Run Wireshark . Click on the Pseudo-device that captures on all interfaces --- i
ID: 3702900 • Letter: R
Question
Run Wireshark. Click on the Pseudo-device that captures on all interfaces --- it will start capturing traffic, and show the count of the number of Ethernet frames captured of varying types. Stop after you've captured a few hundred and look at the kinds of traffic. If you aren't seeing any traffic, open a browser and start accessing some Web sites.
Use Wireshark to capture just DNS packets (which are UDP packets on port 53).
To do that, put "port 53" into the capture filter box (not display filter) that is visible from Capture->Options.
Why use UDP packets for DNS as opposed to TCP packets?
Why do we filter on port 53?
Now visit a new site, such as http://www.eecs.ku.edu and capture a few dozen DNS requests and responses. You'll likely see a number of AAAA queries.
What are the AAAA queries?
Explanation / Answer
Is there any traffic between the IPv6 response and the IPv4 query? The customer would not realize that IPv6 isn't upheld by the ISP. Regularly, after the IPv6 reaction, the customer would endeavor to make an association utilizing IPv6. In the event that the association endeavor bombs, at that point the customer would complete an IPv4 question took after by an IPv4 association endeavor, accepting that it gets a DNS reaction to the IPv4 inquiry.
One part of double convention conduct that regularly astonishes people groups is that hosts send two separate DNS questions to their resolver. What's more, today, to be honest, all hosts are double convention bilingual and can utilize either IP adaptation (4 or 6) for their DNS movement or for the DNS inquiries and reactions contained inside. The reason that there are separate IPv4 A record and IPv6 AAAA record DNS inquiries is that early IPv6 arrangements every so often experienced issues with more seasoned IPv4-just resolvers.
On the off chance that a host sent an ANY inquiry or an IPv6 AAAA DNS question to a resolver which was not IPv6-educated, the resolver would restore a mistaken reaction code (RCODE, for example, NXDOMAIN. The would lead the host to trust that the space did not exist, when in truth there was a flawlessly legitimate IPv4 A record that, if returned, would have brought about the host in any event making an association over IPv4.
Since these more established DNS resolvers couldn't deal with an AAAA inquiry or reaction accurately, the IETF issued RFC 4074 "Normal Misbehavior Against DNS Queries for IPv6 Addresses". Presently, has issue isolate AAAA and An inquiries and if the AAAA inquiry fizzles, it is likely that the A question will succeed and the host can associate.
For instance, here is a Wireshark bundle catch demonstrating that a basic DNS question for www.rmv6tf.org came about four parcels on the system. The DNS inquiry began with an A record question (parcel 74) trailed by an A record reaction (bundle 75). At that point an AAAA record question (parcel 76) was sent and an AAAA record reaction (bundle 79) was returned. The AAAA question is extended in the edge bundle decipher window.
IB - Separate An and AAAA question v2-small.jpg
In 2011, when World IPv6 Day was drawing closer, there was huge work performed to enhance how has worked in double convention conditions and recuperated from disappointments of either IP form. The IETF issued RFC 6555 "Upbeat Eyeballs", which laid out a more forceful calculation that would give association flexibility and make the Internet clients/clients/eyeballs more joyful with their availability. This glad eyeballs method can be actualized in a web program like Chrome, or the calculation can be executed in the host OS like with Microsoft Network Connectivity Status Indicator (NCSI) or in Apple iOS or OS X. In any case, the result is that hosts can work adequately in double convention conditions and can recuperate and set up IP associations utilizing the rendition that gives the best end-client encounter.
Risks of ANY Queries
There are different issues with DNS questions for Query Class (QCLASS) ANY adjacent to causing issues for exceptionally old DNS resolvers that don't comprehend IPv6 AAAA records. A DNS ANY question can bring about a considerable measure of information came back from the definitive name server. The DNS server that gets an ANY inquiry will basically react with all the data it has regarding the matter including A records, AAAA records, DNSSEC key material, and so on. On the off chance that a DNS server is going about as an Open DNS Resolver and not limiting who can question it, at that point it might take part as an accidental supporter of a DDoS assault. These same sorts of DDoS assaults can happen, with DNS, as well as with NTP, and may use unreliable IoT gadgets.
Today, the real employments of an ANY inquiry are nearly non-existent, yet the loathsome employments of ANY are various. Presently there are associations that need to quit noting ANY inquiries by and large. Among these associations is CloudFlare, one of the biggest IPv6-empowered Content Delivery Networks (CDNs). CDNs are another way that we can circumnavigate the Internet oceans. CloudFlare quit noting ANY DNS questions more than one year prior. On the off chance that you send an inquiry for ANY to CloudFlare you will get back a NotImp (Not Implemented) RCODE. CloudFlare's group has additionally taken a shot at two IETF DNSOP working gathering drafts on this point, "DNS Meta-Queries limited" and "Giving Minimal-Sized Responses to DNS Queries that have QTYPE=ANY"
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.