HA NOI UNIVERSITY OF SCIENCE AND
TECHNOLOGY

COMPUTER NETWORK REPORT

Find out how to operate and install DNS services
Information technology industry

Instructor: Trần Nguyên Ngọc
Subject:

Computer network

Member: + Nguyễn Quang Ninh – 20198321
+ Nguyễn Minh Nghĩa – 20198318
+ Lê Văn Vỹ - 20198344

1


HA NOI
Contents
Freface.......................................................................................................................................................3
I.

WHAT IS A DNS ?................................................................................................................................3
DNS Propagation....................................................................................................................................3
DNS Resolution......................................................................................................................................4
Uses of DNS............................................................................................................................................4
What is DNS Used For?..........................................................................................................................4

II.

HOW TO OPERATE DNS SERVICES & Building Blocks of DNS..............................................................5
DNS Resolver..........................................................................................................................................5
DNS Root Server.....................................................................................................................................5
TLD Name Server...................................................................................................................................6
Authoritative Name Server....................................................................................................................6
Summary of the DNS Process - a DNS Example......................................................................................6
How DNS Works.....................................................................................................................................7
DNS Types - 3 Types of DNS Queries......................................................................................................7
DNS Record Types..................................................................................................................................8
The DNS Protocol...................................................................................................................................9

III.

HOW TO INSTALL AND CONFIGURATION DNS SERVICES?.............................................................10

HOW TO INSTALL DNS SERVER? ( In windown server 2019).................................................................10
How to configuration DNS Server?.......................................................................................................12
+ TEST NEW DNS SERVER ON WINDOWS 10........................................................................................18
IV.

PACKET ANALYSIS WITH WIRESHARK?..........................................................................................20
Packets.................................................................................................................................................20
Packet analysis.....................................................................................................................................21
What is Wireshark?..............................................................................................................................24
# DNS - PACKET ANALYSIS WITH WIRESHAK?.......................................................................................24

Conclude..................................................................................................................................................33
Work assignment.....................................................................................................................................33

References...............................................................................................................................................33

2


Freface
Have you ever thought that all computers on the Internet, from smart phones,
laptops, PCs to servers serving services such as websites, mail, .. all communicate
with each other through IP addresses. But this IP address for websites may be
different and difficult to remember for users, so how to solve this problem. It is
the DNS system (domain name resolution system) that will help people solve the
above problem.

I. WHAT IS A DNS ?
The Domain Name System (DNS) is the phonebook of the Internet. Humans
access information online through domain names, like nytimes.com or
espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS
translates domain names to IP addresses so browsers can load Internet
resources.
Each device connected to the Internet has a unique IP address which other
machines use to find the device. DNS servers eliminate the need for humans to
memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer
alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

DNS Propagation
Unlike a phone book, DNS records are commonly updated, meaning that a
server’s IP address can change without affecting end users. Users continue to
use the same domain name, and are automatically redirected to the new address.
A DNS A or AAAA Record points a domain or subdomain to an IP, and a
CNAME record points a domain or subdomain to another domain name.

After you register a new domain name or when you update DNS servers on
your domain name, it usually takes about 12-36 hours for the domain name
servers world-wide to be updated and able to access the information. This
3


period is referred to as propagation. With next-generation DNS
technology propagation can be reduced to minutes or seconds.
DNS allows for multiple hostnames to correspond to a single IP address - this
can be used for virtual hosting, when many websites are served from a single
host. A single hostname can also resolve to many IP addresses, in order to
distribute load to multiple servers.
DNS Resolution
Typically, when you connect to a local network, Internet service provider (ISP)
or WiFi network, the modem or router sends network configuration information
to your local device, including one or more DNS servers. These are the initial
DNS servers your device will use to translate host names to IP addresses.
A component called a DNS Resolver is responsible for checking if the host
name is available in local cache, and if not, contacts a series of DNS Name
Servers, until eventually it receives the IP of the website or service you are
trying to reach. If everything is working well, this can take less than a second.
The process is known as DNS resolution of a hostname to IP address.

Uses of DNS
The classic use of DNS is to translate the domain name in a URL into a
corresponding IP address. But DNS has many more uses - it underlies many
other forms of Internet communication.

