我的答案并不完善，欢迎纠正。

lab URL:https://gaia.cs.umass.edu/kurose_ross/wireshark.php

1.nslookup

---

1.Run nslookup to obtain the IP address of the web server for the Indian Institute of Technology in Bombay, India: www.iitb.ac.in. What is the IP address of www.iitb.ac.in

As the image shows above,the IP address of www.iitb.ac.in is 103.21.124.10 .

2.What is the IP address of the DNS server that provided the answer to your nslookup command in question 1 above?

127.0.0.53

3.Did the answer to your nslookup command in question 1 above come from an authoritative or non-authoritative server?

From an non-authoritative server.

4.Use the nslookup command to determine the name of the authoritative name server for the iit.ac.in domain. What is that name? (If there are more than one authoritative servers, what is the name of the first authoritative server returned by nslookup)? If you had to find the IP address of that authoritative name server, how would you do so?

2.The DNS cache on your computer

---

Just like many Web browsers keep a cache of objects recently retrieved by HTTP,most hosts(e.g.,your personal computer)keep a cache of recently retrieved DNS records(sometimes called a DNS resolver cache).When DNS services need to be invoked by a host, that host will first check if the DNS record needed is resident in this host’s DNS cache; if the record is found, the host will not even bother to contact the local DNS server and will instead use this cached DNS record.A DNS record in a resolver cache will eventually timeout and be removed from the resolver cache, just as records cached in a local DNS server will timeout.

对于windows系统的电脑，输入命令ipconfig /flushdns清理DNS缓存

3.Tracing DNS with Wireshark

---

· Clear the DNS cache in your host, as described above.

· Open your Web browser and clear your browser cache.

· Open Wireshark and enter ip.addr == <your_IP_address> into the display filter, where <your_IP_address> is the IPv4 address of your computer[1]. With this filter, Wireshark will only display packets that either originate from, or are destined to, your host.

· Start packet capture in Wireshark.

· With your browser, visit the Web page: http://gaia.cs.umass.edu/kurose_ross/

· Stop packet capture.

questions:

1. Locate the first DNS query message resolving the name gaia.cs.umass.edu. What is the packet number[1] in the trace for the DNS query message? Is this query message sent over UDP or TCP?

2. Now locate the corresponding DNS response to the initial DNS query. What is the packet number in the trace for the DNS response message? Is this response message received via UDP or TCP?

3. What is the destination port for the DNS query message? What is the source port of the DNS response message?

4. To what IP address is the DNS query message sent?

5. Examine the DNS query message. How many “questions” does this DNS message contain? How many “answers” answers does it contain?

6. Examine the DNS response message to the initial query message. How many “questions” does this DNS message contain? How many “answers” answers does it contain?

7. The web page for the base file http://gaia.cs.umass.edu/kurose_ross/ references the image object http://gaia.cs.umass.edu/kurose_ross/header_graphic_book_8E_2.jpg , which, like the base webpage, is on gaia.cs.umass.edu. What is the packet number in the trace for the initial HTTP GET request for the base file http://gaia.cs.umass.edu/kurose_ross/? What is the packet number in the trace of the DNS query made to resolve gaia.cs.umass.edu so that this initial HTTP request can be sent to the gaia.cs.umass.edu IP address? What is the packet number in the trace of the received DNS response? What is the packet number in the trace for the HTTP GET request for the image object http://gaia.cs.umass.edu/kurose_ross/header_graphic_book_8E2.jpg? What is the packet number in the DNS query made to resolve gaia.cs.umass.edu so that this second HTTP request can be sent to the gaia.cs.umass.edu IP address? Discuss how DNS caching affects the answer to this last question.

---

1.

No.15. UDP

2.

No.16. UDP

3.The destination port of DNS query is 53.The source port of DNS query response is 53.

4.It is sent to 202.99.166.4.It's one of my local DNS servers.

5.It's a standard DNS query.One.Zero.

6.It's a standard query response.One.One.

7.

---

Now let’s play with nslookup[1].

● Start packet capture.

● Do an nslookup on www.cs.umass.edu

● Stop packet capture.

You should get a trace that looks something like the following in your Wireshark window. Let’s look at the first type A query (which is packet number 19 in the figure below, and indicated by the “A” in the Info column for that packet.

8. What is the destination port for the DNS query message? What is the source port of the DNS response message?

9. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?

10. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

11. Examine the DNS response message to the query message. How many “questions” does this DNS response message contain? How many “answers”?

1.The destination port is 53.The source port of the DNS response message is 53,too.

2.202.99.166.4,which is one of my local DNS servers.Yes.

3.The type is A.No.

4.The number of both is one.

---

Last, let’s use nslookup to issue a command that will return a type NS DNS record, Enter the following command:

nslookup –type=NS umass.edu

and then answer the following questions :

12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?

13. Examine the DNS response message. How many answers does the response have? What information is contained in the answers?

14. Examine the DNS response message. How many answers does the response have? What information is contained in the answers? How many additional resource records are returned? What additional information is included in these additional resource records?

1.202.99.166.4,which is one of my default local DNS servers.

2.One.No

3.Three answers .The mapping from the domain name(e.g.,umass.edu) to a list of DNS servers authoritative for that domain.However,what I've got is a list of non-authoritative.