15.4.8 Lab – Observe DNS Resolution Answers

Lab – Observe DNS Resolution (Answers Version)

Objectives

Part 1: Observe the DNS-to-IP Address Conversion of a URL

Part 2: Observe DNS Lookup Utilizing nslookup on a Website

Part 3: Observe DNS Lookup Utilizing nslookup with Mail Servers

Context / Scenario

When you input a Uniform Resource Locator (URL) such as http://www.cisco.com into a web browser, the Domain Name System (DNS) is activated. The first portion of the URL specifies the employed protocol. Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol over Secure Socket Layer (HTTPS), and File Transfer Protocol are frequent protocols (FTP).DNS utilises the second portion of the URL, www.cisco.com in this case. DNS converts the domain name (www.cisco.com) to an IP address so that the source host may communicate with the target server. In this lab, you will witness DNS in operation and utilise nslookup (name server lookup) to get further DNS information.

Required Assets 1 PC (Windows with internet and command prompt access)

Part 1: Observe the DNS-to-IP Address Conversion of a URL

Open a command prompt on Windows.

Open a command prompt on Windows.

Ping the URL for the Internet Corporation for Assigned Names and Numbers (ICANN) at www.icann.org at the command prompt. ICANN coordinates the DNS, IP addresses, administration of the top-level domain name system, and maintenance of the root server system. To determine where to transmit Internet Control Message Protocol (ICMP) packets, the computer must convert www.icann.org into an IP address.

The first output line has www.icann.org translated to an IP address via DNS. Even if your institution has a firewall that blocks pinging or if the target server has stopped you from pinging its web server, you should be able to see the impact of DNS.

Note: If the domain name resolves to an IPv6 address, use ping -4 www.icann.org to convert to an IPv4 address if required.

ping www.icann.org using C:>

Pinging the website www.vip.icann.org [2620:0:2d0:200::7] carries 32 bytes of information.

Message received from 2620:0:2d0:200::7: time=43ms

Response from 2620:0:2d0:200::7: time=41 milliseconds

Response from 2620:0:2d0:200::7: time=44 milliseconds

Message received from 2620:0:2d0:200::7: time=39ms

Ping stats for IP address 2620:0:2d0:200::7:

Sending = 4, Receiving = 4, Losing = 0 (0 percent loss),

Round-trip times in milliseconds:

Minimum = 39ms, Maximum = 44ms, Average = 41ms

C:\> ping -4 www.icann.org

Pinging www.vip.icann.org with 32 bytes of data: [192.0.32.7]

bytes=32 time=41ms TTL=241

bytes=32 time=42ms TTL=241 in reply from 192.0.32.7

bytes=32 time=42ms TTL=241 in reply from 192.0.32.7

bytes=32 time=43ms TTL=241 in response from 192.0.32.7

Statistics for 192.0.32.7's ping:

Sending = 4, Receiving = 4, Losing = 0 (0 percent loss),

Round-trip times in milliseconds:

Minimum = 41ms, Maximum = 43ms, Average = 42ms

The IP addresses for www.icann.org are recorded.

192.0.32.7 and 2620:0:2d0:200::7

Completely close the Windows command prompt

Instead of the URL, enter the IPv4 addresses from step b into a web browser. Enter https://192.0.32.7 in the address bar of the web browser. You may provide the IPv6 address if your machine has an IPv6 address. https://[2620:0:2d0:200::7] in the browser's address bar.

Observe that the ICANN homepage is shown without DNS.

The majority of us find it simpler to recall words than numbers. If you instruct someone to visit www.icann.org, they will likely remember it. If you instructed them to travel to 192.0.32.7, it would be impossible for them to recall an IP address. Computers work with numbers. DNS is the method through which words are converted into numbers. In addition, there is a second translation that occurs. Humans reason using Base 10 numbers. Computers operate using Base 2 arithmetic. The Base 2 representation of the Base 10 IP address 192.0.32.7 is 11000000.00000000.00100000.00000111. What happens if these Base 2 integers are copied and pasted into a browser?

The website fails to load. The web browser software code detects Base 10 digits. It is not compatible with Base 2 numbers.

At the prompt, type ping www.cisco.com.

Note: If the domain name resolves to an IPv6 address, use ping -4 www.cisco.com to convert into an IPv4 address.

Windows command prompt launch

ping www.cisco.com using C:>

Pinging origin-www.cisco.com with 32 bytes of data [2600:1408:7:1:9300::90].

Response time from 2600:1408:7.19300::90: 70ms

Response from 2600:1408:7.19300::90: time=74 milliseconds

Response time from 2600:1408:7.19300::90: 72ms

Response time from 2600:1408:7.19300::90: 71ms

Statistics for 2600:1408:7:1:9300::90 ping requests:

Sending = 4, Receiving = 4, Losing = 0 (0 percent loss),

Round-trip times in milliseconds:

Minimum = 70ms, Maximum = 74ms, Average = 71ms

C:> ping www.cisco.com: -4

Pinging e2867.dsca.akamaiedge.net with 32 bytes of data: [172.230.155.162]

bytes=32 time=7ms TTL=54 is the reply from 172.230.155.162.

bytes=32 time=6ms TTL=54 is the reply from 172.230.155.162.

bytes=32 time=7ms TTL=54 is the reply from 172.230.155.162.

bytes=32 time=6ms TTL=54 is the reply from 172.230.155.162.