What is DNS Used For?
 Resolving names of World Wide Web (WWW) sites

 Routing messages to email servers and webmail services
 Connecting app servers, databases and middleware within a
web application
 Virtual Private Networks (VPN)
 Peer-to-peer sharing programs
 Multiplayer games
 Instant messaging and online meeting services
 Communication between IoT devices, gateways and servers
4


II. HOW TO OPERATE DNS SERVICES & Building Blocks of DNS
There are four main building blocks that enable DNS to function:

DNS Resolver
A DNS resolver, also called a recursive resolver, is a server designed to
receive DNS queries from web browsers and other applications. The resolver
receives a hostname - for example, www.example.com - and is responsible for
tracking down the IP address for that hostname.
The DNS resolver might be operated by the local network, an Internet Service
Provider (IP), a mobile carrier, a WIFI network, or other third party. The
resolver starts by looking in its local cache or that of the operating system on
the local device - if the hostname is found, it is resolved immediately.
If not found, the resolver contacts a DNS Root Server and receives details of
a TLD Name Server. Via the TLD Name Server, it receives details of
an Authoritative Name Server, and asks it for the IP that matches the
requested hostname. When it receives the IP, the query is resolved.
DNS Root Server
The root server is the first step in translating human readable host names into IP
addresses. The Top Level Domain (TLD) takes the TLD provided in the user’s

query - for example, www.example.com - and provides details for
the .com TLD Name Server.
There are 13 logical root servers worldwide, indicated by the
letters A through M, operated by organizations such as Verisign, Cogent, the
University of Maryland and the U.S. Army Research Lab.
TLD Name Server
The TLD Name Server takes the domain name provided in the query - for
example www.example.com - and provides the IP of an Authoritative Name
Server. This is a DNS server that contains DNS records for the specific domain.

5


There is a Name Server for each Top Level Domain (TLD) - there are
currently over 1500 valid top level domains, including the original TLDs
like .com and .org, country codes such as co.uk and co.fr, and new TLDs such
as .biz.
Authoritative Name Server
The Authoritative Name Server is the last stop in the name server query. The
Authoritative Name Server takes the domain name and subdomain, and if it has
access to the DNS records, it returns the correct IP address to the DNS
Resolver.
As the Internet grows, the original IP address standard, IPv4 (which only
allowed up to 4.3 billion IP addresses) is being replaced with IPv6 (which
supports as many as 3.4×10^38 IP addresses). Increasingly, DNS servers return
IPs using the IPv6 format.
In some cases, the Authoritative Name Server will route the DNS Resolver to
another Name Server that contains specific records for a subdomain, for
example, support.example.com.
Authoritative Name Servers are organized using DNS Zones. Each DNS zone

has a closed set of Authoritative Name Servers. They are called “authoritative”
because they can provide an authoritative, correct response as to what is the
current IP for a specific domain

Summary of the DNS Process - a DNS Example
1. DNS Query - a web browser or other application requests a human
readable hostname such as “www.example.com”. The query is handled by the
DNS Resolver, which is responsible for finding the IP matching the hostname.
2. DNS Root Servers - the Resolver talks to a Root Server and is referred to a
Top Level Domain (TLD) Name Server, corresponding to the TLD in the query,
such as .com.
3. TLD Name Server - the Resolver contacts the relevant TLD Name Server
and is referred to an Authoritative Name Server that holds the current details for
the domain name.

6


4. Authoritative Name Server - finally, the Resolver sends the query to the
Authoritative Name Server which is is responsible for that domain (as indicated
in a Zone File on the TLD Name Server). This DNS server knows the IP
address for the full domain, www.example.com, and returns that answer to the
DNS Resolver.
5. DNS Query Resolved - now that the DNS Resolver knows the IP address
for the domain name, it returns it to the browser or other application on the
client side. The client can then connect to the server using the IP address, and
start communicating with it.
6. Client Can Communicate with Server - If the client is a browser, and the
user typed in a domain, the website at that domain can now be displayed. If the
client is a messaging app, the user can now send messages to other users via the

server.

How DNS Works
In this section we provide some more details about how DNS works behind the
scenes.

