Home‎ > ‎CIS 140NA‎ > ‎

Lab 11: Discovering DNS

The purpose of this lab is to examine DNS and learn to use tools that perform DNS queries.  


The Domain Name System (DNS) is a cornerstone of the Internet. The DNS system works so well that most of us never notice it until there's a problem. In this lab you'll learn to use the dig tool to perform DNS queries then analyze the responses using Wireshark. 

Using Dig and NSLookup

The dig program is for querying and debugging DNS. Dig works on Linux and OSX. The nslookup program on Windows does not have the ability to do iterative queries like dig does. If you use Windows at home you must do this lab on Opus. While capturing with Wireshark use the appropriate command to do the following:
  1. Do an iterative query on the domain of your choice. 
  2. Do a recursive query on the domain of your choice. 

Using Dig Locally

By default dig performs a recursive query: 

$ dig host.mydomain.com

If you wish to perform an iterative query you must use the following option:

$ dig host.mydomain.com +trace

Using Dig on Opus

You will need to login to Opus twice, so you have two command prompts. From the first command prompt start dumpcap. The command line below limits the capture to just UDP packets, which will make your search a bit easier. 

/home/cis140/bin/dumpcap -f udp -w DNS.pcapng

With dumpcap running use the dig command from above in your second terminal. You will need to transfer the DNS.pcapng file to your local machine with SCP or Filezilla. Save your capture as DNS.pcapng. Your capture must have ONLY DNS packets and no others. Answer the following questions:
  1. What is the complete chain of DNS servers you used to do the iterative lookup?
  2. How long did it take to perform the recursive query? 

Turn In

  1. Your capture file DNS.pcapng
  2. Answers to the questions


  • 10 points for your capture
  • 10 points for answers to the questions