Join Telegram Study Group ▷
SPOTO focus on IT certification training for 16 years. Over 16 years, SPOTO helped tens of thousands of candidates achieve their Cisco CCNA, CCNP, CCIE, CISSP certification. Subscribe us and get the more news.
First, the purpose of the experiment
Through the network packet capture test, we deeply understand the use of the DNS domain name system in the TCP/IP protocol suite and the specific format and meaning of the message and strengthen the understanding and application of the DNS.
Second, the relevant principles
2.1, the definition of DNS
DNS is an abbreviation of Domain Name System (domain name system), which is composed of a resolver and a domain name server. A domain name server is a server that stores domain names and corresponding IP addresses of all hosts on the network and has the function of converting domain names into IP addresses. The domain name must correspond to an IP address, and the IP address does not necessarily have a domain name.
The domain name system uses a hierarchical structure similar to a directory tree. The domain name server is the server side in the client/server mode. It has two main forms: the primary server and the forwarding server. The process of mapping a domain name to an IP address is called Domain Name Resolution. There are one-to-one (or many-to-one) domain names and IP addresses on the Internet. Although domain names are easy for people to remember, machines can only know each other's IP addresses. The conversion between them is called a domain name resolution. A resolution needs to be done by a dedicated domain name resolution server. DNS is the server that performs domain name resolution. DNS naming is used in TCP/IP networks such as the Internet to find computers and services with user-friendly names.
When a user enters a DNS name in an application, the DNS service can resolve this name to other information associated with it, such as an IP address. Because the URL you entered when you surfed the Internet, the corresponding IP address was found through the resolution of the domain name resolution system, so that you can access the Internet. The final point of the domain name is IP.
2.2, the composition of the DNS
In IPV4, IP is composed of 32-bit binary numbers. The 32-bit binary number is divided into 4 groups of 8 binary numbers each. The 8 binary numbers are converted into decimal numbers, which is the IP address we see. It is between 0 and 255. Because the maximum range of 8 binary numbers converted to decimal numbers is 0 to 255. In IPV6, which has now started trial operation and will replace IPv4 in the future, an IP address will be represented by a 128-bit binary number.
2.3, DNS query
A DNS query can be interpreted in two ways. One is that the client queries the resource records on the specified DNS server (such as A records), and the other refers to the process of querying the FQDN name.
First, query the resource record on the DNS server
You can use the command line tool on the Windows platform to enter nslookup. The returned results include the IP address (A record), alias (CNAME record), and so on. In addition to the above methods, DNS information such as domain names of foreign countries can be queried through some DNS queries.
Second, the FQDN name analysis process query
If you want to track the resolution of an FQDN name, type digwww+trace under Linux shell. The returned results include the recursion or iteration process from the domain to the authoritative domain name server.
