Below is edited and commented output from a snoop trace, captured using script.
Script started on Sat 17 Feb 2001 11:12:47 AM EST bart:~> snoop -v port 53 Using device /dev/hme (promiscuous mode)
IP: ----- IP Header ----- IP: IP: Source address = 128.59.19.191, bart.cs.columbia.edu IP: Destination address = 128.9.0.107, b.root-servers.net IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 33166 UDP: Destination port = 53 (DNS) UDP: Length = 42 UDP: Checksum = 059F UDP: DNS: ----- DNS Header ----- DNS: DNS: Query ID = 9571 DNS: Opcode: Query DNS: RD (Recursion Desired) DNS: 1 question(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS:
IP: ----- IP Header ----- IP: IP: Source address = 128.9.0.107, b.root-servers.net IP: Destination address = 128.59.19.191, bart.cs.columbia.edu IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 33166 UDP: Length = 293 UDP: Checksum = F2D2 UDP: DNS: ----- DNS Header ----- DNS: DNS: Response ID = 9571 DNS: DNS: Response Code: 0 (OK) DNS: Reply to 1 question(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: DNS: 0 answer(s) DNS: 6 name server resource(s) DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: AUTH03.NS.DE.UU.NET. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: DNS.DENIC.de. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: SUNIC.SUNET.SE. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: DNS.NIC.XLINK.NET. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: SSS-AT.DENIC.de. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: SSS-NL.DENIC.de. DNS: DNS: 6 additional record(s) DNS: Domain Name: AUTH03.NS.DE.UU.NET. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 192.76.144.16 DNS: DNS: Domain Name: DNS.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 194.246.96.79 DNS: DNS: Domain Name: SUNIC.SUNET.SE. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 192.36.125.2 DNS: DNS: Domain Name: DNS.NIC.XLINK.NET. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 193.141.40.42 DNS: DNS: Domain Name: SSS-AT.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 193.171.255.34 DNS: DNS: Domain Name: SSS-NL.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 193.0.0.237 DNS:
IP: ----- IP Header ----- IP: IP: Source address = 128.59.19.191, bart.cs.columbia.edu IP: Destination address = 128.9.0.107, b.root-servers.net IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 33167 UDP: Destination port = 53 (DNS) UDP: Length = 38 UDP: Checksum = F636 UDP: DNS: ----- DNS Header ----- DNS: DNS: Query ID = 9572 DNS: Opcode: Query DNS: RD (Recursion Desired) DNS: 1 question(s) DNS: Domain Name: DNS.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS:
b.root-servers.net answers to provide the IP address of the server dns.denic.de, 194.246.96.79.
IP: ----- IP Header ----- IP: Source address = 128.9.0.107, b.root-servers.net IP: Destination address = 128.59.19.191, bart.cs.columbia.edu IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 33167 UDP: Length = 295 UDP: Checksum = 5833 UDP: DNS: ----- DNS Header ----- DNS: DNS: Response ID = 9572 DNS: DNS: Response Code: 0 (OK) DNS: Reply to 1 question(s) DNS: Domain Name: DNS.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: DNS: 1 answer(s) DNS: Domain Name: DNS.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 194.246.96.79 DNS: DNS: 6 name server resource(s) DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: AUTH03.NS.DE.UU.NET. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: DNS.DENIC.de. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: SUNIC.SUNET.SE. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: DNS.NIC.XLINK.NET. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: SSS-AT.DENIC.de. DNS: DNS: Domain Name: de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 172800 DNS: Authoritative Name Server: SSS-NL.DENIC.de. DNS: DNS: 6 additional record(s) DNS: Domain Name: AUTH03.NS.DE.UU.NET. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 192.76.144.16 DNS: DNS: Domain Name: DNS.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 194.246.96.79 DNS: DNS: Domain Name: SUNIC.SUNET.SE. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 192.36.125.2 DNS: DNS: Domain Name: DNS.NIC.XLINK.NET. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 193.141.40.42 DNS: DNS: Domain Name: SSS-AT.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 193.171.255.34 DNS: DNS: Domain Name: SSS-NL.DENIC.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 172800 DNS: Address: 193.0.0.237 DNS:
