This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ll-known port for the name server. If tcpdump had tried to print
names instead of IP addresses, then it would have been contacting the same name server (doing pointer queries),
confusing the output.
Starting with line 1, the field after the colon (1+) means the identification field is 1, and the plus sign means the RD
flag (recursion desired) is set. We see that by default, the resolver asks for recursion.
The next field, A?, means the query type is A (we want an IP address), and the question mark indicates it's a query (not
a response). The query name is printed next: gemini.tuc.noao.edu.. The resolver added the final period to the
query name, indicating that it's an absolute domain name.
The length of user data in the UDP datagram is shown as 37 bytes: 12 bytes are the fixed-size header (Figure 14.3); 21
bytes for the query name (Figure 14.6), and 4 bytes for the query type and query class. The odd-length UDP datagram file:///D|/Documents%20and%20Settings/bigini/Docu.../homenet2run/tcpip/tcp-ip-illustrated/dns_the.htm (8 of 18) [12/09/2001 14.47.06] Chapter 14. DNS: The Domain Name System reiterates that there is no padding in the DNS messages.
Line 2 in the tcpdump output is the response from the name server and 1* is the identification field with the asterisk
meaning the AA flag (authoritative answer) is set. (We expect this server, the primary server for the noao.edu
domain, to be authoritative for names within its domain.)
The output 2/0/0 shows the number of resource records in the final three variable-length fields in the response: 2
answer RRs, 0 authority RRs, and 0 additional RRs. tcpdump only prints the first answer, which in this case has a
type of A (IP address) with a value of 184.108.40.206.
Why do we get two answers to our query? Because the host gemini is multihomed. Two IP addresses are returned.
Indeed, another useful tool with the DNS is a publicly available program named host. It lets us issue queries to a name
server and see what comes back. If we run this program we'll see the two IP addresses for this host:
sun % host gemini
220.127.116.11 The first a...
View Full Document
This test prep was uploaded on 04/04/2014 for the course ECE EL5373 taught by Professor Guoyang during the Spring '12 term at NYU Poly.
- Spring '12