[cs615asa] HW4
Jan Schaumann
jschauma at stevens.edu
Tue Mar 12 22:41:53 EDT 2019
Justin F Barish <jbarish at stevens.edu> wrote:
> For the reverse lookup of Facebook's IP, there are 700+ DNS related
> messages. How do you suggest we parse through them (since 700 messages
> are a lot to look through)) / how many would you want to see
> annotated?
You should be able to generalize. Not every single message will be
necessary to analyze; you should find several are logical repetitions or
redundant queries.
Even though you may see a large number of packets, the number of queries
that directly leads to the correct resolution should be in the low
teens, I'm guessing.
For example, for a regular forward look up, we expect to see a query to
one of the root servers, to one of the gtld servers, and one or more to
the authoritative NS servers below the second-level domain. At the same
time, you will also see lookups of the IP addresses of the various
name servers, misc. DNSSEC related records, possibly some failover to
TCP if responses are larger than fit into a single UDP packet. Out of
all that, you could extract "here we ask a.root-servers.net, here we get
the IP address for a.edu-servers.net, here we ask a.edu-servers.net
(after failing over to TCP), here we ask nrac.stevens-tech.edu, here's
our result"." (This is an example only.)
Hope this clarifies things.
-Jan
More information about the cs615asa
mailing list