IP: ----- IP Header ----- IP: Source address = 128.59.19.191, bart.cs.columbia.edu IP: Destination address = 194.246.96.79, dns.denic.de IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 33168 UDP: Destination port = 53 (DNS) UDP: Length = 42 UDP: Checksum = 62C9 UDP: DNS: ----- DNS Header ----- DNS: DNS: Query ID = 9573 DNS: Opcode: Query DNS: RD (Recursion Desired) DNS: 1 question(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS:
IP: ----- IP Header ----- IP: Source address = 128.59.19.191, bart.cs.columbia.edu IP: Destination address = 128.59.16.20, cs.columbia.edu IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 33169 UDP: Destination port = 53 (DNS) UDP: Length = 52 UDP: Checksum = B0C0 UDP: DNS: ----- DNS Header ----- DNS: DNS: Query ID = 44075 DNS: Opcode: Query DNS: RD (Recursion Desired) DNS: 1 question(s) DNS: Domain Name: 79.96.246.194.in-addr.arpa. DNS: Class: 1 (Internet) DNS: Type: 12 (Domain Name Pointer) DNS:
Again, the server does not recurse, but rather provides a pointer to the server for gmd.de.
IP: ----- IP Header ----- IP: Source address = 194.246.96.79, dns.denic.de IP: Destination address = 128.59.19.191, bart.cs.columbia.edu IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 33168 UDP: Length = 144 UDP: Checksum = DC4C UDP: DNS: ----- DNS Header ----- DNS: DNS: Response ID = 9573 DNS: DNS: Response Code: 0 (OK) DNS: Reply to 1 question(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: DNS: 0 answer(s) DNS: 3 name server resource(s) DNS: Domain Name: gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: dns.gmd.de. DNS: DNS: Domain Name: gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: dns2.gmd.de. DNS: DNS: Domain Name: gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: ws-lei1.win-ip.dfn.de. DNS: DNS: 2 additional record(s) DNS: Domain Name: dns.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 129.26.8.82 DNS: DNS: Domain Name: dns2.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 192.54.35.100 DNS:
IP: ----- IP Header ----- IP: Source address = 128.59.16.20, cs.columbia.edu IP: Destination address = 128.59.19.191, bart.cs.columbia.edu IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 33170 UDP: Length = 207 UDP: Checksum = 9518 UDP: DNS: ----- DNS Header ----- DNS: DNS: Response ID = 44076 DNS: RA (Recursion Available) DNS: Response Code: 0 (OK) DNS: Reply to 1 question(s) DNS: Domain Name: dns.denic.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: DNS: 1 answer(s) DNS: Domain Name: dns.denic.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 19210 DNS: Address: 194.246.96.79 DNS: DNS: 4 name server resource(s) DNS: Domain Name: denic.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 19210 DNS: Authoritative Name Server: dns3.denic.de. DNS: DNS: Domain Name: denic.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 19210 DNS: Authoritative Name Server: dns2.denic.de. DNS: DNS: Domain Name: denic.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 19210 DNS: Authoritative Name Server: sss-at.denic.de. DNS: DNS: Domain Name: denic.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 19210 DNS: Authoritative Name Server: xlink1.xlink.net. DNS: DNS: 4 additional record(s) DNS: Domain Name: dns3.denic.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 19210 DNS: Address: 194.246.96.25 DNS: DNS: Domain Name: dns2.denic.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 30982 DNS: Address: 194.246.96.49 DNS: DNS: Domain Name: sss-at.denic.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 19210 DNS: Address: 193.171.255.34 DNS: DNS: Domain Name: xlink1.xlink.net. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 171539 DNS: Address: 193.141.40.1 DNS:
