Evaluating queries and responses
DNS queries and responses are pretty straightforward. A client sends a query to a DNS server for an IP address and the server responds with the information. In this section, we'll take a look at some of the behavior during a transaction, such as caching responses, along with monitoring average response times during a transaction using Wireshark.
We'll then evaluate what happens when we need to troubleshoot DNS, and how nslookup helps to check and verify the response. Finally, we'll take a look at spoofing DNS, and how we can secure the process.
Let's start with learning how caching plays a part in the DNS process.
Caching a response
Anything on the network has a time limit. DNS is no exception. When a server returns a response, there are several elements within the answer. Within that response is the TTL value, which reflects how long the record can live in the cache before disappearing.
The TTL value can vary by system...
