queries
- com: type NS, class IN
- Name: com
- Name Length: 3
- Label Count: 1
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Authoritative nameservers
- com: type NS, class IN, ns a.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 20
- Name Server: a.gtld-servers.net
- com: type NS, class IN, ns b.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: b.gtld-servers.net
- com: type NS, class IN, ns c.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: c.gtld-servers.net
- com: type NS, class IN, ns d.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: d.gtld-servers.net
- com: type NS, class IN, ns e.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: e.gtld-servers.net
- com: type NS, class IN, ns f.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: f.gtld-servers.net
- com: type NS, class IN, ns g.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: g.gtld-servers.net
- com: type NS, class IN, ns h.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: h.gtld-servers.net
- com: type NS, class IN, ns i.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: i.gtld-servers.net
- com: type NS, class IN, ns j.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: j.gtld-servers.net
- com: type NS, class IN, ns k.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: k.gtld-servers.net
- com: type NS, class IN, ns l.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: l.gtld-servers.net
- com: type NS, class IN, ns m.gtld-servers.net
- Name: com
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Name Server: m.gtld-servers.net
- Additional records
- a.gtld-servers.net: type A, class IN, addr 192.5.6.30
- Name: a.gtld-servers.net
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 192.5.6.30
- a.gtld-servers.net: type AAAA, class IN, addr 2001:503:a83e::2:30
- Name: a.gtld-servers.net
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:503:a83e::2:30
- b.gtld-servers.net: type A, class IN, addr 192.33.14.30
- Name: b.gtld-servers.net
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 192.33.14.30
- b.gtld-servers.net: type AAAA, class IN, addr 2001:503:231d::2:30
- Name: b.gtld-servers.net
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:503:231d::2:30
- c.gtld-servers.net: type A, class IN, addr 192.26.92.30
- Name: c.gtld-servers.net
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 192.26.92.30
- c.gtld-servers.net: type AAAA, class IN, addr 2001:503:83eb::30
- Name: c.gtld-servers.net
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:503:83eb::30
- d.gtld-servers.net: type A, class IN, addr 192.31.80.30
- Name: d.gtld-servers.net
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 192.31.80.30
- d.gtld-servers.net: type AAAA, class IN, addr 2001:500:856e::30
- Name: d.gtld-servers.net
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:500:856e::30
- e.gtld-servers.net: type A, class IN, addr 192.12.94.30
- Name: e.gtld-servers.net
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 192.12.94.30
- e.gtld-servers.net: type AAAA, class IN, addr 2001:502:1ca1::30
- Name: e.gtld-servers.net
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:502:1ca1::30
- f.gtld-servers.net: type A, class IN, addr 192.35.51.30
- Name: f.gtld-servers.net
- Type: A (Host Address) (1)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 4
- Address: 192.35.51.30
- f.gtld-servers.net: type AAAA, class IN, addr 2001:503:d414::30
- Name: f.gtld-servers.net
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 172800
- Data length: 16
- AAAA Address: 2001:503:d414::30
0000 4b4d850000010001 0000000003777777
0010 06676f6f676c6503 636f6d00001c0001
0020 c00c001c00010000 012c00102a001450
0030 400e080900000000 00002004
0000 KM...........www
0010 .google.com.....
0020 À........,..*..P
0030 @......... .
- Domain Name System (response)
- Transaction ID: 0x4b4d
- Flags: 0x8500 Standard query response, No error
- 1... .... .... .... = Response: Message is a response
- .000 0... .... .... = Opcode: Standard query (0)
- .... .1.. .... .... = Authoritative: Server is an authority for domain
- .... ..0. .... .... = Truncated: Message is not truncated
- .... ...1 .... .... = Recursion desired: Do query recursively
- .... .... 0... .... = Recursion available: Server can't do recursive queries
- .... .... .0.. .... = Z: reserved (0)
- .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
- .... .... ...0 .... = Non-authenticated data: Unacceptable
- .... .... .... 0000 = Reply code: No error (0)
- Questions: 1
- Answer RRs: 1
- Authority RRs: 0
- Additional RRs: 0
- Queries
- www.google.com: type AAAA, class IN
- Name: www.google.com
- Name Length: 14
- Label Count: 3
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Answers
- www.google.com: type AAAA, class IN, addr 2a00:1450:400e:809::2004
- Name: www.google.com
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
- Time to live: 300
- Data length: 16
- AAAA Address: 2a00:1450:400e:809::2004
0000 4b4d012000010000 0000000003777777
0010 06676f6f676c6503 636f6d00001c0001
0000 KM. .........www
0010 .google.com.....
- Domain Name System (query)
- Transaction ID: 0x4b4d
- Flags: 0x0120 Standard query
- 0... .... .... .... = Response: Message is a query
- .000 0... .... .... = Opcode: Standard query (0)
- .... ..0. .... .... = Truncated: Message is not truncated
- .... ...1 .... .... = Recursion desired: Do query recursively
- .... .... .0.. .... = Z: reserved (0)
- .... .... ..1. .... = AD bit: Set
- .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
- www.google.com: type AAAA, class IN
- Name: www.google.com
- Name Length: 14
- Label Count: 3
- Type: AAAA (IPv6 Address) (28)
- Class: IN (0x0001)
0000 a1a2012000010000 0000000006676f6f
0010 676c6503636f6d00 00020001
0000 ¡¢. .........goo
0010 gle.com.....
- Domain Name System (query)
- Transaction ID: 0xa1a2
- Flags: 0x0120 Standard query
- 0... .... .... .... = Response: Message is a query
- .000 0... .... .... = Opcode: Standard query (0)
- .... ..0. .... .... = Truncated: Message is not truncated
- .... ...1 .... .... = Recursion desired: Do query recursively
- .... .... .0.. .... = Z: reserved (0)
- .... .... ..1. .... = AD bit: Set
- .... .... ...0 .... = Non-authenticated data: Unacceptable
- Questions: 1
- Answer RRs: 0
- Authority RRs: 0
- Additional RRs: 0
- Queries
- google.com: type NS, class IN
- Name: google.com
- Name Length: 10
- Label Count: 2
- Type: NS (authoritative Name Server) (2)
- Class: IN (0x0001)
INGInious