1518 - Interpreting DNS Lookup Responses

Scenario

In this lab, you will practice interpreting DNS responses for different scenarios, including single and multiple A records, NXDOMAIN responses, SERVFAIL errors, and unreachable DNS servers. The domains are pre-configured for practice, and you will use the Dig Web Interface or the dig command-line tool to query these domains and interpret the responses.

Estimate Completion Time

• 15 to 20 minutes

Requirements

• Access to the online tool Dig Web Interface or a system with the dig command-line tool installed and internet access

Course References

• 1302: How to perform DNS Lookups

Tasks

We suggest using the Dig Web Interface for this lab, as the Dig tool may not be installed on all machines. If you already have Dig installed on your system, you may use Command Prompt or Terminal to complete this lab.

Note: If using the Dig Web Interface, ensure the Colorize Output and Stats options are enabled before performing the query.

Task 1: Interpreting A Record Response

1. Use the Dig Web Interface to look up the A records for the domain login.ddi.ninja. Review the response to understand what the A record indicates.

Task 2: Interpreting Multiple A Records Response

1. Use the Dig Web Interface to look up the MX records for the domain shopping.ddi.ninja. Analyze the list of A records and consider why there might be multiple IP addresses.

Task 3: Interpreting NXDOMAIN Response

1. Use the Dig Web Interface to look up the A record for the non-existent domain zoom.ddi.ninja. Understand the implications of the NXDOMAIN status and why it occurs.

Task 4: Interpreting SERVFAIL Response

1. Use the Dig Web Interface to look up the A record for the domain xyz.ddi.ninja. Reflect on the reasons for receiving a SERVFAIL response.

Task 5: Unreachable DNS Server

1. Use the Dig Web Interface to look up the A record for the domain login.ddi.ninja using the DNS server 203.0.113.212. Consider the potential reasons for the DNS server being unreachable.

Solutions

Task 1 Solution: Interpreting A Record Response

You can interpret the response for a single A record using one of the following methods:

Using Dig Web Interface:

1. Access Dig Web Interface using a web browser.

2. Enter login.ddi.ninja in the "Hostnames or IP addresses" field.

3. Select A in the "Type" dropdown.

4. Under the "Nameservers" field, select the Resolver option. From the dropdown, select Default to use the default resolver.

5. Enable the Colorize output and Stats options.

6. Click Dig.

   

Using Terminal (Linux and macOS):

1. Open the terminal on your system.

   • Linux: Press Ctrl + Alt + T to open the terminal.

   • macOS: Press Command + Space, type Terminal, and press Enter.

2. Run the following command: dig login.ddi.ninja. A

Using Command Prompt (Windows):

1. Open the Command Prompt by pressing Win + R, typing cmd, and pressing Enter.

2. If you have dig installed, run the following command: dig login.ddi.ninja. A

The response shows a single A record for the name login.ddi.ninja, indicating that it resolves to the IP address 172.31.53.27. The 3600 indicates the TTL (time to live) value, which tells how long the response is valid before it should be queried again.

Task 2 Solution: Interpreting Multiple A Records Response

You can perform this task using one of the following methods:

Using Dig Web Interface:

1. Access Dig Web Interface using a web browser.

2. Enter shopping.ddi.ninja in the "Hostnames or IP addresses" field.

3. Select A in the "Type" dropdown.

4. Under the "Nameservers" field, select the Resolver option. From the dropdown, select Default to use the default resolver.

5. Enable the Colorize output and Stats options.

6. Click Dig.

   

Using Terminal (Linux and macOS):

1. Open the terminal on your system.

   • Linux: Press Ctrl + Alt + T to open the terminal.

   • macOS: Press Command + Space, type Terminal, and press Enter.

2. Run the following command: dig shopping.ddi.ninja. A

Using Command Prompt (Windows):

1. Open the Command Prompt by pressing Win + R, typing cmd, and pressing Enter.

2. If you have dig installed, run the following command: dig shopping.ddi.ninja. A

The response contains multiple A records, indicating that shopping.ddi.ninja resolves to multiple IP addresses. This is a typical setup for load balancing or redundancy. Each IP address can serve the same content, and the presence of multiple addresses can help distribute the traffic.

Task 3 Solution: Interpreting NXDOMAIN Response

You can perform this task using one of the following methods:

Using Dig Web Interface:

1. Access Dig Web Interface using a web browser.

2. Enter zoom.ddi.ninja in the "Hostnames or IP addresses" field.

3. Select A in the "Type" dropdown.

4. Under the "Nameservers" field, select the Resolver option. From the dropdown, select Default to use the default resolver.

5. Enable the Colorize output and Stats options.

6. Click Dig.

   

Using Terminal (Linux and macOS):

1. Open the terminal on your system.

   • Linux: Press Ctrl + Alt + T to open the terminal.

   • macOS: Press Command + Space, type Terminal, and press Enter.

2. Run the following command: dig zoom.ddi.ninja. A

Using Command Prompt (Windows):

1. Open the Command Prompt by pressing Win + R, typing cmd, and pressing Enter.

2. If you have dig installed, run the following command: dig zoom.ddi.ninja. A

The NXDOMAIN status indicates that the domain name zoom.ddi.ninja does not exist in the DNS. This response signifies that the DNS server couldn't find records matching the queried domain.

Task 4 Solution: Interpreting SERVFAIL Response

You can perform this task using one of the following methods:

Using Dig Web Interface:

1. Access Dig Web Interface using a web browser.

2. Enter xyz.ddi.ninja in the "Hostnames or IP addresses" field.

3. Select A in the "Type" dropdown.

4. Under the "Nameservers" field, select the Resolver option. From the dropdown, select Default to use the default resolver.

5. Enable the Colorize output and Stats options.

6. Click Dig.

   

Using Terminal (Linux and macOS):

1. Open the terminal on your system.

   • Linux: Press Ctrl + Alt + T to open the terminal.

   • macOS: Press Command + Space, type Terminal, and press Enter.

2. Run the following command: dig xyz.ddi.ninja. A

Using Command Prompt (Windows):

1. Open the Command Prompt by pressing Win + R, typing cmd, and pressing Enter.

2. If you have dig installed, run the following command: dig xyz.ddi.ninja. A

The SERVFAIL status indicates a server failure. This response means that the DNS server encountered an error and couldn't process the query. This could be due to server misconfiguration, issues with the DNS zone, or other server-side problems.

Task 5 Solution: Unreachable DNS server

You can perform this task using one of the following methods:

Using Dig Web Interface:

1. Access Dig Web Interface using a web browser.

2. Enter login.ddi.ninja in the "Hostnames or IP addresses" field.

3. Select A in the "Type" dropdown.

4. Enter 203.0.113.212 in the "Nameservers" field and select ‘Specify myself’.

5. Enable the Colorize output and Stats options.

6. Click Dig.

   

Using Terminal (Linux and macOS):

1. Open the terminal on your system.

   • Linux: Press Ctrl + Alt + T to open the terminal.

   • macOS: Press Command + Space, type Terminal, and press Enter.

2. Run the following command: dig login.ddi.ninja. A

Using Command Prompt (Windows):

1. Open the Command Prompt by pressing Win + R, typing cmd, and pressing Enter.

2. If you have dig installed, run the following command: dig login.ddi.ninja. A

The message connection timed out; no servers could be reached indicates that the DNS server at 203.0.113.212 is unreachable. This could be due to network issues, firewall settings, or the server being down.