I. Introduction▲
I-A. La résolution des noms▲
Tous les internautes vous le diront, l'URL est le gouvernail de la navigation sur le Net.
- URL : Uniform Resource Locator. C'est la méthode d'accès à un document distant. Un lien hypertexte avec une syntaxe de la forme : <Type de connexion>://<FQDN>/[<sous-répertoire>]/…/<nom du document>. Le RFC 1034 définit les concepts de ce système ;
- FQDN : Full Qualified Domain Name. Le nom complet d'un hôte, sur l'Internet, c'est-à -dire de la machine jusqu'au domaine, en passant par les sous-domaines.
I-B. Les serveurs DNS▲
Ils sont en place pour permettre la résolution de FQDN en adresses IP (et réciproquement, si nécessaire). En utilisation courante, nous exploitons un serveur DNS « récursif » dont l'adresse IP est généralement fournie par DHCP ou RADIUS, suivant le cas. Ces serveurs ne gèrent pas obligatoirement de zones particulières, mais savent effectuer les recherches nécessaires dans une architecture arborescente que nous allons voir en détail, pour résoudre n'importe quel nom d'hôte.
Cette architecture arborescente est construite au niveau mondial et nous verrons que c'est une petite merveille d'organisation.
I-C. Objectifs de ce chapitre▲
L'objectif avoué est double :
- fournir aux internautes « non spécialistes » les informations de base nécessaires à la compréhension de la résolution des noms ;
- donner des informations approfondies sur les mécanismes utilisés à ceux qui souhaitent comprendre plus en profondeur le fonctionnement de DNS.
II. Notions de base▲
II-A. Découverte du serveur DNS utilisé▲
Donc, notre fournisseur d'accès nous propose une ou plusieurs adresses de serveurs DNS récursifs, et notre système va les récupérer lors de sa configuration IP. Pour connaître ces adresses, il faut savoir retrouver sa configuration. La façon de faire varie suivant le système d'exploitation utilisé.
Windows propose quelques chemins plus ou moins détournés. Le plus simple est sans doute d'utiliser la commande dans une invite de commande :
C:\Documents and Settings\chris>nslookup
Serveur par défaut : dns1.proxad.net
Address: 212.27.40.240
Nous sommes ici dans le cas d'une machine sous Windows XP, connectée à une FreeBox en mode pont Ethernet (nous n'exploitons pas les fonctions de routage). Il est également possible de récupérer l'information avec la commande :
C:\Documents and Settings\chris>ipconfig /all
Configuration IP de Windows
...
Carte Ethernet Connexion au réseau local:
...
Serveurs DNS . . . . . . . . . . : 212.27.40.240
212.27.40.241
Pour les distributions GNU/Linux, l'information se trouve généralement dans le fichier /etc/resolv.conf :
# cat /etc/resolv.conf
nameserver 212.27.40.240
nameserver 212.27.40.241
II-B. Test de résolution▲
Windows XP propose la commande nslookup, qui permet d'effectuer une résolution manuellement. Exemple :
C:\Documents and Settings\caleca>nslookup irp.nain-t.net
Serveur par défaut : dns1.proxad.net
Address: 212.27.40.240
Réponse ne faisant pas autorité :
Nom : irp.nain-t.net
Address: 213.186.40.149
Ça fonctionne et le texte « Réponse ne faisant pas autorité » est à se mettre sous le coude, nous comprendrons plus tard ce que cela veut dire.
Dans les systèmes GNU/Linux, la commande nslookup n'est plus maintenue. Les outils à retenir sont host et dig.
# host irp.nain-t.net
irp.nain-t.net has address 213.186.40.149
Quel que soit le service que nous utilisons sur un réseau, navigateur Web, client de messagerie, IRC, dès lors que nous identifions le serveur interrogé par son nom, le système devra effectuer une résolution de ce nom, de manière à trouver l'adresse IP correspondante, et exploitera les services du serveur DNS, comme nous l'avons fait avec nslookup ou host.
II-C. Analyse d'un FQDN▲
Prenons un exemple un peu compliqué, comme www.education.gouv.fr ; en toute rigueur, il serait plus correct d'écrire www.education.gouv.fr. (avec un point final, subtile différence).
- la partie la plus à gauche représente toujours un hôte ;
- la partie la plus à droite représente toujours un domaine générique (TLD) ;
- entre les deux, les éventuels sous-domaines et le domaine déposé de l'entité concernée.
Ainsi, un serveur (un hôte), ici www appartiendrait à un sous-domaine (education) du domaine gouv, lui-même étant un élément du domaine générique fr (la réalité n'est hélas pas si simple, comme l'avenir va le montrer). Notons qu'il serait plus judicieux de parler d'un nœud ; en effet, un hôte peut disposer de plusieurs interfaces réseau et donc disposer de plusieurs adresses IP.
Nous avons donc une structure arborescente dont l'origine est le fameux point final, que l'on omet généralement, mais qui existe bel et bien et qui représente la racine de l'arbre. Nous pouvons d'ailleurs utiliser la commande host comme ceci :
$ host www.education.gouv.fr.
www.education.gouv.fr is an alias for front.webedu.men.aw.atosorigin.com.
front.webedu.men.aw.atosorigin.com has address 160.92.130.142
Tiens, voilà autre chose…
www.education.gouv.fr ne serait pas un « vrai nom », mais simplement un synonyme de front.webedu.men.aw.atosorigin.com ? Encore une remarque à se mettre sous le coude. En effet, DNS prévoit qu'un hôte (un nœud) puisse s'appeler de diverses manières, parfois très différentes comme c'est le cas ici. L'éclaircissement viendra sans doute dans la suite de ce chapitre.
II-D. Pourquoi « serveur récursif » ?▲
Dans la suite de ce chapitre, nous allons voir d'un peu plus près comment un serveur DNS est structuré et comment l'architecture arborescente d'un FQDN est en fait l'image d'une arborescence de serveurs DNS spécialisés.
A priori, un serveur DNS récursif n'a par lui-même aucune réponse, du moins aucune réponse « qui fait autorité », en revanche il sait exactement rechercher qui est dans quel ordre il faut interroger pour obtenir une réponse « qui fait autorité ». Comme en informatique, la paresse et la mémoire sont deux qualités fondamentales, notre serveur DNS récursif va conserver dans sa mémoire pendant « un certain temps » les résultats de recherche qu'il a obtenus et s'en servira en priorité, pour avoir moins de travail. Nous étudierons tout ceci plus loin, mais cette fonctionnalité explique déjà la réponse « ne faisant pas autorité » vue plus haut. En effet, lorsqu'un serveur DNS sert une réponse issue de son cache, il signale de cette manière qu'elle ne vient pas d'un serveur de référence.
III. Notions avancées▲
III-A. Considérations générales▲
Par la pratique, nous savons que la partie la plus à droite d'un FQDN est régie par des usages stricts. En effet, cette partie représente un « Top Level Domain », Domaine de premier niveau en français. Il en existe un certain nombre, ils sont définis par l'ICANN (Internet Corporation for Assigned Names and Numbers). Un article bien documenté sur Wikipédia vous donnera plus de détails.
À l'intérieur de chaque TLD, il est possible pour toute entreprise, association, personne morale ou physique, d'enregistrer un nom de domaine. Il suffit d'en faire la demande auprès d'un « registar », bureau d'enregistrement en français. Voir encore Wikipédia pour plus de détails. Le registar vérifiera l'unicité du domaine demandé, les éventuelles conditions d'obtention et se chargera des démarches pour l'enregistrement du domaine. Le coût de l'opération varie beaucoup en fonction du registar choisi.
Nous allons voir l'influence qu'a cette opération sur la structure du DNS.
III-B. La structure de DNS▲
III-B-1. Root-Servers▲
Nous avons au départ une série de serveurs DNS appelés root-servers. Nous en trouvons la liste et leur implantation dans le monde sur le site root-servers.org.
Ces serveurs ne sont pas récursifs, ne savent pas résoudre les FQDN, mais savent dire quels serveurs sont spécialisés dans les divers TLD.
III-B-2. Serveurs TLD▲
Ces serveurs DNS ne sont pas non plus récursifs, mais pour un TLD donné, savent dire quels sont les serveurs DNS qui gèrent un domaine appartenant à ce TLD.
C'est à ce niveau que le registrar intervient techniquement. Une fois le nom de domaine enregistré, le demandeur doit fournir l'adresse d'au moins un serveur DNS qui saura résoudre les noms dans le domaine en question et ce DNS doit être enregistré sur les serveurs du TLD choisi.
III-B-3. Manipulations▲
Mais une petite expérience vaut mieux qu'un long discours. Nous allons utiliser notre outil host pour chercher à résoudre le FQDN www.education.gouv.fr, non plus en posant la question à notre serveur DNS récursif, mais en partant de la source, à savoir un root-server : 192.58.128.30, en utilisant la commande comme ceci :
host -v www.education.gouv.fr 192.58.128.30
- le -v indique que l'on veut des détails (verbose) ;
- l'adresse IP en dernier argument indique quel serveur DNS nous voulons interroger.
$ host -v www.education.gouv.fr 192.58.128.30
Server: j.root-servers.net
Address: 192.58.128.30
Query about www.education.gouv.fr for record types A
Trying www.education.gouv.fr ...
Query failed, 0 answers, status: no error
Authority information:
fr 172800 IN NS E.EXT.NIC.fr
fr 172800 IN NS C.NIC.fr
fr 172800 IN NS B.EXT.NIC.fr
fr 172800 IN NS F.EXT.NIC.fr
fr 172800 IN NS A.NIC.fr
fr 172800 IN NS E.NIC.fr
fr 172800 IN NS D.EXT.NIC.fr
fr 172800 IN NS G.EXT.NIC.fr
Additional information:
A.NIC.fr 172800 IN A 192.93.0.129
A.NIC.fr 172800 IN AAAA 2001:660:3005:3:0:0:1:1
B.EXT.NIC.fr 172800 IN A 192.228.90.21
C.NIC.fr 172800 IN A 192.134.0.129
C.NIC.fr 172800 IN AAAA 2001:660:3006:4:0:0:1:1
D.EXT.NIC.fr 172800 IN A 204.152.184.85
D.EXT.NIC.fr 172800 IN AAAA 2001:4F8:0:2:0:0:0:8
E.EXT.NIC.fr 172800 IN A 193.176.144.6
E.NIC.fr 172800 IN A 194.57.253.1
F.EXT.NIC.fr 172800 IN A 194.146.106.46
G.EXT.NIC.fr 172800 IN A 204.61.216.39
www.education.gouv.fr A record currently not present at j.root-servers.net
J-root-servers.net ne répond pas directement, comme nous pouvions nous en douter. En revanche, il nous envoie la liste des serveurs DNS compétents dans le TLD fr. Reposons donc la question au premier de la liste : a.nic.fr :
$ host -v www.education.gouv.fr 192.93.0.129
Server: a.nic.fr
Address: 192.93.0.129
Query about www.education.gouv.fr for record types A
Trying www.education.gouv.fr ...
Query failed, 0 answers, status: no error
Authority information:
education.gouv.fr 172800 IN NS ns4.atos.net
education.gouv.fr 172800 IN NS ns3.atos.net
www.education.gouv.fr A record currently not present at a.nic.fr
Cette réponse nous apprend deux choses :
- pour résoudre des noms dans le domaine education.gouv.fr, il faut poser la question à ns4.atos.net ou à ns3.atos.net.