DNS Types - 3 Types of DNS Queries
1. Recursive query - In a recursive query, a DNS client requires that a DNS
server (typically a DNS recursive resolver) respond to the client with either the
requested resource record or an error message if it can't find the record.
2. Iterative query - the DNS client allows a DNS server to return the best
answer it can. If the queried DNS server does not have a match for the
hostname, it returns a referral to an Authoritative DNS Server at a lower level of
the DNS hierarchy. The DNS client then makes a query to the referral address.
This process continues with additional DNS servers down the query chain until
either an error or timeout occurs.
3. Non-recursive query - this occurs when a DNS Resolver queries a DNS
Name Server for a record, either because the Name Server is authoritative for
the record, or the record exists in its cache. DNS servers typically cache DNS
records to conserve bandwidth and reduce load on servers further up the
hierarchy.
7


DNS Record Types
DNS resource records (RR) are the basic information elements of the Domain
Name System. They are entries in the DNS database which provide information
about hosts. The records are physically stored in the Zone Files on the DNS
server.


The following are common DNS records:
 Address Mapping records (A) - records that hold a hostname and its
corresponding IPv4 address.
 IP Version 6 Address records (AAAA) - records that hold a hostname and
its corresponding IPv6 address.
 Canonical Name records (CNAME) - used to create aliases of domain
names. Can be used to alias a domain to another domain.
 Mail exchanger record (MX) - specifies a mail exchange server for the
domain name, used in the SMTP protocol to route emails to the correct email
server.
 Name Server records (NS) - delegates a DNS Zone to use a specific
Authoritative Name Server.
 Reverse-lookup Pointer records (PTR) - used to look up domain names
based on an IP address.
 Certificate record (CERT) - stores encryption certificates such as PKIX,
SPKI, PGP, etc.

8


 Service Location (SRV) - service location record, like MX but for other,
newer protocols.

The DNS Protocol
The DNS protocol uses two types of DNS messages, queries and replies. Both
queries and replies consist of a header and four sections: question, answer,
authority, and an additional space:
 The header section contains Identification, used to match responses with
queries; Flags; Number of questions; Number of answers; Number of authority
resource records (RRs); and Number of additional resource records.

 The flag field contains sections of one or four bits, indicating if the
message is a query or a reply; if the present packet is a reply, a status, or a
request; whether the DNS server is authoritative; whether the client wants to
send a recursive query ("RD"); whether the DNS server supports recursion;
whether the request was truncated ("TC"); and four bits at the end indicating
status.
 The question section contains the domain name and type of record (A,
AAAA, MX, TXT, etc.) being resolved. The domain name is broken into labels,
each label prefixed by the length of that label.
 The answer section has the resource records of the queried name. A
domain name may occur in multiple records if it has multiple IP addresses
associated with it.
Protocol Transport
DNS primarily uses the User Datagram Protocol (UDP) on port number 53 to
serve requests. DNS queries consist of a single UDP request from the client
followed by a single UDP reply from the server. The Transmission Control
Protocol (TCP) is used when the response data size exceeds 512 bytes, or for
zone transfers. Some DNS resolvers use TCP for all communication.

9


III. HOW TO INSTALL AND CONFIGURATION DNS SERVICES?
HOW TO INSTALL DNS SERVER? ( In windown server 2019)
At the Server Manager window  select item Manage  click Add roles
and Features

Select DNS Server  click Next

10



Continue to default and click Next  click install to install DNS Server

Successful installation  click Close

11


How to configuration DNS Server?
At the Server Manager window select item Tools  click DNS

Right click Forward Lookup Zones chọn New Zone...

12


In the New Zone Wizard screen click Next

In the Zone Type screen , select item Primary Zone to configure primary
DNS  click Next

13


In the Zone Name screen, write zone name in item Zone name
example: network.com.vn.  click Next

For


The next to default and click Next  in the Completing screen, check the
information about DNS Server and click Finish to finish creating new zone

14


The next, right click to network.com.vn select New Host ( A or AAAA ).... 
In the New Host window write name PC in Name and write IP of PC current in
IP address  click Add Host
For example: name PC: sv1, IP address: 172.17.77.172

The next, right click to network.com.vn select new Alias (CNAME)...  in
the New Resource Record window write www in title Alias name  click
Browse  select SV1  select Forward lookup Zones  select
network.com.vn  select sv1  click OK

