TCP IP Illustrated

We see that by default the resolver asks for

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ll-known port for the name server. If tcpdump had tried to print names instead of IP addresses, then it would have been contacting the same name server (doing pointer queries), confusing the output. Starting with line 1, the field after the colon (1+) means the identification field is 1, and the plus sign means the RD flag (recursion desired) is set. We see that by default, the resolver asks for recursion. The next field, A?, means the query type is A (we want an IP address), and the question mark indicates it's a query (not a response). The query name is printed next: gemini.tuc.noao.edu.. The resolver added the final period to the query name, indicating that it's an absolute domain name. The length of user data in the UDP datagram is shown as 37 bytes: 12 bytes are the fixed-size header (Figure 14.3); 21 bytes for the query name (Figure 14.6), and 4 bytes for the query type and query class. The odd-length UDP datagram file:///D|/Documents%20and%20Settings/bigini/Docu.../homenet2run/tcpip/tcp-ip-illustrated/dns_the.htm (8 of 18) [12/09/2001 14.47.06] Chapter 14. DNS: The Domain Name System reiterates that there is no padding in the DNS messages. Line 2 in the tcpdump output is the response from the name server and 1* is the identification field with the asterisk meaning the AA flag (authoritative answer) is set. (We expect this server, the primary server for the noao.edu domain, to be authoritative for names within its domain.) The output 2/0/0 shows the number of resource records in the final three variable-length fields in the response: 2 answer RRs, 0 authority RRs, and 0 additional RRs. tcpdump only prints the first answer, which in this case has a type of A (IP address) with a value of 140.252.1.11. Why do we get two answers to our query? Because the host gemini is multihomed. Two IP addresses are returned. Indeed, another useful tool with the DNS is a publicly available program named host. It lets us issue queries to a name server and see what comes back. If we run this program we'll see the two IP addresses for this host: sun % host gemini gemini.tuc.noao.edu gemini.tuc.noao.edu A A 140.252.1.11 140.252.3.54 The first a...
View Full Document

This test prep was uploaded on 04/04/2014 for the course ECE EL5373 taught by Professor Guoyang during the Spring '12 term at NYU Poly.

Ask a homework question - tutors are online