Dns basics

From wikinotes

Tutorials

examining DNS queries with tcpdump https://www.netmeister.org/blog/dns-tcpdump.html

DNS

DNS queries are made as UDP packets to port 53 on your configured nameserver(s).
You can see this query requests the A, AAAA, and MX records for google.com. 

# tcpdump on network interface
tcpdump udp -n -i wlp3s0

# perform a DNS lookup
host google.com

# output:
# tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
# listening on wlp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
# 13:08:42.802109 IP 192.168.1.126.33395 > 192.168.1.1.53: 9866+ A? google.com. (28)
# 13:08:42.811116 IP 192.168.1.1.53 > 192.168.1.126.33395: 9866 1/0/0 A 172.217.164.238 (44)
# 13:08:42.811472 IP 192.168.1.126.46957 > 192.168.1.1.53: 1680+ AAAA? google.com. (28)
# 13:08:42.813192 IP 192.168.1.1.53 > 192.168.1.126.46957: 1680 1/0/0 AAAA 2607:f8b0:400b:801::200e (56)
# 13:08:42.813503 IP 192.168.1.126.35766 > 192.168.1.1.53: 49933+ MX? google.com. (28)
# 13:08:42.843452 IP 192.168.1.1.53 > 192.168.1.126.35766: 49933 5/0/0 MX aspmx.l.google.com. 10, MX alt2.aspmx.l.google.com. 30, MX alt1.aspmx.l.google.com. 20, MX alt4.aspmx.l.google.com. 50, MX alt3.aspmx.l.google.com. 40 (136)
Retrieved from "http://willpittman.net:8080/index.php?title=Dns_basics&oldid=25091"