DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

tcpdump-examples
tcpdump-examples

Posted on • Updated on

DNS introduction

DNS is short for Domain Name System. It is simply a database that links meaningful names (known as hostnames), such as howtouselinux.com, to a specific IP address, such as 185.230.63.171.

Each device connected to the Internet has a unique IP address. With the system of DNS, we don't have to memorize IP addresses.

DNS records

All domains are required to have at least a few essential DNS records for a user to be able to access their website using a domain name. This is the key concept of DNS.

Here are 4 commonly used DNS records.

  • A record - A record is used to map a domain (e.g., howtouselinux.com) or a sub-domain (e.g., blog.howtouselinux.com) to an IP address or many ips.
  • PTR record - Provides a domain name in reverse-lookups. eg. (23.236.62.147 -- howtouselinux.com) check more about A record. Understanding DNS A Record with Examples
  • CNAME record - also known as canonical name records, are used to create aliases that point to other names. They are commonly used to map WWW, FTP and MAIL sub-domains to a domain.
  • MX record - MX (Mail Exchange) records control how incoming email is routed for your domain.

Check this post to learn more about DNS records. Understanding DNS Records - PTR MX SRV CNAME AAAA .

How to query DNS record

Each application like Chrome has its own mechanism to get the DNS record. We will explain how to use the Linux command to query DNS records.

We can use dig name + record type + @dns server to query the DNS info from a DNS server. By default, dig performs a lookup for an A record if no type argument is specified.

  • server – the IP address or hostname of the name server to query. It is optional and if we don’t provide a server argument then dig uses the name server listed in /etc/resolv.conf.
  • name – the name of the resource record that is to be looked up.
  • record type – the type of query requested by dig. For example, it can be an A record, MX record, SOA record or any other types.

check more about how to use dig command to query DNS info

Example of DNS record

We can see that google.com has 6 A records with the following example. The main purpose of this is for load balance and fault tolerance.

$ dig google.com +short
172.217.194.138
172.217.194.139
172.217.194.102
172.217.194.101
172.217.194.100
172.217.194.113

Which port does DNS use?

DNS uses both TCP and UDP port 53. The most frequently used port for DNS is UDP 53. This is used for DNS queries on the client-side. Check more info about DNS port here.

How to use tcpdump to filter DNS Query packets?

We can use this tcpdump command to filter DNS query packets.

  • tcpdump -i eth0 udp port 53 We can write these packets to a file with this tcpdump command and analyze these packets with Wireshark GUI.
  • tcpdump -i eth0 -w /tmp/dns.pcap udp port 53 We can read these packets from dns.pcap file to get more details about the DNS query.
  • tcpdump -vvv -r /tmp/dns.pcap port 53

check more info about how to use tcpdump to capture DNS packet

Example of DNS Packet Analysis

We can get the A record for google.com with the flowing command.

dig google.com +short

This is the output of tcpdump command after we run the above dig command. Check more info about how to use dig command to query DNS records here.

20:11:00.466866 IP 10.79.98.233.54127 > 64.104.76.247.53: 60712+ [1au] A? google.com. (39)
Enter fullscreen mode Exit fullscreen mode

This is the packet we get from the DNS server for this DNS query.

20:11:00.560294 IP 64.104.76.247.53 > 10.79.98.233.54127: 60712 6/4/1 A 74.125.24.113, A 74.125.24.102, A 74.125.24.139, A 74.125.24.138, A 74.125.24.100, A 74.125.24.101 (207)
Enter fullscreen mode Exit fullscreen mode

By default, the dig command query the A record for that domain name with UDP protocol. Check this post to learn more about other DNS records like AAAA, MX, PTR etc.

Reference:

Free DNS Servers in 2021
Flush DNS Cache with Command Quick Guide
Exploring DNS TTL with Examples
Understanding Linux Dig Command
Exploring EDNS with Examples
Best and Fastest DNS Server For PS4 PS5
Best and Fastest DNS Servers For Gaming
What is DNS? DNS Meaning
Query DNS Txt Record with Dig Command

ssl vs tls

Top comments (0)

🌚 Browsing with dark mode makes you a better developer.

It's a scientific fact.