15


The next, do the same as create New Host sv1, but with the name vy and same
IP range, for example: IP 172.17.77.100
The next, right click network.com.vn select New Mail Exchanger (MX) 
in the Mail Exchanger (MX) select Browse  choose to mail  click OK

So, configure the Forward Lookup Zones section (convert domain to IP
address)

Next configure the Reverse Lookup Zones section (convert IP address to
domain)


First, right click Reverse Lookup Zones choose New Zone  leave default
and click next fill in the IP of current PC in the title Network ID and leave
the end blank  click Next  click Finish
For example: 172.17.77

16


The next, click 77.17.172 in-addr.arp  right click select refesh to
automatically create 2 records named IP of sv1 and mail

So we have installed and configured DNS Server. To check, enter nslookup in
cmd, enter the domain that needs to be resolved to an IP address or vice versa.
17


+ TEST NEW DNS SERVER ON WINDOWS 10
Step 1: open Control Pannel  click Network and Sharing Center or right
click network icon in the system tray, select Open Network and Internet
Settings search Change adapter options

Step 2: click Change Adapter setting

Step 3: select the internet connection currently in use, right click Properties.

18


Step 4: click Internet Protocol Version 4 (TCP/TPv4)  Properties 
Gerneral  Use the following DNS server addresses ( with the IP of the

newly installed DNS Server above)
For example: Perferred DNS server: 172.17.77.172

Click OK to finish selecting the DNS Server address

19


IV. PACKET ANALYSIS WITH WIRESHARK?
Packets
When data is transferred from one computer to another, the data stream consists
of smaller units called packets.
When you download a file from the internet, the data is sent from the server as
packets. These packets are re-assembled by your computer to give you the
original file.



IPV4 Packet

A packet can contain the following data:


source and destination IP addresses



protocol




source and destination ports



data



length, flags, TTL, and so on
Each packet contains valuable information about the devices involved in a
packet transfer. Each data transfer involves thousands or even millions of these
packets of data being sent between the source and the destination devices.
Now you can understand the importance of Wireshark. Wireshark lets you
capture each of these packets and inspect them for data.
20


Wireshark, to a network engineer, is similar to a microscope for a biologist.
Wireshark lets you ‘listen’ to a live network (after you establish a connection to
it), and capture and inspect packets on the fly.
As a network engineer or ethical hacker, you can use Wireshark to debug and
secure your networks. As a malicious hacker (which I don’t recommend), you
can "sniff" packets in the network and capture information like credit card
transactions.
This is why it is unwise to connect to a public network like Starbucks and
perform financial transactions or access private data. Even though sites with
HTTPS can encrypt your packets, it is still visible over the network. If someone
really wants to crack it, they can.


Packet analysis
(also known as packet sniffing or protocol analyzing) is used to intercept and
capture live data as it travels over the network (Ethernet or Wi-Fi) in order to
understand what is happening in the network. Packet analysis is done by
protocol analyzers such as Wireshark available on the Internet. Some of these
are free and some are paid for commercial use. In this report, we will use
Wireshark to perform network analysis, which is an open source software and
the best free-network analyzer available on the Internet.
Numerous problems can happen in today's world of networking; for this, we
need to be geared up all the time with the latest set of tools that can avail us of
the ease of troubleshooting in any situation. Each of these problems will start
from the packet level and can gradually grow up to a high network downtime.
Even the best of protocols and services running on a system can go bad and
behave maliciously. To get to the root of the problem, we need to look into the
packet level to understand it better. If you need to maintain your network, then
you definitely need to look into the packet level. Packet analysis can be used
for the following aspects:

21


 To analyze network problems by looking into the packets and their
specific details so that you can get a better hold over your network.
 To detect network intrusion attempts and whether there are any malicious
users who are trying to get into your network, or they have alredy got
access to something in your network.
 To detect network misuse by internal or external users by establishing
firewall rules in your security appliance and then monitoring each of these
rules through Wireshark.
 To isolate exploited systems so that the affected system doesn't become a

pivot point for your network for malicious users.
 To monitor data in motion once it travels live in your network to have
better control over the allowed and restricted categories of data. For
instance, say you want to create a rule for your firewall that will block the
access to Bit Torrent sites. Blocking access to them can be done from your
manageable router, but knowing from where the request was originated
can be easily audited through Wireshark.
 To gather and report network statistics by filtering the most specific
packets as per your requirements and then creating specific capture filters
for your perusal that can help you in the long run.
 Learning who is on the network and what they are doing, is there
something they are not allowed to do, and is there anyone who is trying to
bypass the network restrictions. All of these simple day-to-day tasks can
be achieved easily through Wireshark.