Statistics for 172.230.155.162's ping:

Sending = 4, Receiving = 4, Losing = 0 (0 percent loss),

Round-trip times in milliseconds:

Minimum = 6ms, Maximum = 7ms, Average = 6ms

When you ping www.cisco.com, do you get the same IP address as the illustration? Explain.

The answer will vary based on your geographical location. Cisco's online material is hosted on a number of mirror servers. This implies that Cisco uploads the same material to geographically dispersed (globally distributed) servers. When a user attempts to access www.cisco.com, their request is routed to the nearest mirror server.

Input the IP address acquired by pinging www.cisco.com into a web browser. Does the website load properly? Explain.

The Cisco website fails to load. There are at least two potential explanations: Some web servers are set to accept browser-sent IP addresses, while others are not. It is possible that a firewall rule in the Cisco security system prevents IP addresses from being sent through a browser. Depending on the Web browser, you may also see a notice indicating that the connection is not secure or that a certificate problem has occurred.

Completely close the Windows command prompt

Observe DNS Lookup on a Website Using the nslookup Command

Input the nslookup command at the command prompt. Your outcome will vary from the example.

Windows command prompt launch

C:\> nslookup

Default Server: one.one.one.one

Address: 1.1.1.1

>

What DNS server is the default configuration?

Site dependent

Observe how the command prompt changed to the symbol for greater than (>). This is the prompt for nslookup. This prompt allows you to input DNS-related instructions.

In nslookup mode, type? at the prompt to view a list of all possible commands.

Type www.cisco.com at the nslookup prompt. > www.cisco.com

Default Server: one.one.one.one

Location: 1.1.1.1

Unauthoritative response:

Name: e2867.dsca.akamaiedge.net

Addresses: 2600:1404:a:395::b33

2600:1404:a:38e:::b33

172.230.155.162

Aliases: www.cisco.com

www.cisco.com.akadns.net

wwwds.cisco.com.edgekey.net

wwwds.cisco.com.edgekey.net.globalredir.akadns.net

What is the IPv4 address after translation?

From a particular geographical point, 172.230.155.162

Because Cisco employs mirrored servers in several places throughout the globe, the IP address from your location may likely be different.

Is it identical to the IP address shown by the ping command?

Yes

In addition to the IP address 172.230.155.162, the addresses section contains the numbers 2600:1404:a:395::b33 and 2600:1404:a:38e:::b33. What is this?

IPv6 (IP version 6) IP addresses that allow access to the website.

Enter the Cisco web server's IP address at the nslookup prompt. nslookup may be used to determine the domain name of an IP address if the URL is unknown. 172.230.155.162

Default Server: one.one.one.one

Location: 1.1.1.1

The hostname a172-230-155-162.deploy.static.akamaitechnologies.com has the IP address a172-230-155-162.

172.230.155.162 is the Internet Protocol Address of the server.

The nslookup programme may be used to convert domain names to IP addresses. Additionally, you may use it to convert IP addresses to domain names.

Using nslookup, record the IP addresses that are connected with www.google.com.

Answers may differ. The IP addresses at the time of writing are 2607:f8b0:4000:80f::2004 and 172.217.9.132.

> www.google.com

Server hostname: 1.1.1.1.1

Location: 1.1.1.1

Unauthoritative response:

Website: www.google.com

Internet Protocol: 2607:f8b0:4000:80f::2004

172.217.9.132

Part 3: Observe DNS Lookup Utilizing nslookup with Mail Servers

At the nslookup screen, enter set type=mx to identify mail servers using nslookup.

At the prompt for nslookup, enter cisco.com. cisco.com

Server hostname: 1.1.1.1.1

Location: 1.1.1.1

Unauthoritative response:

cisco.com MX preference = 20, mail exchanger = rcdn-mx-01.cisco.com

cisco.com MX preference = 30, mail exchanger = aer-mx-01.cisco.com

cisco.com MX preference = 10, and alln-mx-01.cisco.com is the mail exchanger

Redundancy is a key element of network architecture (more than one mail server is configured). Thus, if one of the mail servers is inaccessible, the querying machine will attempt the second mail server. MX preference is used by email administrators to choose which mail server is contacted first. The mail server with the lowest MX preference is the first to be contacted. Which mail server will be visited first when an email is sent to cisco.com, based on the data above?

rcdn-mx-01.cisco.com

Type exit at the nslookup prompt to return to the standard PC command prompt.

At the command prompt on your PC, enter ipconfig /all.

Provide the IP addresses of any DNS servers used by your institution.

Enter your responses here.

Site-dependent

Completely close the Windows command prompt

Reflection Question

What is the primary function of DNS?

DNS simply serves as the Internet's phonebook. Therefore, DNS converts names to numbers. The IP addresses may be IPv4 or IPv6.