TCP IP Illustrated

By default the resolver looks for a name server on

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: or our examples so far (Figure 14.9), we've run the clients on the host sun accessing the name server across the SLIP link on the host noao.edu. We'll change that now and run the name server on the host sun. In this way if we monitor the DNS traffic on the SLIP link using tcpdump, we'll only see queries that can't be handled by the server out of its cache. By default, the resolver looks for a name server on the local host (UDP port 53 or TCP port 53). We delete the nameserver directive from our resolver file, leaving only the domain directive: sun % cat /etc/resolv.conf domain tuc.noao.edu The absence of a nameserver directive in this file causes the resolver to use the name server on the local host. We then use the host command to execute the following query: sun % host ftp.uu.net ftp.uu.net A 192.48.96.9 Figure 14.14 shows the tcpdump output for this query. 1 0.0 2 0.559285 ( 0.5593) 3 0.564449 ( 0.0052) 4 1.009476 ( 0.4450) sun.tuc.noao.edu.domain > NS.NIC.DDN.MIL.domain: 2 A? ftp.uu.net. (28) NS.NIC.DDN.MIL.domain > sun.tuc.noao.edu.domain: 2- 0/5/5 (229) sun.tuc.noao.edu.domain > ns.UU.NET.domain: 3+ A? ftp.uu.net. (28) ns.UU.NET.domain > sun.tuc.noao.edu.domain: 3* 1/0/0 A ftp.UU.NET (44) Figure 14.14 tcpdump output for: host ftp.uu.net. This time we've used a new option for tcpdump. We collected all the data to or from UDP or TCP ports 53 with the -w option. This saves the raw output in a file for later processing. This prevents tcpdump from trying to call the resolver itself, to print all the names corresponding to the IP addresses. After we ran our queries, we terminated tcpdump and reran it with the -r option. This causes it to read the raw output file and generate its normal printed output (which we show in Figure 14.14). This takes a few seconds, since tcpdump calls the resolver itself. The first thing to notice in our tcpdump output is that the identifiers are small integers (2 and 3). This is because we terminated the name server, and then restarted it, to force th...
View Full Document

This test prep was uploaded on 04/04/2014 for the course ECE EL5373 taught by Professor Guoyang during the Spring '12 term at NYU Poly.

Ask a homework question - tutors are online