22


 To debug client/server communications so that all the request and replies
communicated between the peers on our network can be audited to
maintain the integrity of your network.
 To look for applications that are sitting in the corner of your own network
and eating the bandwidth. They might be making your network insecure or
making it visible to the public network. Through this unnoticed
application, different forms of network traffic can enter without any
restrictions.
 To debug network protocol implementations and any kind of anomalies
present due to various misconfigurations in the current running devices.

To identify possible or malicious attacks that your network can be a victim of,

to analyze them, control/supervise them, and make yourself ready for any
possible malicious activity.
When performing a packet analysis, you should take care of things such as
which protocols can be interpreted, which is the best software you can use
according to your expertise, which protocol analyzer will best suit your
network requirement. Experience does count in this field; once you start
working with Wireshark, gradually you will come up with new ideas to
troubleshoot and analyze your packets in a much more advanced way.
Packet sniffers can interpret common network protocols (such as IP and
ICMP), transport layers (such as TCP and UDP), and application protocols
(such as DNS and HTTP).
Due to the overwhelming amount of information presented by Wireshark's
GUI, it might seem complex to some users and might be considered as one of
its demerits. There are a few CUI/GUI tools that can solve this purpose. They
are pretty simple touse and also present a simpler interface, for example,
TShark, tcpdump, Fiddler, and so on

23


What is Wireshark?
Wireshark is a network protocol analyzer, or an application that captures
packets from a network connection, such as from your computer to your home
office or the internet. Packet is the name given to a discrete unit of data in a
typical Ethernet network.
Wireshark is the most often-used packet sniffer in the world. Like any other
packet sniffer, Wireshark does three things:
1. Packet Capture: Wireshark listens to a network connection in real time
and then grabs entire streams of traffic – quite possibly tens of thousands of
packets at a time.

2. Filtering: Wireshark is capable of slicing and dicing all of this random live
data using filters. By applying a filter, you can obtain just the information you
need to see.
3. Visualization: Wireshark, like any good packet sniffer, allows you to dive
right into the very middle of a network packet. It also allows you to visualize
entire conversations and network streams.

# DNS - PACKET ANALYSIS WITH WIRESHAK?
Part 1: Record a PC’s IP Co Information
In Part 1, you will use the ipconfig /all command on your local PC to find and
record the MAC and IP addresses of your PC’s network interface card (NIC),
the IP address of the specified default gateway, and the DNS server IP address
specified for the PC. Record this information in the table provided. The
information will be used in the following parts of this lab with packet analysis.

IP address
MAC address
Default gateway IP address
24


DNS server IP address

Part 2: Use Wireshark to Capture DNS Queries and Responses
In Part 2, you will set up Wireshark to capture DNS query and response packets
to demonstrate the use of UDP transport protocol while communicating with a
DNS server
a. Click the Windows Start button and navigate to the Wireshark program.
Note: If Wireshark is not yet installed, it can be
downloade />b. Select an interface for Wireshark for capturing packets. Use the Interface

List to choose the interface that is associated with the recorded PC’s IP and
Media Access Control (MAC) addresses in Part 1.
c. After selecting the desired interface, click Start to capture the packets.
d. Open a web browser and type self.events.data.microsoft.com Press Enter to
continue.
e. Click Stop to stop the Wireshark capture when you see Google’s home page.

Part 3: Analyze Captured DNS or UDP Packets
In Part 3, you will examine the UDP packets that were generated when
communicating with a DNS server for the IP addresses for
self.events.data.microsoft.com
Step 1: Filter DNS packets.
a. In the Wireshark main window, type dns in the entry area of the Filter
toolbar. Click Apply or press Enter. Note: If you do not see any results after the
25