DNS 패킷덤프

 

1. PC 66 에서  Cache DNS 25로  www.sun.com 질의 함
14:50:09.337568 IP 211.110.86.66.29490 > 210.116.123.25.domain:  5104+ A? www.sun.com. (29)

14:50:09.338296 IP 210.116.123.25.32807 > cCache DNS.gihc.net.domain:  16378+ PTR? 25.123.116.210.in-addr.arpa. (45)
14:50:09.339063 IP cCache DNS.gihc.net.domain > 210.116.123.25.32807:  16378 NXDomain 0/1/0 (102)

 

2. Cache DNS 25에서 f.root에 www.sun.com 질의함
14:50:09.341087 IP 210.116.123.25.32805 > f.root-servers.net.domain:  58600% [1au] A? www.sun.com. (40)
14:50:09.341302 IP 210.116.123.25.32805 > f.root-servers.net.domain:  62068 [1au] NS? . (28)
14:50:09.341640 IP 210.116.123.25.32807 > cCache DNS.gihc.net.domain:  29586+ PTR? 66.86.110.211.in-addr.arpa. (44)

14:50:09.342396 IP cCache DNS.gihc.net.domain > 210.116.123.25.32807:  29586 NXDomain 0/1/0 (115)
14:50:09.342574 IP 210.116.123.25.32807 > cCache DNS.gihc.net.domain:  55842+ PTR? 184.105.116.210.in-addr.arpa. (46)
14:50:09.343356 IP cCache DNS.gihc.net.domain > 210.116.123.25.32807:  55842 1/2/2 (140)
14:50:09.343597 IP 210.116.123.25.32807 > cCache DNS.gihc.net.domain:  10798+ PTR? 241.5.5.192.in-addr.arpa. (42)

 

3.  f.root는 Cache DNS서버25에  TLD정보를 알려줌
14:50:09.344434 IP f.root-servers.net.domain > 210.116.123.25.32805:  58600- 0/13/16 (528)
14:50:09.345002 IP cCache DNS.gihc.net.domain > 210.116.123.25.32807:  10798 1/4/5 PTR[|domain]
14:50:09.345279 IP f.root-servers.net.domain > 210.116.123.25.32805:  62068*- 13/0/14 NS D.ROOT-SERVERS.NET.,[|domain]

 

4. Cache DNS서버 25는  b.gtld에게 www.sun.com에 대해 물어봄
14:50:09.345416 IP 210.116.123.25.32805 > b.gtld-servers.net.domain:  64720% [1au] A? www.sun.com. (40)
14:50:09.345844 IP 210.116.123.25.32807 > cCache DNS.gihc.net.domain:  55526+ PTR? 30.14.33.192.in-addr.arpa. (43)
14:50:09.347066 IP cCache DNS.gihc.net.domain > 210.116.123.25.32807:  55526 1/7/7 (315)

 

5. b.gtld는  Cache DNS 25에 www.sun.com에 대한 ns를 알려줌
14:50:09.350158 IP b.gtld-servers.net.domain > 210.116.123.25.32805:  64720- 0/4/5 (176)

 

6.  Cache DNS 25는  sun NS에게 www.sun.com 을 물어봄
14:50:09.350776 IP 210.116.123.25.32805 > cltea-ns-1.sun.com.domain:  65128% [1au] A? www.sun.com. (40)
14:50:09.351049 IP 210.116.123.25.32807 > cCache DNS.gihc.net.domain:  866+ PTR? 11.128.18.192.in-addr.arpa. (44)
14:50:09.352963 IP cCache DNS.gihc.net.domain > 210.116.123.25.32807:  866 1/4/4 (212)
14:50:09.567838 IP cltea-ns-1.sun.com.domain > 210.116.123.25.32805:  65128 FormErr [0q] 0/0/0 (12)

14:50:09.568189 IP 210.116.123.25.32805 > cltea-ns-1.sun.com.domain:  65332 A? www.sun.com. (29)

 

7. sun ns는  Cache DNS 25에  www.sun.com 이 72.5.124.61이라고 알려줌.
14:50:09.920816 IP cltea-ns-1.sun.com.domain > 210.116.123.25.32805:  65332*- 1/4/4 A 72.5.124.61 (188)

 

8. Cache DNS인 25번서버가 PC 66에게 IP를 알려줌

14:50:09.921414 IP 210.116.123.25.domain > 211.110.86.66.29490:  5104 1/4/0 A 72.5.124.61 (117)

 

이후 PC는 해당 IP를 인터넷 라우팅경로 따라 접속함

 

 

<2> 네임서버 2대중 1대가 동작하지 않는경우 - 210.1.1.2 이라는 서버는 없음.

