Lecture 14: DNS
Intro to DNS
Assuming the cache is empty, which name servers would a DNS resolver contact to learn the IP address of oh.cs161.org?
(True/False) oogle.com is a subdomain of google.com.
Note: The second half of this video walks through the same DNS lookup as the one in video 14.2, so if you feel comfortable with the DNS lookup process, you can stop watching this video at 2:10.
In the previous video, the root responded to a query for eecs.mit.edu with "Don't know, but ask .edu with IP 192.0.0.1." What records represent this reply, and what section is each record sent in?
DNS Cache Poisoning
If the .edu name server is compromised, what records can the resolver no longer trust?
If the ID field is randomized, what is the probability an on-path attacker successfully spoofs a DNS packet? Assume the on-path attacker always wins the race against the legitimate response.
How does the Kaminsky attack avoid bailiwick checking (the resolver checking that google.com only provides records for *.google.com)?