IP: ----- IP Header ----- IP: Source address = 128.59.19.191, bart.cs.columbia.edu IP: Destination address = 194.246.96.79, dns.denic.de IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 33171 UDP: Destination port = 53 (DNS) UDP: Length = 36 UDP: Checksum = 562D UDP: DNS: ----- DNS Header ----- DNS: DNS: Query ID = 9574 DNS: Opcode: Query DNS: RD (Recursion Desired) DNS: 1 question(s) DNS: Domain Name: dns.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS:
IP: ----- IP Header ----- IP: Source address = 194.246.96.79, dns.denic.de IP: Destination address = 128.59.19.191, bart.cs.columbia.edu IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 33171 UDP: Length = 150 UDP: Checksum = B2AA UDP: DNS: ----- DNS Header ----- DNS: DNS: Response ID = 9574 DNS: DNS: Response Code: 0 (OK) DNS: Reply to 1 question(s) DNS: Domain Name: dns.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: DNS: 1 answer(s) DNS: Domain Name: dns.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 129.26.8.82 DNS: DNS: 3 name server resource(s) DNS: Domain Name: gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: dns.gmd.de. DNS: DNS: Domain Name: gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: dns2.gmd.de. DNS: DNS: Domain Name: gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: ws-lei1.win-ip.dfn.de. DNS: DNS: 2 additional record(s) DNS: Domain Name: dns.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 129.26.8.82 DNS: DNS: Domain Name: dns2.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 192.54.35.100 DNS:
IP: ----- IP Header ----- IP: Source address = 128.59.19.191, bart.cs.columbia.edu IP: Destination address = 129.26.8.82, 129.26.8.82 IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 33172 UDP: Destination port = 53 (DNS) UDP: Length = 42 UDP: Checksum = FC9C UDP: DNS: ----- DNS Header ----- DNS: DNS: Query ID = 9575 DNS: Opcode: Query DNS: RD (Recursion Desired) DNS: 1 question(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS:
This server finally provides the answer we were looking for. www.fokus.gmd.de is actually a CNAME record and points to saturn.fokus.gmd.de, for which the server kindly provides the IP address.
IP: ----- IP Header ----- IP: Source address = 129.26.8.82, 129.26.8.82 IP: Destination address = 128.59.19.191, bart.cs.columbia.edu IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 33172 UDP: Length = 261 UDP: Checksum = 02B5 UDP: DNS: ----- DNS Header ----- DNS: DNS: Response ID = 9575 DNS: AA (Authoritative Answer) RA (Recursion Available) DNS: Response Code: 0 (OK) DNS: Reply to 1 question(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: DNS: 2 answer(s) DNS: Domain Name: www.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 5 (Canonical Name) DNS: TTL (Time To Live): 86400 DNS: Canonical Name: saturn.fokus.gmd.de. DNS: DNS: Domain Name: saturn.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 195.37.76.19 DNS: DNS: 3 name server resource(s) DNS: Domain Name: fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: gaia.fokus.gmd.de. DNS: DNS: Domain Name: fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: helios.fokus.gmd.de. DNS: DNS: Domain Name: fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 2 (Authoritative Name Server) DNS: TTL (Time To Live): 86400 DNS: Authoritative Name Server: dns.gmd.de. DNS: DNS: 7 additional record(s) DNS: Domain Name: gaia.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 193.174.154.10 DNS: DNS: Domain Name: helios.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 193.175.132.5 DNS: DNS: Domain Name: helios.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 193.175.133.5 DNS: DNS: Domain Name: helios.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 193.175.135.5 DNS: DNS: Domain Name: helios.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 195.37.78.5 DNS: DNS: Domain Name: helios.fokus.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 193.174.154.5 DNS: DNS: Domain Name: dns.gmd.de. DNS: Class: 1 (Internet) DNS: Type: 1 (Address) DNS: TTL (Time To Live): 86400 DNS: Address: 129.26.8.82 DNS: