CS615A -- Aspects of System Administration - HW#3

HW3: capturing DNS traffic


The objective of this assignment is for you to observe and understand DNS and HTTP traffic on the wire. As in the previous assignment, you will use the tcpdump(8) utility for this task.


Please carefully read the assignment in full before you begin.

This assignment is worth 20 points.


Create two EC2 instances of your choice. One will act as the DNS server and one to act as the client. Make sure that the firewall rules between the server and client allow for all the required traffic.

Set up a caching only DNS server (a ``resolver'') on one instance. On NetBSD, this is as simple as setting named=YES in /etc/rc.conf and starting it via /etc/rc.d/named start; if you choose to use a different OS, you may consult any online documentation available, such as this document or any others you prefer. You may use bind or any other DNS server software you like. The only restriction is that in the end your host must be able to function as a caching DNS server.

Set up your client host to use your newly created DNS server for host lookups.

On your DNS resolver, start tcpdump(8). Then, start tcpdump(8) on your client. Capturing traffic on both ends, make an HTTP 1.0 request over TLS on the client using the following command:

printf "HEAD / HTTP/1.0\r\nHost: www.darpa.mil\r\n\r\n" | \
        openssl s_client -quiet -ign_eof -connect www.darpa.mil:443

Keep your tcpdump running for a while. Do you see other queries that you did not actively initiate? What are they, and what is causing them?

Now process the output:

  • identify the HTTP headers provided by DARPA's server in its response and briefly annotate their purpose
  • using the packet capture from your client host, identify the DNS query for the HTTP request from your client host to your DNS server as well as the response; there should be only a handful of packets here
  • using the packet capture from your server, identify -- for the HTTP request -- the query from your DNS server to one of the root servers, then to the various other DNS servers before the DNS information is returned to your server and which your DNS server then returns to your client; there will be a lot of packets here in your capture -- make sure to tease out only those that are directly relevant to the resolution

Note: in order to be able to capture the query from your DNS server to the root servers, you may have to clear the DNS server's cache immediately before making your request. This ensures that it is not using cached information from any previous lookups.

Deliverables & Due Date

You will submit a single tar(1) archive. The file to submit will be called "$USER-hw3.tar" (where "$USER" is your username). The archive will extract all files and subdirectories into a directory named $USER. Your archive will contain the following files:

  • http.txt - the HTTP header explanation
  • dns-client.txt - a text file containing the annotated output of tcpdump -r of the relevant DNS packets captured on the client relating to the HTTP request
  • dns-server.txt - a text file containing the annotated output of tcpdump -r of the relevant DNS packets captured on the server relating to the HTTP request
  • README - commentary on what you learned, what you found difficult, what you found surprising

Creating a valid submission might look as follows:

$ mkdir $USER
$ cd $USER
$ vi http.txt dns-client.txt dns-server.txt README
$ cd ..
$ tar cf ${USER}-hw3.tar ${USER}

Please attach the file to an email sent from your @stevens.edu email address to jschauma@stevens.edu with a subject of "[CS615] HW3".

The due date for this assignment is 2021-04-05 16:00 EDT.

[Course Website]