------------------[ Readings ]------------------ Read Chapter 11 of the textbook. In class, we covered roughly up to 11.5.6.4. A brief summary of DNS can be found in Shalunov Chapter 8. ------------------[ How DNS works ]------------------ http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html gives a very nice step-by-step guide to how DNS operates---and how it was vulnerable to attacks on caching via its short (16-bit) transaction ID. More details on DNS Resource Record (RR) format: http://www.tcpipguide.com/free/t_DNSMessageResourceRecordFieldFormats-2.htm http://www.tcpipguide.com/free/t_DNSNameNotationandMessageCompressionTechnique.htm Of course, RFC 1035 is the definitive source: https://www.ietf.org/rfc/rfc1035.txt (look around 3.2 for the RR definitions). ------------------[ What a recursive DNS server does ]------------------ All the files mentioned are in the source directory under the dns/ subdirectory. I set up a caching DNS server at cs60.cs.dartmouth.edu (129.170.213.53) and set up packet captures for any requests it got or sent. Then I sent it an A-type query for www.cs.dartmouth.edu , with "dig @129.170.213.53 a www.cs.dartmouth.edu". The result is in recursive-dns-lookup-noDNSSEC.pcap, translated to the dig output format in recursive-dns-lookup-noDNSSEC.txt (the conversion script is dns-pcap-to-dig.py and uses Scapy and dnslib Python libraries) The commented version of the above is in recursive-dns-lookup-noDNSSEC-annotated.txt, which tells the story request by request. See the server perform the recursive queries first against the root servers, then against the EDU servers, then against Dartmouth servers, each next batch of servers to query supplied by the previous one in the authority records of the noerror answer-less responses. ------------------[ Parsing DNS code ]------------------ dnstcp.c and dnsudp.c provide examples of how DNS responses can be parsed in C. It turned out that my code did not have a bug after all; instead, I accidentally deleted a line of C when recompiling in class. However, dnstcp-buggy.c and dnsudp-buggy.c do contain a bug. Look for it and understand what it was! This is a real bug, which I managed to catch.