ERODD HOME CPSC Home

Notes on the Wireshark DNS lab

Some names in the Internet have changed or changed function since the lab was written. Also, given the "noisy" environment we sometimes see, these notes have suggestions for using filters.

  1. In general with DSN, there are type A queries and responses and type AAAA queries and responses. Type A are for IP V4 addresses which we are using. The AAAA queries/responses are for IP V6 - these addresses are not used in any of the cases we use.
  2. Page 2: The "nslookup -typeNS mid.edu. This returns a set of DNS servers. However, they have reduced function.
  3. Page 3: The "bitsy.mid.edu" server is no longer a DNS server. Instead use 4.2.2.2 (Level 3) or 9.9.9.9 (Quad 9).
  4. Page 5 (Section 3): The third bullet says to use a filter "ip.addr == your_IP_address". This is incorrect. Use the filter: ip host your_IP_address
  5. Page 5 question number 4. There can be a lot of traffic. Use the Display filter "dns" to see just DNS.
  6. Question 6: Note the frame number of the relevant DNS command. Then blank out the "dns" display filter and find the DNS response and look at the following TCP lines.
  7. Page 6: bottom of page it says to "focus on the last query". Instead, focus on the " last type A query."
  8. page 7 operation before question 20. Use 9.9.9.9 instead of bitsy.mit.edu.