 www.serverchk.com 두번째 질의


PC 66,  Cache DNS: 211.247.130.23  , NS1   ns2

[root@dsm01 etc]# tcpdump port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

 

1. PC 66 에서  Cache DNS 25로  www.sun.com 질의 함
18:52:20.663149 IP 211.110.86.66.12407 > localhost.localdomain.domain:  1078+ A? www.serverchk.com. (35)

 

2. Cache DNS 23에서 c.root에 www.serverchk.com 질의함
18:52:20.671987 IP localhost.localdomain.32914 > c.root-servers.net.domain:  60619% [1au] A? www.serverchk.com. (46)
18:52:20.672150 IP localhost.localdomain.32914 > c.root-servers.net.domain:  29721% [1au] PTR? 66.86.110.211.in-addr.arpa. (55)
18:52:20.672231 IP localhost.localdomain.32914 > c.root-servers.net.domain:  41716 [1au] NS? . (28)

 

3.  c.root는 Cache DNS서버23에  TLD정보를 알려줌
18:52:20.831674 IP c.root-servers.net.domain > localhost.localdomain.32914:  60619- 0/13/16 (534)

 

4. Cache DNS서버 23는  f.gtld에게 www.serverchk.com 에 대해 물어봄
18:52:20.834450 IP localhost.localdomain.32914 > f.gtld-servers.net.domain:  64728% [1au] A? www.serverchk.com. (46)

 

5. f.gtld는  Cache DNS 25에 www.serverchk.com 에 대한 ns를 알려줌
18:52:21.001665 IP f.gtld-servers.net.domain > localhost.localdomain.32914:  64728- 0/2/3 (114)

 

6.  Cache DNS 23는  NS2에게 www.serverchk.com 을 물어봄
18:52:21.002746 IP localhost.localdomain.32914 > 210.1.1.2.domain:  690% [1au] A? www.serverchk.com. (46)
18:52:21.172489 IP localhost.localdomain.32914 > a.root-servers.net.domain:  38815% [1au] PTR? 66.86.110.211.in-addr.arpa. (55)
18:52:21.172573 IP localhost.localdomain.32914 > a.root-servers.net.domain:  44792 [1au] NS? . (28)

 

7. ns2는 없으니  www.serverchk.com에대해 응답을 하지는 않음.
18:52:21.398536 IP a.root-servers.net.domain > localhost.localdomain.32914:  38815- 0/6/1 (197)
18:52:21.398563 IP a.root-servers.net.domain > localhost.localdomain.32914:  44792*- 13/0/14 NS L.ROOT-SERVERS.NET.,[|domain]
18:52:21.402271 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  44491% [1au] A? NS1.APNIC.NET. (42)
18:52:21.403094 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  65524% [1au] AAAA? NS1.APNIC.NET. (42)
18:52:21.404379 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  32025% [1au] A? NS4.APNIC.NET. (42)
18:52:21.406699 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  11978% [1au] AAAA? NS4.APNIC.NET. (42)
18:52:21.407360 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  37463% [1au] A? DNS1.TELSTRA.NET. (45)
18:52:21.408182 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  41424% [1au] AAAA? DNS1.TELSTRA.NET. (45)
18:52:21.409409 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  22789% [1au] A? NS-SEC.RIPE.NET. (44)
18:52:21.409872 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  18054% [1au] A? TINNIE.ARIN.NET. (44)
18:52:21.410467 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  30883% [1au] A? NS3.APNIC.NET. (42)
18:52:21.411087 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  54892% [1au] AAAA? NS-SEC.RIPE.NET. (44)
18:52:21.411145 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  46257% [1au] AAAA? TINNIE.ARIN.NET. (44)
18:52:21.411456 IP localhost.localdomain.32914 > E.ROOT-SERVERS.NET.domain:  14082% [1au] AAAA? NS3.APNIC.NET. (42)

 

8. Local Cache DNS에서  NS1에 www.serverchk.com에 대해 물어봄 
18:52:21.504157 IP localhost.localdomain.32914 > 210.116.123.25.domain:  52399% [1au] A? www.serverchk.com. (46)

 

9. www.severchk.com의 NS중 하나인 NS1은  Cache DNS질의에 대해 www.serverchk.com의 ip를 응답함
18:52:21.506619 IP 210.116.123.25.domain > localhost.localdomain.32914:  52399* 1/2/3 A 210.116.123.25 (130)

 

10. Local Cache DNS는 PC에 www.serverchk.com ip를 응답함.
18:52:21.507424 IP localhost.localdomain.domain > 211.110.86.66.12407:  1078 1/2/0 A 210.116.123.25 (87)

이후 PC는 해당 IP를 라우팅경로따라 접속함