Malheureusement, nous ne disposons pas cette fois-ci des « Additionnal information » et n'avons pas l'adresse IP de ces serveurs. Il nous reste à repartir du début avec une nouvelle requête :
$ host -v ns4.atos.net 192.58.128.30
Server: j.root-servers.net
Address: 192.58.128.30
Query about ns4.atos.net for record types A
Trying ns4.atos.net ...
Query failed, 0 answers, status: no error
Authority information:
net 172800 IN NS J.GTLD-SERVERS.net
net 172800 IN NS K.GTLD-SERVERS.net
net 172800 IN NS G.GTLD-SERVERS.net
net 172800 IN NS M.GTLD-SERVERS.net
net 172800 IN NS C.GTLD-SERVERS.net
net 172800 IN NS H.GTLD-SERVERS.net
net 172800 IN NS D.GTLD-SERVERS.net
net 172800 IN NS B.GTLD-SERVERS.net
net 172800 IN NS L.GTLD-SERVERS.net
net 172800 IN NS A.GTLD-SERVERS.net
net 172800 IN NS F.GTLD-SERVERS.net
net 172800 IN NS E.GTLD-SERVERS.net
net 172800 IN NS I.GTLD-SERVERS.net
Additional information:
A.GTLD-SERVERS.net 172800 IN A 192.5.6.30
A.GTLD-SERVERS.net 172800 IN AAAA 2001:503:A83E:0:0:0:2:30
B.GTLD-SERVERS.net 172800 IN A 192.33.14.30
B.GTLD-SERVERS.net 172800 IN AAAA 2001:503:231D:0:0:0:2:30
C.GTLD-SERVERS.net 172800 IN A 192.26.92.30
D.GTLD-SERVERS.net 172800 IN A 192.31.80.30
E.GTLD-SERVERS.net 172800 IN A 192.12.94.30
F.GTLD-SERVERS.net 172800 IN A 192.35.51.30http://www.google.fr/
G.GTLD-SERVERS.net 172800 IN A 192.42.93.30
H.GTLD-SERVERS.net 172800 IN A 192.54.112.30
I.GTLD-SERVERS.net 172800 IN A 192.43.172.30
J.GTLD-SERVERS.net 172800 IN A 192.48.79.30
K.GTLD-SERVERS.net 172800 IN A 192.52.178.30
L.GTLD-SERVERS.net 172800 IN A 192.41.162.30
ns4.atos.net A record currently not present at j.root-servers.net
À peine plus avancés, interrogeons alors a.gtld-servers.net :
$ host -v ns4.atos.net 192.5.6.30
Server: a.gtld-servers.net
Address: 192.5.6.30
Query about ns4.atos.net for record types A
Trying ns4.atos.net ...
Query done, 1 answer, status: no error
The following answer is not authoritative:
ns4.atos.net 172800 IN A 193.56.46.248
Authority information:
atos.net 172800 IN NS ns3.atos.net
atos.net 172800 IN NS ns4.atos.net
Additional information:
ns3.atos.net 172800 IN A 160.92.121.6
ns4.atos.net 172800 IN A 193.56.46.248
Nous n'avons jamais été aussi proches de la solution finale. Une dernière question à ns4.atos.net dont nous connaissons désormais l'adresse IP :
$ host www.education.gouv.fr 193.56.46.248
www.education.gouv.fr CNAME front.webedu.men.aw.atosorigin.com
front.webedu.men.aw.atosorigin.com A 160.92.130.142
Et voilà le travail. Nous pouvons constater à quel point il peut être fastidieux et nous nous félicitons de disposer d'un bon gros serveur DNS récursif, qui fait tout ce travail à notre place. Car c'est exactement de cette manière qu'il s'y prend pour nous obtenir la réponse.
Les renseignements qu'il glane en effectuant cette recherche, il va les garder en mémoire et s'en resservira pour d'éventuelles résolutions futures. Nous verrons que pour cette raison, les serveurs « qui font autorité » indiquent une durée de validité pour les informations qu'ils donnent. Ainsi, les serveurs récursifs devront rafraîchir le contenu de leur cache en fonction de cette durée de validité.
IV. Construire un serveur DNS▲
Pourquoi faire :
- pour comprendre mieux comment ça fonctionne ;
- pour disposer d'une solution de secours si le(s) serveur(s) DNS de notre fournisseur d'accès montre(nt) des signes de faiblesse ;
- pour se créer un petit intranet sympa, même avec un nom de domaine « en bois » qui ne sera fonctionnel que sur notre LAN.
Les raisons sont-elles suffisantes ? Oui, alors allons-y. Nous avons bien un vieux PC qui traîne dans un coin et qui ne demande qu'à reprendre du service. Nous y installons une Debian (Lenny dans ce qui suit), sans aucune fioriture, le strict minimum, quoi. Avec bind9 et quelques outils de base, nous ne dépasserons pas les 800 Mo sur le disque et 256 Mo de RAM pourront faire l'affaire, si notre réseau local ne dépasse pas 100 postes…
IV-A. Bon gros avertissement▲
Ce que nous allons faire ici est destiné à l'usage exclusif de notre LAN. Aucune considération de sécurité ne sera abordée. Si le principe reste le même pour la mise en place d'un serveur DNS public, il faudra prendre en compte tous les risques d'agression et ils sont nombreux.
aptitude install bind9 bind9-host
Qu'avons-nous ajouté sur notre machine ? Le très célèbre serveur DNS de chez ISC, nommé bind, dans sa version 9 et la commande host.
IV-B. Un simple cache▲
En l'état, notre bind est fonctionnel, c'est un serveur DNS récursif qui sait par lui-même répondre à toutes les demandes de résolution de FQDN de l'Internet. La preuve ?
# host -v www.altavista.fr 127.0.0.1
Trying "www.altavista.fr"
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29138
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;www.altavista.fr. IN A
;; ANSWER SECTION:
www.altavista.fr. 7200 IN CNAME rc.yahoo.com.
rc.yahoo.com. 1800 IN CNAME rc.fy.b.yahoo.com.
rc.fy.b.yahoo.com. 300 IN A 206.190.60.37
;; AUTHORITY SECTION:
fy.b.yahoo.com. 300 IN NS yf1.yahoo.com.
fy.b.yahoo.com. 300 IN NS yf2.yahoo.com.
Received 134 bytes from 127.0.0.1#53 in 961 ms
Trying "rc.fy.b.yahoo.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15133
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rc.fy.b.yahoo.com. IN AAAA
;; AUTHORITY SECTION:
fy.b.yahoo.com. 30 IN SOA yf1.yahoo.com. hostmaster.yahoo-inc.com. 1233237548 30 30 86400 1800
Received 96 bytes from 127.0.0.1#53 in 30 ms
Trying "rc.fy.b.yahoo.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45688
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rc.fy.b.yahoo.com. IN MX
;; AUTHORITY SECTION:
fy.b.yahoo.com. 30 IN SOA yf1.yahoo.com. hostmaster.yahoo-inc.com. 1233237548 30 30 86400 1800
Received 96 bytes from 127.0.0.1#53 in 31 ms
L'emploi de l'option -v rend la réponse un peu indigeste, mais assez instructive.
Nous apprenons que www.altavista.fr. n'est qu'un alias de rc.yahoo.com., lui-même alias de rc.fy.b.yahoo.com. et que son adresse IP est 206.190.60.37.
En prime, nous apprenons que le domaine fy.b.yahoo.com. est géré par les serveurs DNS yf1.yahoo.com. et yf2.yahoo.com., que www.altavista.fr. ne dispose pas d'adresse IP v6, la réponse à la question ; rc.fy.b.yahoo.com. IN AAAA aurait eu une réponse et enfin, que le SOA pour ce domaine est yf1.yahoo.com.. C'est quoi un SOA ? Rappelez-moi d'en parler plus loin dans ce chapitre si jamais j'oubliais.
Toutes ces informations, c'est notre bind à nous qui les a trouvées en se débrouillant tout seul, et en 961 millisecondes seulement ! Nous n'aurions pas fait mieux.
Bien sûr nous pouvons lui poser une question plus simple (sans l'option -v) pour un nœud qui n'a rien à voir :
# host www.google.fr 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
www.google.fr is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 209.85.129.147
www.l.google.com has address 209.85.129.99
www.l.google.com has address 209.85.129.104
C'est plus lisible, il y a moins d'informations. Remarquez qu'un seul nom dispose ici de plusieurs adresses IP. C'est du « round-robin » (tourniquet en français). À quoi ça sert ? Rappelez-moi d'en parler plus loin dans ce chapitre si jamais j'oubliais…
Bref, notre bind sait parfaitement effectuer pour nous toute résolution de FQDN, nous pouvons désormais nous passer des serveurs DNS récursifs de notre fournisseur d'accès, à l'exception des clients d'Orange™ qui devront prendre quelques précautions et là encore, nous verrons pourquoi plus tard.
IV-B-1. Par quel prodige ?▲
Notre installation de bind9 a produit une configuration par défaut, minimaliste, qui permet au serveur de fonctionner en mode récursif. Sans entrer dans tous les détails, allons-y voir de plus près.
Tout se trouve (sur Debian) dans le répertoire /etc/bind.
# cd /etc/bind
debvirt:/etc/bind# ls -l
total 44
-rw-r--r-- 1 root root 237 jan 2 18:19 db.0
-rw-r--r-- 1 root root 271 jan 2 18:19 db.127
-rw-r--r-- 1 root root 237 jan 2 18:19 db.255
-rw-r--r-- 1 root root 353 jan 2 18:19 db.empty
-rw-r--r-- 1 root root 270 jan 2 18:19 db.local
-rw-r--r-- 1 root root 2878 jan 2 18:19 db.root
-rw-r--r-- 1 root bind 907 jan 2 18:19 named.conf
-rw-r--r-- 1 root bind 165 jan 2 18:19 named.conf.local
-rw-r--r-- 1 root bind 572 jan 2 18:19 named.conf.options
-rw-r----- 1 bind bind 77 jan 29 14:16 rndc.key
-rw-r--r-- 1 root root 1317 jan 2 18:19 zones.rfc1918
Nous n'en avons pas parlé jusqu'ici, mais il faut tout de même en dire quelques mots, de la résolution inverse, celle qui consiste à retrouver un nom d'hôte à partir de son adresse IP. Ce service est peu utilisé par le particulier (entendez par là l'internaute en général). Il l'est cependant parfois par des services sur l'Internet, par exemple SMTP, pour tenter de lutter contre le spam. Pour cette raison, nous n'en dirons pas plus sur la question.
Voyons sans plus tarder le contenu de named.conf qui, de toute évidence, constitue le fichier de configuration principal :
# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
Déjà , nous constatons que ce fichier fait lui-même appel à deux autres fichiers de configuration, named.conf.options et named.conf.local. Nous aurons à modifier au moins l'un d'entre eux. En revanche, named.conf ne devrait (sur Debian) jamais être modifié, sauf par les mises à jour futures de la distribution.
À part ceci, nous observons des déclarations de zones, presque toutes destinées à la résolution inverse, à l'exception de celles qui sont surlignées en vert (NDLR, les trois premières).
IV-B-1-a. La zone « localhost »▲
Pas bien utile en général, elle permet de résoudre localhost :
# cat db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
Le fichier db.local a une structure que nous aurons besoin de détailler plus tard. Nous y apprenons que localhost dispose des adresses 127.0.0.1 en IPv4 et ::1 en IPv6, ce que nous savions probablement déjà .
IV-B-1-b. La zone « . »▲
Plus intéressant est le fichier db.root :
# cat db.root
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Feb 04, 2008
; related version of root zone: 2008020400
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
Il contient en effet toutes les informations sur les root-servers, sans quoi, notre bind n'aurait rien pu faire. Notez que le ; est un signe de commentaire.
Le contenu de ce fichier évolue peu dans le temps et les mises à jour de la distribution suffisent normalement à le maintenir dans un état satisfaisant. Notez que certains (mais peu encore) des root-servers disposent d'une adresse IPv6.
IV-C. Créer une zone▲
Tout ceci est bien, mais nous voudrions maintenant créer une zone pour notre intranet, avec un nom de domaine « en bois » par exemple maison.mrs. Le TLD n'existe pas, le domaine maison.mrs ne peut donc exister sur l'Internet, mais il peut parfaitement fonctionner sur notre LAN.
Pour ce faire, il nous faut tout de même entrer un peu plus dans le détail des informations que peut donner un serveur DNS.
IV-C-1. $TTL▲
Indique en secondes la durée de vie de l'information fournie. Les serveurs DNS récursifs conserveront en cache les informations récoltées pendant la durée indiquée dans ce paramètre. 0 devrait indiquer que les valeurs ne doivent pas être conservées en cache (utile pour les « dyn DNS », mais c'est une autre histoire).
IV-C-2. SOA▲
Start Of Authority. Si nous avons plusieurs serveurs DNS qui servent la même zone, nous avons vu l'exemple pour yahoo.com qui en a deux, mais il pourrait y en avoir plus, il y en a un qui est le serveur « maître », les autres n'étant que des « esclaves », c'est-à -dire de simples répliquas. L'administrateur met à jour le maître, qui notifiera ses esclaves (l'informaticien a une tendance à la paresse). Le champ SOA indique donc quel est le serveur « maître ».
Nous pouvons d'ailleurs, au moyen de la commande host savoir rapidement toutes ces choses :
# host -t ns yahoo.com
yahoo.com name server ns4.yahoo.com.
yahoo.com name server ns6.yahoo.com.
yahoo.com name server ns1.yahoo.com.
yahoo.com name server ns3.yahoo.com.
yahoo.com name server ns5.yahoo.com.
yahoo.com name server ns8.yahoo.com.
yahoo.com name server ns2.yahoo.com.
Tiens, il y a bien plus de deux Name Servers pour le domaine yahoo.com, finalement… Mais tous n'ont pas forcément besoin d'être référencés sur les serveurs du TLD com, deux suffisent.
Mais quel est dans cette liste le serveur « maître » ?
# host -t soa yahoo.com
yahoo.com has SOA record ns1.yahoo.com. hostmaster.yahoo-inc.com. 2009012906 3600 300 1814400 600
C'est ns1.yahoo.com. et nous disposons également d'autres informations, que nous allons retrouver lors de la construction de notre zone « maison ». Nous avons l'assurance que ce serveur fournira toujours la bonne information (sauf erreur de l'administrateur).
Comme nous allons le voir, le symbole @ n'a pas ici la signification habituelle « at ». Aussi, l'adresse e-mail du responsable de la zone est marquée : hostmaster.yahoo-inc.com.. Si nous avons une remarque à faire au responsable de la zone, nous adresserons le message à hostmaster@yahoo-inc.com.
IV-C-2-a. Serial▲
Numéro de série qu'il faut incrémenter à chaque modification de la zone. Il est d'usage de le construire à partir de la date de modification. Ainsi, dans l'exemple précédent, nous pouvons imaginer que le serveur a été mis à jour le 29 janvier 2009, peut être à 6h GMT, ou alors ce serait la sixième modification opérée ce jour. Cette façon de faire est une recommandation, mais pas une obligation. Un simple incrément suffit. Ce numéro de série permet aux serveurs « esclaves » de savoir s'il y a eu ou non une modification de la zone depuis leur dernière synchronisation.
IV-C-2-b. Refresh▲
Indique en seconde le temps au bout duquel les serveurs « esclaves », aussi appelés secondaires, devront demander à rafraîchir leurs données pour cette zone. 3600 secondes dans l'exemple, soit une heure.
IV-C-2-c. Retry▲
Indique en secondes au bout de combien de temps un serveur esclave doit réessayer de se synchroniser si la tentative a échoué après le temps refresh. Ici toutes les 300 secondes, soit toutes les 5 minutes.
IV-C-2-d. Expire▲
Si toutes les tentatives de synchronisation échouent, indique le temps (en secondes) au bout duquel les serveurs secondaires devront considérer qu'ils ne savent plus répondre aux requêtes concernant cette zone. Ici 1814400 secondes, soit 21 jours ! Mieux vaut donner une réponse peut-être fausse que de ne pas en donner du tout ?
IV-C-2-e. Negative Cache TTL▲
Paramètre dont la signification est assez floue. Pour bind9, indique le temps pendant lequel les caches (DNS récursifs) conserveraient l'information NXDOMAIN, « le domaine n'existe pas », lorsqu'un incident s'est produit.
IV-C-3. NS, A, AAAA, CNAME et les autres▲
Le champ NS (Name Server) indique le nom d'un serveur de noms. Pour une zone donnée, s'il y a plusieurs serveurs de noms, il y aura plusieurs champs NS.
Le champ A (Address) fait correspondre un nom à une adresse IPv4, alors que le champ AAAA fera correspondre un nom à une adresse IPv6.
Le champ CNAME (Common Name) fait correspondre un alias à un « vrai nom ». Le « vrai nom » doit disposer par ailleurs d'un champ A, dans la même zone ou dans une autre, sur le même serveur ou sur un autre (nous en avons vu un exemple avec www.education.gouv.fr).
Il existe encore d'autres champs comme MX (Mail eXchanger), utile pour le protocole SMTP ou TXT (utile surtout, hélas, pour « tunnelliser » n'importe quoi dans du protocole DNS, mais c'est une autre affaire).
IV-C-4. Le symbole « @ »▲
Dans un fichier de configuration de zone, ce symbole représente exactement le nom de domaine de la zone. Par exemple, lorsque nous allons créer notre zone maison.mrs, écrire :
maison.mrs. IN SOA ...
Nous pourrons écrire :
@ IN SOA ...
IV-C-5. La zone maison.mrs▲
Nous en savons assez pour créer notre zone « maison ». Notre serveur va s'appeler debvirt.maison.mrs et dispose de l'adresse IP 192.168.0.254 :
Créons d'abord dans /etc/bind/ un fichier nommé par exemple : db.maison.mrs qui contiendrait ceci :
$TTL 1600
@ IN SOA debvirt.maison.mrs. root.debvirt.maison.mrs. (
2009012901 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
1600 ) ; Negative Cache TTL
;
@ IN NS debvirt.maison.mrs.
@ IN A 192.168.0.254
debvirt IN A 192.168.0.254
test1 IN A 192.168.0.1
test2 IN CNAME test1
test3 IN CNAME irp.nain-t.net.
Ceci devrait permettre de répondre aux requêtes de type NS pour le domaine maison.mrs, de répondre aussi aux requêtes de type A pour debvirt.maison.mrs et pour test1.maison.mrs, constater aussi que les alias fonctionnent dans et hors du domaine.
Il nous faut maintenant indiquer à bind que cette zone existe. Nous allons le faire dans le fichier /etc/bind/named.conf.local :
zone "maison.mrs" {
type master;
file "/etc/bind/db.maison.mrs";
};
Enfin, nous redémarrons bind avec un /etc/init.d/bind9 restart et nous contrôlons
# host -a maison.mrs
Trying "maison.mrs"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59474
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;maison.mrs. IN ANY
;; ANSWER SECTION:
maison.mrs. 1600 IN SOA debvirt.maison.mrs. root.debvirt.maison.mrs. 2009012901 604800 86400 2419200 1600
maison.mrs. 1600 IN NS debvirt.maison.mrs.
maison.mrs. 1600 IN A 192.168.0.254
;; ADDITIONAL SECTION:
debvirt.maison.mrs. 1600 IN A 192.168.0.254
Received 123 bytes from 127.0.0.1#53 in 1 ms
# host test1.maison.mrs
test1.maison.mrs has address 192.168.0.1
# host test2.maison.mrs
test2.maison.mrs is an alias for test1.maison.mrs.
test1.maison.mrs has address 192.168.0.1
# host test3.maison.mrs
test3.maison.mrs is an alias for irp.nain-t.net.
irp.nain-t.net has address 213.186.40.149
Tout va bien, notre serveur DNS fonctionne parfaitement.
IV-D. Conclusion▲
Encore une fois, cette configuration ne tient compte d'aucune considération sécuritaire. Cependant, nous avons un service récursif pour les résolutions sur l'Internet et qui pourra gérer les noms dans notre intranet.
IV-E. Note pour Orangeâ„¢▲
De longue date, ce petit problème existe. De nombreux clients utilisent les services de smtp.wanadoo.fr pour envoyer leurs e-mails. Faisons avec notre beau bind une résolution de smtp.wanadoo.fr :
# host smtp.wanadoo.fr
smtp.wanadoo.fr has address 80.12.242.148
smtp.wanadoo.fr has address 193.252.22.65
smtp.wanadoo.fr has address 193.252.22.78
smtp.wanadoo.fr has address 193.252.22.92
smtp.wanadoo.fr has address 193.252.23.67
smtp.wanadoo.fr has address 80.12.242.9
smtp.wanadoo.fr has address 80.12.242.15
smtp.wanadoo.fr has address 80.12.242.53
smtp.wanadoo.fr has address 80.12.242.62
smtp.wanadoo.fr has address 80.12.242.82
smtp.wanadoo.fr has address 80.12.242.142
Voyons maintenant depuis une connexion Orange™, qui utilise les serveurs DNS renseignés par la connexion PPPoE :
# host smtp.wanadoo.fr
smtp.wanadoo.fr has address 193.252.22.74
smtp.wanadoo.fr has address 193.252.22.91
smtp.wanadoo.fr has address 193.252.23.66
smtp.wanadoo.fr has address 80.12.242.10
smtp.wanadoo.fr has address 80.12.242.16
smtp.wanadoo.fr has address 80.12.242.52
smtp.wanadoo.fr has address 80.12.242.61
smtp.wanadoo.fr has address 80.12.242.86
smtp.wanadoo.fr has address 80.12.242.141
smtp.wanadoo.fr has address 193.252.22.64
Ce ne sont pas les mêmes… Pourquoi ?
Il faut le demander aux administrateurs de wanadoo.fr. Toujours est-il que votre vaillant Firefox (ou équivalent), si vous êtes usagers de smtp.wanadoo.fr, ne parviendra pas à poster vos messages, la résolution faite par notre cache personnel ne donnant pas les bons serveurs. La solution est de créer sur notre bind une zone wanadoo.fr de type « forward » et d'y indiquer les adresses IP des serveurs DNS fournis par la connexion Orange™. La documentation de bind indique comment réaliser cette opération. Cette documentation complète se trouve sur le site d'ISC (124 pages en anglais, pour la version 9.4, fournie avec Lenny) dont la lecture est indispensable si l'on souhaite réaliser un serveur public ou simplement découvrir toutes les possibilités de l'outil.
IV-F. Psst ! le round-robin ?…▲
Comme nous l'avons vu, il arrive parfois qu'à un FQDN correspondent plusieurs adresses IP (parfois nombreuses, comme dans le cas de smtp.wanadoo.fr). Reprenons l'exemple plus simple de www.google.fr, en posant trois fois de suite la même question à notre serveur :
# host www.google.fr
www.google.fr is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 209.85.129.104
www.l.google.com has address 209.85.129.147
www.l.google.com has address 209.85.129.99
# host www.google.fr
www.google.fr is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 209.85.129.99
www.l.google.com has address 209.85.129.104
www.l.google.com has address 209.85.129.147
# host www.google.fr
www.google.fr is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 209.85.129.147
www.l.google.com has address 209.85.129.99
www.l.google.com has address 209.85.129.104
Nous observons une permutation circulaire dans l'ordre des réponses (tourniquet). Comme l'application demandeuse prendra la première réponse servie, si trois clients de notre serveur veulent accéder tour à tour à www.google.fr, ils utiliseront chacun une adresse IP différente et donc probablement aboutiront à un serveur différent. Ce système est très souvent utilisé pour répartir simplement la charge sur plusieurs hôtes.
V. Un peu d'espionnage▲
Pour les amateurs de sniff (de réseaux), voici ce que l'on peut capturer avec un Wireshark lorsque notre serveur DNS récursif effectue lorsqu'il cherche à résoudre www.education.gouv.fr alors qu'il vient juste de démarrer et que son cache est vide. Je vous laisse la joie d'analyser ceci par vous-même. Vous y découvrirez la suite de questions posées aux divers serveurs non récursifs, pour obtenir la réponse finale :
Frame 1 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.525400000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 198.41.0.4 (198.41.0.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa99a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 198.41.0.4 (198.41.0.4)
User Datagram Protocol, Src Port: 46823 (46823), Dst Port: domain (53)
Source port: 46823 (46823)
Destination port: domain (53)
Length: 58
Checksum: 0x9150 [incorrect, should be 0xf754 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 3]
Transaction ID: 0xad84
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.education.gouv.fr: type A, class IN
Name: www.education.gouv.fr
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 2 (70 bytes on wire, 70 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.525448000
[Time delta from previous captured frame: 0.000048000 seconds]
[Time delta from previous displayed frame: 0.000048000 seconds]
[Time since reference or first frame: 0.000048000 seconds]
Frame Number: 2
Frame Length: 70 bytes
Capture Length: 70 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 198.41.0.4 (198.41.0.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 56
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa9b0 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 198.41.0.4 (198.41.0.4)
User Datagram Protocol, Src Port: 51086 (51086), Dst Port: domain (53)
Source port: 51086 (51086)
Destination port: domain (53)
Length: 36
Checksum: 0x913a [incorrect, should be 0x0fe8 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 5]
Transaction ID: 0x03ca
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type NS, class IN
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 3 (440 bytes on wire, 440 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.751144000
[Time delta from previous captured frame: 0.225696000 seconds]
[Time delta from previous displayed frame: 0.225696000 seconds]
[Time since reference or first frame: 0.225744000 seconds]
Frame Number: 3
Frame Length: 440 bytes
Capture Length: 440 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 198.41.0.4 (198.41.0.4), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 426
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: UDP (0x11)
Header checksum: 0xb43e [correct]
[Good: True]
[Bad : False]
Source: 198.41.0.4 (198.41.0.4)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 46823 (46823)
Source port: domain (53)
Destination port: 46823 (46823)
Length: 406
Checksum: 0xaf9f [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 1]
[Time: 0.225744000 seconds]
Transaction ID: 0xad84
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 8
Additional RRs: 12
Queries
www.education.gouv.fr: type A, class IN
Name: www.education.gouv.fr
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
fr: type NS, class IN, ns G.EXT.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 12
Name server: G.EXT.NIC.fr
fr: type NS, class IN, ns A.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: A.NIC.fr
fr: type NS, class IN, ns F.EXT.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: F.EXT.NIC.fr
fr: type NS, class IN, ns C.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: C.NIC.fr
fr: type NS, class IN, ns E.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: E.NIC.fr
fr: type NS, class IN, ns B.EXT.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: B.EXT.NIC.fr
fr: type NS, class IN, ns D.EXT.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: D.EXT.NIC.fr
fr: type NS, class IN, ns E.EXT.NIC.fr
Name: fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: E.EXT.NIC.fr
Additional records
A.NIC.fr: type A, class IN, addr 192.93.0.129
Name: A.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.93.0.129
A.NIC.fr: type AAAA, class IN, addr 2001:660:3005:3::1:1
Name: A.NIC.fr
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:660:3005:3::1:1
B.EXT.NIC.fr: type A, class IN, addr 192.228.90.21
Name: B.EXT.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.228.90.21
C.NIC.fr: type A, class IN, addr 192.134.0.129
Name: C.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.134.0.129
C.NIC.fr: type AAAA, class IN, addr 2001:660:3006:4::1:1
Name: C.NIC.fr
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:660:3006:4::1:1
D.EXT.NIC.fr: type A, class IN, addr 204.152.184.85
Name: D.EXT.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 204.152.184.85
D.EXT.NIC.fr: type AAAA, class IN, addr 2001:4f8:0:2::8
Name: D.EXT.NIC.fr
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:4f8:0:2::8
E.EXT.NIC.fr: type A, class IN, addr 193.176.144.6
Name: E.EXT.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.176.144.6
E.NIC.fr: type A, class IN, addr 194.57.253.1
Name: E.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 194.57.253.1
F.EXT.NIC.fr: type A, class IN, addr 194.146.106.46
Name: F.EXT.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 194.146.106.46
G.EXT.NIC.fr: type A, class IN, addr 204.61.216.39
Name: G.EXT.NIC.fr
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 204.61.216.39
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 4 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.752069000
[Time delta from previous captured frame: 0.000925000 seconds]
[Time delta from previous displayed frame: 0.000925000 seconds]
[Time since reference or first frame: 0.226669000 seconds]
Frame Number: 4
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 204.61.216.39 (204.61.216.39)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xcb62 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 204.61.216.39 (204.61.216.39)
User Datagram Protocol, Src Port: 53923 (53923), Dst Port: domain (53)
Source port: 53923 (53923)
Destination port: domain (53)
Length: 58
Checksum: 0x6f88 [incorrect, should be 0xc0ee (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 6]
Transaction ID: 0xe9f6
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.education.gouv.fr: type A, class IN
Name: www.education.gouv.fr
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 5 (685 bytes on wire, 685 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.752266000
[Time delta from previous captured frame: 0.000197000 seconds]
[Time delta from previous displayed frame: 0.000197000 seconds]
[Time since reference or first frame: 0.226866000 seconds]
Frame Number: 5
Frame Length: 685 bytes
Capture Length: 685 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 198.41.0.4 (198.41.0.4), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 671
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 52
Protocol: UDP (0x11)
Header checksum: 0xb349 [correct]
[Good: True]
[Bad : False]
Source: 198.41.0.4 (198.41.0.4)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 51086 (51086)
Source port: domain (53)
Destination port: 51086 (51086)
Length: 651
Checksum: 0x4d70 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 2]
[Time: 0.226818000 seconds]
Transaction ID: 0x03ca
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 13
Authority RRs: 0
Additional RRs: 21
Queries
<Root>: type NS, class IN
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Answers
<Root>: type NS, class IN, ns A.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 20
Name server: A.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns D.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: D.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns B.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: B.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns H.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: H.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns G.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: G.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns E.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: E.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns C.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: C.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns M.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: M.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns J.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: J.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns F.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: F.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns L.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: L.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns I.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: I.ROOT-SERVERS.NET
<Root>: type NS, class IN, ns K.ROOT-SERVERS.NET
Name: <Root>
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 6 days
Data length: 4
Name server: K.ROOT-SERVERS.NET
Additional records
A.ROOT-SERVERS.NET: type A, class IN, addr 198.41.0.4
Name: A.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 198.41.0.4
A.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:503:ba3e::2:30
Name: A.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET: type A, class IN, addr 192.228.79.201
Name: B.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.228.79.201
C.ROOT-SERVERS.NET: type A, class IN, addr 192.33.4.12
Name: C.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.33.4.12
D.ROOT-SERVERS.NET: type A, class IN, addr 128.8.10.90
Name: D.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 128.8.10.90
E.ROOT-SERVERS.NET: type A, class IN, addr 192.203.230.10
Name: E.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.203.230.10
F.ROOT-SERVERS.NET: type A, class IN, addr 192.5.5.241
Name: F.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.5.5.241
F.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:500:2f::f
Name: F.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:500:2f::f
G.ROOT-SERVERS.NET: type A, class IN, addr 192.112.36.4
Name: G.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.112.36.4
H.ROOT-SERVERS.NET: type A, class IN, addr 128.63.2.53
Name: H.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 128.63.2.53
H.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:500:1::803f:235
Name: H.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:500:1::803f:235
I.ROOT-SERVERS.NET: type A, class IN, addr 192.36.148.17
Name: I.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.36.148.17
J.ROOT-SERVERS.NET: type A, class IN, addr 192.58.128.30
Name: J.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 192.58.128.30
J.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:503:c27::2:30
Name: J.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:503:c27::2:30
K.ROOT-SERVERS.NET: type A, class IN, addr 193.0.14.129
Name: K.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 193.0.14.129
K.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:7fd::1
Name: K.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:7fd::1
L.ROOT-SERVERS.NET: type A, class IN, addr 199.7.83.42
Name: L.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 199.7.83.42
L.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:500:3::42
Name: L.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:500:3::42
M.ROOT-SERVERS.NET: type A, class IN, addr 202.12.27.33
Name: M.ROOT-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 4
Addr: 202.12.27.33
M.ROOT-SERVERS.NET: type AAAA, class IN, addr 2001:dc3::35
Name: M.ROOT-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 41 days, 16 hours
Data length: 16
Addr: 2001:dc3::35
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 6 (136 bytes on wire, 136 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.817813000
[Time delta from previous captured frame: 0.065547000 seconds]
[Time delta from previous displayed frame: 0.065547000 seconds]
[Time since reference or first frame: 0.292413000 seconds]
Frame Number: 6
Frame Length: 136 bytes
Capture Length: 136 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 204.61.216.39 (204.61.216.39), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 122
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 55
Protocol: UDP (0x11)
Header checksum: 0xd436 [correct]
[Good: True]
[Bad : False]
Source: 204.61.216.39 (204.61.216.39)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 53923 (53923)
Source port: domain (53)
Destination port: 53923 (53923)
Length: 102
Checksum: 0x4a52 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 4]
[Time: 0.065744000 seconds]
Transaction ID: 0xe9f6
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 2
Additional RRs: 1
Queries
www.education.gouv.fr: type A, class IN
Name: www.education.gouv.fr
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
education.gouv.fr: type NS, class IN, ns ns3.atos.net
Name: education.gouv.fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 14
Name server: ns3.atos.net
education.gouv.fr: type NS, class IN, ns ns4.atos.net
Name: education.gouv.fr
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns4.atos.net
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 7 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.819229000
[Time delta from previous captured frame: 0.001416000 seconds]
[Time delta from previous displayed frame: 0.001416000 seconds]
[Time since reference or first frame: 0.293829000 seconds]
Frame Number: 7
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 128.63.2.53 (128.63.2.53)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xed5c [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 128.63.2.53 (128.63.2.53)
User Datagram Protocol, Src Port: 33601 (33601), Dst Port: domain (53)
Source port: 33601 (33601)
Destination port: domain (53)
Length: 49
Checksum: 0x4d8e [incorrect, should be 0x25f0 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 11]
Transaction ID: 0x9a5a
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.atos.net: type A, class IN
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 8 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.819423000
[Time delta from previous captured frame: 0.000194000 seconds]
[Time delta from previous displayed frame: 0.000194000 seconds]
[Time since reference or first frame: 0.294023000 seconds]
Frame Number: 8
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 128.63.2.53 (128.63.2.53)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xed5c [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 128.63.2.53 (128.63.2.53)
User Datagram Protocol, Src Port: 44176 (44176), Dst Port: domain (53)
Source port: 44176 (44176)
Destination port: domain (53)
Length: 49
Checksum: 0x4d8e [incorrect, should be 0x4a98 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 13]
Transaction ID: 0x4c48
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.atos.net: type AAAA, class IN
Name: ns3.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 9 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.819623000
[Time delta from previous captured frame: 0.000200000 seconds]
[Time delta from previous displayed frame: 0.000200000 seconds]
[Time since reference or first frame: 0.294223000 seconds]
Frame Number: 9
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 128.63.2.53 (128.63.2.53)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xed5c [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 128.63.2.53 (128.63.2.53)
User Datagram Protocol, Src Port: 53775 (53775), Dst Port: domain (53)
Source port: 53775 (53775)
Destination port: domain (53)
Length: 49
Checksum: 0x4d8e [incorrect, should be 0xef3a (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 15]
Transaction ID: 0x8240
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns4.atos.net: type A, class IN
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 10 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.820219000
[Time delta from previous captured frame: 0.000596000 seconds]
[Time delta from previous displayed frame: 0.000596000 seconds]
[Time since reference or first frame: 0.294819000 seconds]
Frame Number: 10
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 128.63.2.53 (128.63.2.53)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xed5c [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 128.63.2.53 (128.63.2.53)
User Datagram Protocol, Src Port: 55181 (55181), Dst Port: domain (53)
Source port: 55181 (55181)
Destination port: domain (53)
Length: 49
Checksum: 0x4d8e [incorrect, should be 0xa621 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 17]
Transaction ID: 0xc5c0
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns4.atos.net: type AAAA, class IN
Name: ns4.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 11 (568 bytes on wire, 568 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.965519000
[Time delta from previous captured frame: 0.145300000 seconds]
[Time delta from previous displayed frame: 0.145300000 seconds]
[Time since reference or first frame: 0.440119000 seconds]
Frame Number: 11
Frame Length: 568 bytes
Capture Length: 568 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 128.63.2.53 (128.63.2.53), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 554
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 44
Protocol: UDP (0x11)
Header checksum: 0xff77 [correct]
[Good: True]
[Bad : False]
Source: 128.63.2.53 (128.63.2.53)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 33601 (33601)
Source port: domain (53)
Destination port: 33601 (33601)
Length: 534
Checksum: 0x0ebc [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 7]
[Time: 0.146290000 seconds]
Transaction ID: 0x9a5a
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 13
Additional RRs: 16
Queries
ns3.atos.net: type A, class IN
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
net: type NS, class IN, ns a.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 17
Name server: a.gtld-servers.net
net: type NS, class IN, ns b.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: b.gtld-servers.net
net: type NS, class IN, ns c.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: c.gtld-servers.net
net: type NS, class IN, ns d.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: d.gtld-servers.net
net: type NS, class IN, ns e.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: e.gtld-servers.net
net: type NS, class IN, ns f.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: f.gtld-servers.net
net: type NS, class IN, ns g.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: g.gtld-servers.net
net: type NS, class IN, ns h.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: h.gtld-servers.net
net: type NS, class IN, ns i.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: i.gtld-servers.net
net: type NS, class IN, ns j.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: j.gtld-servers.net
net: type NS, class IN, ns k.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: k.gtld-servers.net
net: type NS, class IN, ns l.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: l.gtld-servers.net
net: type NS, class IN, ns m.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: m.gtld-servers.net
Additional records
a.gtld-servers.net: type A, class IN, addr 192.5.6.30
Name: a.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.5.6.30
b.gtld-servers.net: type A, class IN, addr 192.33.14.30
Name: b.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.33.14.30
c.gtld-servers.net: type A, class IN, addr 192.26.92.30
Name: c.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.26.92.30
d.gtld-servers.net: type A, class IN, addr 192.31.80.30
Name: d.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.31.80.30
e.gtld-servers.net: type A, class IN, addr 192.12.94.30
Name: e.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.12.94.30
f.gtld-servers.net: type A, class IN, addr 192.35.51.30
Name: f.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.35.51.30
g.gtld-servers.net: type A, class IN, addr 192.42.93.30
Name: g.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.42.93.30
h.gtld-servers.net: type A, class IN, addr 192.54.112.30
Name: h.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.54.112.30
i.gtld-servers.net: type A, class IN, addr 192.43.172.30
Name: i.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.43.172.30
j.gtld-servers.net: type A, class IN, addr 192.48.79.30
Name: j.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.48.79.30
k.gtld-servers.net: type A, class IN, addr 192.52.178.30
Name: k.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.52.178.30
l.gtld-servers.net: type A, class IN, addr 192.41.162.30
Name: l.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.41.162.30
m.gtld-servers.net: type A, class IN, addr 192.55.83.30
Name: m.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.55.83.30
a.gtld-servers.net: type AAAA, class IN, addr 2001:503:a83e::2:30
Name: a.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:a83e::2:30
b.gtld-servers.net: type AAAA, class IN, addr 2001:503:231d::2:30
Name: b.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:231d::2:30
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 12 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.966490000
[Time delta from previous captured frame: 0.000971000 seconds]
[Time delta from previous displayed frame: 0.000971000 seconds]
[Time since reference or first frame: 0.441090000 seconds]
Frame Number: 12
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.33.14.30 (192.33.14.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa191 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.33.14.30 (192.33.14.30)
User Datagram Protocol, Src Port: 59259 (59259), Dst Port: domain (53)
Source port: 59259 (59259)
Destination port: domain (53)
Length: 49
Checksum: 0x9959 [incorrect, should be 0x2d83 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 19]
Transaction ID: 0xe2c1
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.atos.net: type A, class IN
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 13 (568 bytes on wire, 568 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.966808000
[Time delta from previous captured frame: 0.000318000 seconds]
[Time delta from previous displayed frame: 0.000318000 seconds]
[Time since reference or first frame: 0.441408000 seconds]
Frame Number: 13
Frame Length: 568 bytes
Capture Length: 568 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 128.63.2.53 (128.63.2.53), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 554
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1
on't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 44
Protocol: UDP (0x11)
Header checksum: 0xff77 [correct]
[Good: True]
[Bad : False]
Source: 128.63.2.53 (128.63.2.53)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 44176 (44176)
Source port: domain (53)
Destination port: 44176 (44176)
Length: 534
Checksum: 0x3364 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 8]
[Time: 0.147385000 seconds]
Transaction ID: 0x4c48
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 13
Additional RRs: 16
Queries
ns3.atos.net: type AAAA, class IN
Name: ns3.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
net: type NS, class IN, ns a.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 17
Name server: a.gtld-servers.net
net: type NS, class IN, ns b.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: b.gtld-servers.net
net: type NS, class IN, ns c.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: c.gtld-servers.net
net: type NS, class IN, ns d.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: d.gtld-servers.net
net: type NS, class IN, ns e.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: e.gtld-servers.net
net: type NS, class IN, ns f.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: f.gtld-servers.net
net: type NS, class IN, ns g.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: g.gtld-servers.net
net: type NS, class IN, ns h.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: h.gtld-servers.net
net: type NS, class IN, ns i.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: i.gtld-servers.net
net: type NS, class IN, ns j.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: j.gtld-servers.net
net: type NS, class IN, ns k.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: k.gtld-servers.net
net: type NS, class IN, ns l.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: l.gtld-servers.net
net: type NS, class IN, ns m.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: m.gtld-servers.net
Additional records
a.gtld-servers.net: type A, class IN, addr 192.5.6.30
Name: a.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.5.6.30
b.gtld-servers.net: type A, class IN, addr 192.33.14.30
Name: b.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.33.14.30
c.gtld-servers.net: type A, class IN, addr 192.26.92.30
Name: c.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.26.92.30
d.gtld-servers.net: type A, class IN, addr 192.31.80.30
Name: d.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.31.80.30
e.gtld-servers.net: type A, class IN, addr 192.12.94.30
Name: e.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.12.94.30
f.gtld-servers.net: type A, class IN, addr 192.35.51.30
Name: f.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.35.51.30
g.gtld-servers.net: type A, class IN, addr 192.42.93.30
Name: g.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.42.93.30
h.gtld-servers.net: type A, class IN, addr 192.54.112.30
Name: h.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.54.112.30
i.gtld-servers.net: type A, class IN, addr 192.43.172.30
Name: i.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.43.172.30
j.gtld-servers.net: type A, class IN, addr 192.48.79.30
Name: j.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.48.79.30
k.gtld-servers.net: type A, class IN, addr 192.52.178.30
Name: k.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.52.178.30
l.gtld-servers.net: type A, class IN, addr 192.41.162.30
Name: l.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.41.162.30
m.gtld-servers.net: type A, class IN, addr 192.55.83.30
Name: m.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.55.83.30
a.gtld-servers.net: type AAAA, class IN, addr 2001:503:a83e::2:30
Name: a.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:a83e::2:30
b.gtld-servers.net: type AAAA, class IN, addr 2001:503:231d::2:30
Name: b.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:231d::2:30
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 14 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.967319000
[Time delta from previous captured frame: 0.000511000 seconds]
[Time delta from previous displayed frame: 0.000511000 seconds]
[Time since reference or first frame: 0.441919000 seconds]
Frame Number: 14
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.33.14.30 (192.33.14.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa191 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.33.14.30 (192.33.14.30)
User Datagram Protocol, Src Port: 37934 (37934), Dst Port: domain (53)
Source port: 37934 (37934)
Destination port: domain (53)
Length: 49
Checksum: 0x9959 [incorrect, should be 0x1960 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 20]
Transaction ID: 0x4a17
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.atos.net: type AAAA, class IN
Name: ns3.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 15 (568 bytes on wire, 568 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.968223000
[Time delta from previous captured frame: 0.000904000 seconds]
[Time delta from previous displayed frame: 0.000904000 seconds]
[Time since reference or first frame: 0.442823000 seconds]
Frame Number: 15
Frame Length: 568 bytes
Capture Length: 568 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 128.63.2.53 (128.63.2.53), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 554
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 44
Protocol: UDP (0x11)
Header checksum: 0xff77 [correct]
[Good: True]
[Bad : False]
Source: 128.63.2.53 (128.63.2.53)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 53775 (53775)
Source port: domain (53)
Destination port: 53775 (53775)
Length: 534
Checksum: 0xd806 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 9]
[Time: 0.148600000 seconds]
Transaction ID: 0x8240
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 13
Additional RRs: 16
Queries
ns4.atos.net: type A, class IN
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
net: type NS, class IN, ns a.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 17
Name server: a.gtld-servers.net
net: type NS, class IN, ns b.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: b.gtld-servers.net
net: type NS, class IN, ns c.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: c.gtld-servers.net
net: type NS, class IN, ns d.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: d.gtld-servers.net
net: type NS, class IN, ns e.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: e.gtld-servers.net
net: type NS, class IN, ns f.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: f.gtld-servers.net
net: type NS, class IN, ns g.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: g.gtld-servers.net
net: type NS, class IN, ns h.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: h.gtld-servers.net
net: type NS, class IN, ns i.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: i.gtld-servers.net
net: type NS, class IN, ns j.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: j.gtld-servers.net
net: type NS, class IN, ns k.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: k.gtld-servers.net
net: type NS, class IN, ns l.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: l.gtld-servers.net
net: type NS, class IN, ns m.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: m.gtld-servers.net
Additional records
a.gtld-servers.net: type A, class IN, addr 192.5.6.30
Name: a.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.5.6.30
b.gtld-servers.net: type A, class IN, addr 192.33.14.30
Name: b.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.33.14.30
c.gtld-servers.net: type A, class IN, addr 192.26.92.30
Name: c.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.26.92.30
d.gtld-servers.net: type A, class IN, addr 192.31.80.30
Name: d.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.31.80.30
e.gtld-servers.net: type A, class IN, addr 192.12.94.30
Name: e.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.12.94.30
f.gtld-servers.net: type A, class IN, addr 192.35.51.30
Name: f.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.35.51.30
g.gtld-servers.net: type A, class IN, addr 192.42.93.30
Name: g.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.42.93.30
h.gtld-servers.net: type A, class IN, addr 192.54.112.30
Name: h.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.54.112.30
i.gtld-servers.net: type A, class IN, addr 192.43.172.30
Name: i.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.43.172.30
j.gtld-servers.net: type A, class IN, addr 192.48.79.30
Name: j.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.48.79.30
k.gtld-servers.net: type A, class IN, addr 192.52.178.30
Name: k.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.52.178.30
l.gtld-servers.net: type A, class IN, addr 192.41.162.30
Name: l.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.41.162.30
m.gtld-servers.net: type A, class IN, addr 192.55.83.30
Name: m.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.55.83.30
a.gtld-servers.net: type AAAA, class IN, addr 2001:503:a83e::2:30
Name: a.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:a83e::2:30
b.gtld-servers.net: type AAAA, class IN, addr 2001:503:231d::2:30
Name: b.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:231d::2:30
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 16 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.968724000
[Time delta from previous captured frame: 0.000501000 seconds]
[Time delta from previous displayed frame: 0.000501000 seconds]
[Time since reference or first frame: 0.443324000 seconds]
Frame Number: 16
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.33.14.30 (192.33.14.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa191 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.33.14.30 (192.33.14.30)
User Datagram Protocol, Src Port: 57419 (57419), Dst Port: domain (53)
Source port: 57419 (57419)
Destination port: domain (53)
Length: 49
Checksum: 0x9959 [incorrect, should be 0x33f4 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 21]
Transaction ID: 0xe37f
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns4.atos.net: type A, class IN
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 17 (568 bytes on wire, 568 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.969408000
[Time delta from previous captured frame: 0.000684000 seconds]
[Time delta from previous displayed frame: 0.000684000 seconds]
[Time since reference or first frame: 0.444008000 seconds]
Frame Number: 17
Frame Length: 568 bytes
Capture Length: 568 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 128.63.2.53 (128.63.2.53), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 554
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 44
Protocol: UDP (0x11)
Header checksum: 0xff77 [correct]
[Good: True]
[Bad : False]
Source: 128.63.2.53 (128.63.2.53)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55181 (55181)
Source port: domain (53)
Destination port: 55181 (55181)
Length: 534
Checksum: 0x8eed [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 10]
[Time: 0.149189000 seconds]
Transaction ID: 0xc5c0
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 13
Additional RRs: 16
Queries
ns4.atos.net: type AAAA, class IN
Name: ns4.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
net: type NS, class IN, ns a.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 17
Name server: a.gtld-servers.net
net: type NS, class IN, ns b.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: b.gtld-servers.net
net: type NS, class IN, ns c.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: c.gtld-servers.net
net: type NS, class IN, ns d.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: d.gtld-servers.net
net: type NS, class IN, ns e.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: e.gtld-servers.net
net: type NS, class IN, ns f.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: f.gtld-servers.net
net: type NS, class IN, ns g.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: g.gtld-servers.net
net: type NS, class IN, ns h.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: h.gtld-servers.net
net: type NS, class IN, ns i.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: i.gtld-servers.net
net: type NS, class IN, ns j.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: j.gtld-servers.net
net: type NS, class IN, ns k.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: k.gtld-servers.net
net: type NS, class IN, ns l.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: l.gtld-servers.net
net: type NS, class IN, ns m.gtld-servers.net
Name: net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: m.gtld-servers.net
Additional records
a.gtld-servers.net: type A, class IN, addr 192.5.6.30
Name: a.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.5.6.30
b.gtld-servers.net: type A, class IN, addr 192.33.14.30
Name: b.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.33.14.30
c.gtld-servers.net: type A, class IN, addr 192.26.92.30
Name: c.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.26.92.30
d.gtld-servers.net: type A, class IN, addr 192.31.80.30
Name: d.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.31.80.30
e.gtld-servers.net: type A, class IN, addr 192.12.94.30
Name: e.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.12.94.30
f.gtld-servers.net: type A, class IN, addr 192.35.51.30
Name: f.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.35.51.30
g.gtld-servers.net: type A, class IN, addr 192.42.93.30
Name: g.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.42.93.30
h.gtld-servers.net: type A, class IN, addr 192.54.112.30
Name: h.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.54.112.30
i.gtld-servers.net: type A, class IN, addr 192.43.172.30
Name: i.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.43.172.30
j.gtld-servers.net: type A, class IN, addr 192.48.79.30
Name: j.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.48.79.30
k.gtld-servers.net: type A, class IN, addr 192.52.178.30
Name: k.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.52.178.30
l.gtld-servers.net: type A, class IN, addr 192.41.162.30
Name: l.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.41.162.30
m.gtld-servers.net: type A, class IN, addr 192.55.83.30
Name: m.gtld-servers.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.55.83.30
a.gtld-servers.net: type AAAA, class IN, addr 2001:503:a83e::2:30
Name: a.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:a83e::2:30
b.gtld-servers.net: type AAAA, class IN, addr 2001:503:231d::2:30
Name: b.gtld-servers.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:231d::2:30
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 18 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:17.969968000
[Time delta from previous captured frame: 0.000560000 seconds]
[Time delta from previous displayed frame: 0.000560000 seconds]
[Time since reference or first frame: 0.444568000 seconds]
Frame Number: 18
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.33.14.30 (192.33.14.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa191 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.33.14.30 (192.33.14.30)
User Datagram Protocol, Src Port: 49346 (49346), Dst Port: domain (53)
Source port: 49346 (49346)
Destination port: domain (53)
Length: 49
Checksum: 0x9959 [incorrect, should be 0x8338 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 24]
Transaction ID: 0xb3a9
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns4.atos.net: type AAAA, class IN
Name: ns4.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 19 (163 bytes on wire, 163 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.052941000
[Time delta from previous captured frame: 0.082973000 seconds]
[Time delta from previous displayed frame: 0.082973000 seconds]
[Time since reference or first frame: 0.527541000 seconds]
Frame Number: 19
Frame Length: 163 bytes
Capture Length: 163 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.33.14.30 (192.33.14.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 149
Identification: 0x012e (302)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xab13 [correct]
[Good: True]
[Bad : False]
Source: 192.33.14.30 (192.33.14.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 59259 (59259)
Source port: domain (53)
Destination port: 59259 (59259)
Length: 129
Checksum: 0xa413 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 12]
[Time: 0.086451000 seconds]
Transaction ID: 0xe2c1
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 2
Additional RRs: 3
Queries
ns3.atos.net: type A, class IN
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Answers
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 160.92.121.6
Authoritative nameservers
atos.net: type NS, class IN, ns ns3.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns3.atos.net
atos.net: type NS, class IN, ns ns4.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns4.atos.net
Additional records
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 20 (147 bytes on wire, 147 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.052991000
[Time delta from previous captured frame: 0.000050000 seconds]
[Time delta from previous displayed frame: 0.000050000 seconds]
[Time since reference or first frame: 0.527591000 seconds]
Frame Number: 20
Frame Length: 147 bytes
Capture Length: 147 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.33.14.30 (192.33.14.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 133
Identification: 0x0130 (304)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xab21 [correct]
[Good: True]
[Bad : False]
Source: 192.33.14.30 (192.33.14.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 37934 (37934)
Source port: domain (53)
Destination port: 37934 (37934)
Length: 113
Checksum: 0x0c9a [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 14]
[Time: 0.085672000 seconds]
Transaction ID: 0x4a17
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 2
Additional RRs: 3
Queries
ns3.atos.net: type AAAA, class IN
Name: ns3.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
atos.net: type NS, class IN, ns ns3.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns3.atos.net
atos.net: type NS, class IN, ns ns4.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns4.atos.net
Additional records
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 21 (163 bytes on wire, 163 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.054794000
[Time delta from previous captured frame: 0.001803000 seconds]
[Time delta from previous displayed frame: 0.001803000 seconds]
[Time since reference or first frame: 0.529394000 seconds]
Frame Number: 21
Frame Length: 163 bytes
Capture Length: 163 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.33.14.30 (192.33.14.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 149
Identification: 0x0134 (308)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xab0d [correct]
[Good: True]
[Bad : False]
Source: 192.33.14.30 (192.33.14.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 57419 (57419)
Source port: domain (53)
Destination port: 57419 (57419)
Length: 129
Checksum: 0xd3c5 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 16]
[Time: 0.086070000 seconds]
Transaction ID: 0xe37f
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 2
Additional RRs: 3
Queries
ns4.atos.net: type A, class IN
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Answers
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.56.46.248
Authoritative nameservers
atos.net: type NS, class IN, ns ns3.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns3.atos.net
atos.net: type NS, class IN, ns ns4.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns4.atos.net
Additional records
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 22 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.054973000
[Time delta from previous captured frame: 0.000179000 seconds]
[Time delta from previous displayed frame: 0.000179000 seconds]
[Time since reference or first frame: 0.529573000 seconds]
Frame Number: 22
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 193.56.46.248 (193.56.46.248)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x7fa0 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 193.56.46.248 (193.56.46.248)
User Datagram Protocol, Src Port: 41923 (41923), Dst Port: domain (53)
Source port: 41923 (41923)
Destination port: domain (53)
Length: 49
Checksum: 0xbb4a [incorrect, should be 0x803e (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 26]
Transaction ID: 0xb1b2
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.atos.net: type AAAA, class IN
Name: ns3.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 23 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.055249000
[Time delta from previous captured frame: 0.000276000 seconds]
[Time delta from previous displayed frame: 0.000276000 seconds]
[Time since reference or first frame: 0.529849000 seconds]
Frame Number: 23
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 193.56.46.248 (193.56.46.248)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x7f97 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 193.56.46.248 (193.56.46.248)
User Datagram Protocol, Src Port: 36866 (36866), Dst Port: domain (53)
Source port: 36866 (36866)
Destination port: domain (53)
Length: 58
Checksum: 0xbb53 [incorrect, should be 0x8575 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 27]
Transaction ID: 0x1c46
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.education.gouv.fr: type A, class IN
Name: www.education.gouv.fr
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 24 (147 bytes on wire, 147 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.055585000
[Time delta from previous captured frame: 0.000336000 seconds]
[Time delta from previous displayed frame: 0.000336000 seconds]
[Time since reference or first frame: 0.530185000 seconds]
Frame Number: 24
Frame Length: 147 bytes
Capture Length: 147 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.33.14.30 (192.33.14.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 133
Identification: 0x0138 (312)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xab19 [correct]
[Good: True]
[Bad : False]
Source: 192.33.14.30 (192.33.14.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 49346 (49346)
Source port: domain (53)
Destination port: 49346 (49346)
Length: 113
Checksum: 0x7681 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 18]
[Time: 0.085617000 seconds]
Transaction ID: 0xb3a9
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Ans
RRs: 0
Authority RRs: 2
Additional RRs: 3
Queries
ns4.atos.net: type AAAA, class IN
Name: ns4.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
atos.net: type NS, class IN, ns ns3.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns3.atos.net
atos.net: type NS, class IN, ns ns4.atos.net
Name: atos.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns4.atos.net
Additional records
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 25 (83 bytes on wire, 83 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.055900000
[Time delta from previous captured frame: 0.000315000 seconds]
[Time delta from previous displayed frame: 0.000315000 seconds]
[Time since reference or first frame: 0.530500000 seconds]
Frame Number: 25
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 193.56.46.248 (193.56.46.248)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x7fa0 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 193.56.46.248 (193.56.46.248)
User Datagram Protocol, Src Port: 34065 (34065), Dst Port: domain (53)
Source port: 34065 (34065)
Destination port: domain (53)
Length: 49
Checksum: 0xbb4a [incorrect, should be 0xb376 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 29]
Transaction ID: 0x9d2b
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns4.atos.net: type AAAA, class IN
Name: ns4.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 26 (139 bytes on wire, 139 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.113489000
[Time delta from previous captured frame: 0.057589000 seconds]
[Time delta from previous displayed frame: 0.057589000 seconds]
[Time since reference or first frame: 0.588089000 seconds]
Frame Number: 26
Frame Length: 139 bytes
Capture Length: 139 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 193.56.46.248 (193.56.46.248), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 125
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: UDP (0x11)
Header checksum: 0x8968 [correct]
[Good: True]
[Bad : False]
Source: 193.56.46.248 (193.56.46.248)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 41923 (41923)
Source port: domain (53)
Destination port: 41923 (41923)
Length: 105
Checksum: 0x4966 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 22]
[Time: 0.058516000 seconds]
Transaction ID: 0xb1b2
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
ns3.atos.net: type AAAA, class IN
Name: ns3.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
atos.net: type SOA, class IN, mname ns3.atos.net
Name: atos.net
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 day
Data length: 44
Primary name server: ns3.atos.net
Responsible authority's mailbox: hostmaster.axime.com
Serial number: 2007101801
Refresh interval: 6 hours
Retry interval: 1 hour
Expiration limit: 30 days
Minimum TTL: 1 day
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 27 (300 bytes on wire, 300 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.114211000
[Time delta from previous captured frame: 0.000722000 seconds]
[Time delta from previous displayed frame: 0.000722000 seconds]
[Time since reference or first frame: 0.588811000 seconds]
Frame Number: 27
Frame Length: 300 bytes
Capture Length: 300 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 193.56.46.248 (193.56.46.248), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 286
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: UDP (0x11)
Header checksum: 0x88c7 [correct]
[Good: True]
[Bad : False]
Source: 193.56.46.248 (193.56.46.248)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 36866 (36866)
Source port: domain (53)
Destination port: 36866 (36866)
Length: 266
Checksum: 0x0e76 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 23]
[Time: 0.058962000 seconds]
Transaction ID: 0x1c46
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 5
Additional RRs: 3
Queries
www.education.gouv.fr: type A, class IN
Name: www.education.gouv.fr
Type: A (Host address)
Class: IN (0x0001)
Answers
www.education.gouv.fr: type CNAME, class IN, cname front.webedu.men.aw.atosorigin.com
Name: www.education.gouv.fr
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 1 hour
Data length: 36
Primary name: front.webedu.men.aw.atosorigin.com
front.webedu.men.aw.atosorigin.com: type A, class IN, addr 160.92.130.142
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 160.92.130.142
Authoritative nameservers
aw.atosorigin.com: type NS, class IN, ns ns4.atos.net
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 14
Name server: ns4.atos.net
aw.atosorigin.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 20
Name server: ns1.ext.origin-it.com
aw.atosorigin.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns2.ext.origin-it.com
aw.atosorigin.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns3.ext.origin-it.com
aw.atosorigin.com: type NS, class IN, ns ns3.atos.net
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns3.atos.net
Additional records
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 28 (105 bytes on wire, 105 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.114788000
[Time delta from previous captured frame: 0.000577000 seconds]
[Time delta from previous displayed frame: 0.000577000 seconds]
[Time since reference or first frame: 0.589388000 seconds]
Frame Number: 28
Frame Length: 105 bytes
Capture Length: 105 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.112.36.4 (192.112.36.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x8b46 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.112.36.4 (192.112.36.4)
User Datagram Protocol, Src Port: 49484 (49484), Dst Port: domain (53)
Source port: 49484 (49484)
Destination port: domain (53)
Length: 71
Checksum: 0xafa4 [incorrect, should be 0x73a4 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 30]
Transaction ID: 0x7d69
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type A, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 29 (143 bytes on wire, 143 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.116129000
[Time delta from previous captured frame: 0.001341000 seconds]
[Time delta from previous displayed frame: 0.001341000 seconds]
[Time since reference or first frame: 0.590729000 seconds]
Frame Number: 29
Frame Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 193.56.46.248 (193.56.46.248), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: UDP (0x11)
Header checksum: 0x8964 [correct]
[Good: True]
[Bad : False]
Source: 193.56.46.248 (193.56.46.248)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 34065 (34065)
Source port: domain (53)
Destination port: 34065 (34065)
Length: 109
Checksum: 0x05ed [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 25]
[Time: 0.060229000 seconds]
Transaction ID: 0x9d2b
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
ns4.atos.net: type AAAA, class IN
Name: ns4.atos.net
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
atos.net: type SOA, class IN, mname ns3.atos.net
Name: atos.net
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 day
Data length: 48
Primary name server: ns3.atos.net
Responsible authority's mailbox: hostmaster.axime.com
Serial number: 2007101801
Refresh interval: 6 hours
Retry interval: 1 hour
Expiration limit: 30 days
Minimum TTL: 1 day
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 30 (593 bytes on wire, 593 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.289804000
[Time delta from previous captured frame: 0.173675000 seconds]
[Time delta from previous displayed frame: 0.173675000 seconds]
[Time since reference or first frame: 0.764404000 seconds]
Frame Number: 30
Frame Length: 593 bytes
Capture Length: 593 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.112.36.4 (192.112.36.4), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 579
Identification: 0xb4bf (46271)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 235
Protocol: UDP (0x11)
Header checksum: 0x299e [correct]
[Good: True]
[Bad : False]
Source: 192.112.36.4 (192.112.36.4)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 49484 (49484)
Source port: domain (53)
Destination port: 49484 (49484)
Length: 559
Checksum: 0xdbd9 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 28]
[Time: 0.175016000 seconds]
Transaction ID: 0x7d69
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 13
Additional RRs: 16
Queries
front.webedu.men.aw.atosorigin.com: type A, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
com: type NS, class IN, ns C.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 20
Name server: C.GTLD-SERVERS.NET
com: type NS, class IN, ns B.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: B.GTLD-SERVERS.NET
com: type NS, class IN, ns F.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: F.GTLD-SERVERS.NET
com: type NS, class IN, ns I.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: I.GTLD-SERVERS.NET
com: type NS, class IN, ns D.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: D.GTLD-SERVERS.NET
com: type NS, class IN, ns K.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: K.GTLD-SERVERS.NET
com: type NS, class IN, ns H.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: H.GTLD-SERVERS.NET
com: type NS, class IN, ns L.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: L.GTLD-SERVERS.NET
com: type NS, class IN, ns J.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: J.GTLD-SERVERS.NET
com: type NS, class IN, ns G.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: G.GTLD-SERVERS.NET
com: type NS, class IN, ns E.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: E.GTLD-SERVERS.NET
com: type NS, class IN, ns M.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: M.GTLD-SERVERS.NET
com: type NS, class IN, ns A.GTLD-SERVERS.NET
Name: com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Name server: A.GTLD-SERVERS.NET
Additional records
A.GTLD-SERVERS.NET: type A, class IN, addr 192.5.6.30
Name: A.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.5.6.30
B.GTLD-SERVERS.NET: type A, class IN, addr 192.33.14.30
Name: B.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.33.14.30
C.GTLD-SERVERS.NET: type A, class IN, addr 192.26.92.30
Name: C.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.26.92.30
D.GTLD-SERVERS.NET: type A, class IN, addr 192.31.80.30
Name: D.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.31.80.30
E.GTLD-SERVERS.NET: type A, class IN, addr 192.12.94.30
Name: E.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.12.94.30
F.GTLD-SERVERS.NET: type A, class IN, addr 192.35.51.30
Name: F.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.35.51.30
G.GTLD-SERVERS.NET: type A, class IN, addr 192.42.93.30
Name: G.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.42.93.30
H.GTLD-SERVERS.NET: type A, class IN, addr 192.54.112.30
Name: H.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.54.112.30
I.GTLD-SERVERS.NET: type A, class IN, addr 192.43.172.30
Name: I.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.43.172.30
J.GTLD-SERVERS.NET: type A, class IN, addr 192.48.79.30
Name: J.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.48.79.30
K.GTLD-SERVERS.NET: type A, class IN, addr 192.52.178.30
Name: K.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.52.178.30
L.GTLD-SERVERS.NET: type A, class IN, addr 192.41.162.30
Name: L.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.41.162.30
M.GTLD-SERVERS.NET: type A, class IN, addr 192.55.83.30
Name: M.GTLD-SERVERS.NET
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 192.55.83.30
A.GTLD-SERVERS.NET: type AAAA, class IN, addr 2001:503:a83e::2:30
Name: A.GTLD-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:a83e::2:30
B.GTLD-SERVERS.NET: type AAAA, class IN, addr 2001:503:231d::2:30
Name: B.GTLD-SERVERS.NET
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 16
Addr: 2001:503:231d::2:30
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 31 (105 bytes on wire, 105 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.290657000
[Time delta from previous captured frame: 0.000853000 seconds]
[Time delta from previous displayed frame: 0.000853000 seconds]
[Time since reference or first frame: 0.765257000 seconds]
Frame Number: 31
Frame Length: 105 bytes
Capture Length: 105 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.43.172.30 (192.43.172.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x0371 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.43.172.30 (192.43.172.30)
User Datagram Protocol, Src Port: 42271 (42271), Dst Port: domain (53)
Source port: 42271 (42271)
Destination port: domain (53)
Length: 71
Checksum: 0x377a [incorrect, should be 0x332b (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 32]
Transaction ID: 0x523a
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type A, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 32 (181 bytes on wire, 181 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.375139000
[Time delta from previous captured frame: 0.084482000 seconds]
[Time delta from previous displayed frame: 0.084482000 seconds]
[Time since reference or first frame: 0.849739000 seconds]
Frame Number: 32
Frame Length: 181 bytes
Capture Length: 181 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.43.172.30 (192.43.172.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 167
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 55
Protocol: UDP (0x11)
Header checksum: 0x0c25 [correct]
[Good: True]
[Bad : False]
Source: 192.43.172.30 (192.43.172.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 42271 (42271)
Source port: domain (53)
Destination port: 42271 (42271)
Length: 147
Checksum: 0xa0b8 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 31]
[Time: 0.084482000 seconds]
Transaction ID: 0x523a
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 2
Additional RRs: 3
Queries
front.webedu.men.aw.atosorigin.com: type A, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Authoritative nameservers
atosorigin.com: type NS, class IN, ns ns3.atos.net
Name: atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 14
Name server: ns3.atos.net
atosorigin.com: type NS, class IN, ns ns4.atos.net
Name: atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns4.atos.net
Additional records
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 33 (105 bytes on wire, 105 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.375579000
[Time delta from previous captured frame: 0.000440000 seconds]
[Time delta from previous displayed frame: 0.000440000 seconds]
[Time since reference or first frame: 0.850179000 seconds]
Frame Number: 33
Frame Length: 105 bytes
Capture Length: 105 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 160.92.121.6 (160.92.121.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5658 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 160.92.121.6 (160.92.121.6)
User Datagram Protocol, Src Port: 42540 (42540), Dst Port: domain (53)
Source port: 42540 (42540)
Destination port: domain (53)
Length: 71
Checksum: 0xe492 [incorrect, should be 0xacc8 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 34]
Transaction ID: 0x2a77
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type A, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 34 (329 bytes on wire, 329 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.434086000
[Time delta from previous captured frame: 0.058507000 seconds]
[Time delta from previous displayed frame: 0.058507000 seconds]
[Time since reference or first frame: 0.908686000 seconds]
Frame Number: 34
Frame Length: 329 bytes
Capture Length: 329 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 160.92.121.6 (160.92.121.6), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 315
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: UDP (0x11)
Header checksum: 0x5f78 [correct]
[Good: True]
[Bad : False]
Source: 160.92.121.6 (160.92.121.6)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 42540 (42540)
Source port: domain (53)
Destination port: 42540 (42540)
Length: 295
Checksum: 0xf951 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 33]
[Time: 0.058507000 seconds]
Transaction ID: 0x2a77
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 5
Additional RRs: 7
Queries
front.webedu.men.aw.atosorigin.com: type A, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Answers
front.webedu.men.aw.atosorigin.com: type A, class IN, addr 160.92.130.142
Name: front.webedu.men.aw.atosorigin.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 160.92.130.142
Authoritative nameservers
aw.atosorigin.com: type NS, class IN, ns ns4.atos.net
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 14
Name server: ns4.atos.net
aw.atosorigin.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 20
Name server: ns1.ext.origin-it.com
aw.atosorigin.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns2.ext.origin-it.com
aw.atosorigin.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns3.ext.origin-it.com
aw.atosorigin.com: type NS, class IN, ns ns3.atos.net
Name: aw.atosorigin.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day
Data length: 6
Name server: ns3.atos.net
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.138
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 23 hours, 29 minutes, 16 seconds
Data length: 4
Addr: 212.159.192.138
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 23 hours, 29 minutes, 16 seconds
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 23 hours, 29 minutes, 16 seconds
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 22 hours, 55 minutes, 47 seconds
Data length: 4
Addr: 12.174.168.53
ns3.atos.net: type A, class IN, addr 160.92.121.6
Name: ns3.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 160.92.121.6
ns4.atos.net: type A, class IN, addr 193.56.46.248
Name: ns4.atos.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day
Data length: 4
Addr: 193.56.46.248
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 35 (105 bytes on wire, 105 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.465084000
[Time delta from previous captured frame: 0.030998000 seconds]
[Time delta from previous displayed frame: 0.030998000 seconds]
[Time since reference or first frame: 0.939684000 seconds]
Frame Number: 35
Frame Length: 105 bytes
Capture Length: 105 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 160.92.121.6 (160.92.121.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5658 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 160.92.121.6 (160.92.121.6)
User Datagram Protocol, Src Port: 56075 (56075), Dst Port: domain (53)
Source port: 56075 (56075)
Destination port: domain (53)
Length: 71
Checksum: 0xe492 [incorrect, should be 0x6b04 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 42]
Transaction ID: 0x3741
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type AAAA, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 36 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.465400000
[Time delta from previous captured frame: 0.000316000 seconds]
[Time delta from previous displayed frame: 0.000316000 seconds]
[Time since reference or first frame: 0.940000000 seconds]
Frame Number: 36
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.31.80.30 (192.31.80.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5f8a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.31.80.30 (192.31.80.30)
User Datagram Protocol, Src Port: 33435 (33435), Dst Port: domain (53)
Source port: 33435 (33435)
Destination port: domain (53)
Length: 58
Checksum: 0xdb60 [incorrect, should be 0xd1bc (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 45]
Transaction ID: 0x1d6f
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns1.ext.origin-it.com: type A, class IN
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 37 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.465647000
[Time delta from previous captured frame: 0.000247000 seconds]
[Time delta from previous displayed frame: 0.000247000 seconds]
[Time since reference or first frame: 0.940247000 seconds]
Frame Number: 37
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.31.80.30 (192.31.80.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5f8a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.31.80.30 (192.31.80.30)
User Datagram Protocol, Src Port: 48220 (48220), Dst Port: domain (53)
Source port: 48220 (48220)
Destination port: domain (53)
Length: 58
Checksum: 0xdb60 [incorrect, should be 0xc153 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 46]
Transaction ID: 0xd916
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns1.ext.origin-it.com: type AAAA, class IN
Name: ns1.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 38 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.465893000
[Time delta from previous captured frame: 0.000246000 seconds]
[Time delta from previous displayed frame: 0.000246000 seconds]
[Time since reference or first frame: 0.940493000 seconds]
Frame Number: 38
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.31.80.30 (192.31.80.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5f8a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.31.80
(192
.80.30)
User Datagram Protocol, Src Port: 57398 (57398), Dst Port: domain (53)
Source port: 57398 (57398)
Destination port: domain (53)
Length: 58
Checksum: 0xdb60 [incorrect, should be 0x8bf7 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 48]
Transaction ID: 0x0598
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns2.ext.origin-it.com: type A, class IN
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 39 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.466136000
[Time delta from previous captured frame: 0.000243000 seconds]
[Time delta from previous displayed frame: 0.000243000 seconds]
[Time since reference or first frame: 0.940736000 seconds]
Frame Number: 39
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.31.80.30 (192.31.80.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5f8a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.31.80.30 (192.31.80.30)
User Datagram Protocol, Src Port: 49777 (49777), Dst Port: domain (53)
Source port: 49777 (49777)
Destination port: domain (53)
Length: 58
Checksum: 0xdb60 [incorrect, should be 0x237e (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 50]
Transaction ID: 0x70d6
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns2.ext.origin-it.com: type AAAA, class IN
Name: ns2.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 40 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.466391000
[Time delta from previous captured frame: 0.000255000 seconds]
[Time delta from previous displayed frame: 0.000255000 seconds]
[Time since reference or first frame: 0.940991000 seconds]
Frame Number: 40
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.31.80.30 (192.31.80.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5f8a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.31.80.30 (192.31.80.30)
User Datagram Protocol, Src Port: 43175 (43175), Dst Port: domain (53)
Source port: 43175 (43175)
Destination port: domain (53)
Length: 58
Checksum: 0xdb60 [incorrect, should be 0xc839 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 51]
Transaction ID: 0x00e4
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.ext.origin-it.com: type A, class IN
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 41 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.466641000
[Time delta from previous captured frame: 0.000250000 seconds]
[Time delta from previous displayed frame: 0.000250000 seconds]
[Time since reference or first frame: 0.941241000 seconds]
Frame Number: 41
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 192.31.80.30 (192.31.80.30)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5f8a [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 192.31.80.30 (192.31.80.30)
User Datagram Protocol, Src Port: 35694 (35694), Dst Port: domain (53)
Source port: 35694 (35694)
Destination port: domain (53)
Length: 58
Checksum: 0xdb60 [incorrect, should be 0xe6fa (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 49]
Transaction ID: 0xe45b
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.ext.origin-it.com: type AAAA, class IN
Name: ns3.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 42 (170 bytes on wire, 170 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.523457000
[Time delta from previous captured frame: 0.056816000 seconds]
[Time delta from previous displayed frame: 0.056816000 seconds]
[Time since reference or first frame: 0.998057000 seconds]
Frame Number: 42
Frame Length: 170 bytes
Capture Length: 170 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 160.92.121.6 (160.92.121.6), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 156
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: UDP (0x11)
Header checksum: 0x6017 [correct]
[Good: True]
[Bad : False]
Source: 160.92.121.6 (160.92.121.6)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 56075 (56075)
Source port: domain (53)
Destination port: 56075 (56075)
Length: 136
Checksum: 0x7d90 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 35]
[Time: 0.058373000 seconds]
Transaction ID: 0x3741
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type AAAA, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
aw.atosorigin.com: type SOA, class IN, mname ns3.atos.net
Name: aw.atosorigin.com
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 day
Data length: 53
Primary name server: ns3.atos.net
Responsible authority's mailbox: hostmaster.axime.com
Serial number: 2009012801
Refresh interval: 6 hours
Retry interval: 1 hour
Expiration limit: 30 days
Minimum TTL: 1 day
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 43 (105 bytes on wire, 105 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.536407000
[Time delta from previous captured frame: 0.012950000 seconds]
[Time delta from previous displayed frame: 0.012950000 seconds]
[Time since reference or first frame: 1.011007000 seconds]
Frame Number: 43
Frame Length: 105 bytes
Capture Length: 105 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 160.92.121.6 (160.92.121.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x5658 [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 160.92.121.6 (160.92.121.6)
User Datagram Protocol, Src Port: 60212 (60212), Dst Port: domain (53)
Source port: 60212 (60212)
Destination port: domain (53)
Length: 71
Checksum: 0xe492 [incorrect, should be 0x0237 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 44]
Transaction ID: 0x8ff2
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type MX, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: MX (Mail exchange)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 44 (170 bytes on wire, 170 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.594895000
[Time delta from previous captured frame: 0.058488000 seconds]
[Time delta from previous displayed frame: 0.058488000 seconds]
[Time since reference or first frame: 1.069495000 seconds]
Frame Number: 44
Frame Length: 170 bytes
Capture Length: 170 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 160.92.121.6 (160.92.121.6), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 156
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: UDP (0x11)
Header checksum: 0x6017 [correct]
[Good: True]
[Bad : False]
Source: 160.92.121.6 (160.92.121.6)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 60212 (60212)
Source port: domain (53)
Destination port: 60212 (60212)
Length: 136
Checksum: 0x14c3 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 43]
[Time: 0.058488000 seconds]
Transaction ID: 0x8ff2
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
front.webedu.men.aw.atosorigin.com: type MX, class IN
Name: front.webedu.men.aw.atosorigin.com
Type: MX (Mail exchange)
Class: IN (0x0001)
Authoritative nameservers
aw.atosorigin.com: type SOA, class IN, mname ns3.atos.net
Name: aw.atosorigin.com
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 day
Data length: 53
Primary name server: ns3.atos.net
Responsible authority's mailbox: hostmaster.axime.com
Serial number: 2009012801
Refresh interval: 6 hours
Retry interval: 1 hour
Expiration limit: 30 days
Minimum TTL: 1 day
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 45 (206 bytes on wire, 206 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.621758000
[Time delta from previous captured frame: 0.026863000 seconds]
[Time delta from previous displayed frame: 0.026863000 seconds]
[Time since reference or first frame: 1.096358000 seconds]
Frame Number: 45
Frame Length: 206 bytes
Capture Length: 206 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.31.80.30 (192.31.80.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: UDP (0x11)
Header checksum: 0x6e18 [correct]
[Good: True]
[Bad : False]
Source: 192.31.80.30 (192.31.80.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 33435 (33435)
Source port: domain (53)
Destination port: 33435 (33435)
Length: 172
Checksum: 0x6106 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 36]
[Time: 0.156358000 seconds]
Transaction ID: 0x1d6f
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 3
Additional RRs: 4
Queries
ns1.ext.origin-it.com: type A, class IN
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Answers
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
Authoritative nameservers
origin-it.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns1.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns2.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns3.ext.origin-it.com
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 46 (190 bytes on wire, 190 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.623676000
[Time delta from previous captured frame: 0.001918000 seconds]
[Time delta from previous displayed frame: 0.001918000 seconds]
[Time since reference or first frame: 1.098276000 seconds]
Frame Number: 46
Frame Length: 190 bytes
Capture Length: 190 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.31.80.30 (192.31.80.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 176
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 50
Protocol: UDP (0x11)
Header checksum: 0x6d28 [correct]
[Good: True]
[Bad : False]
Source: 192.31.80.30 (192.31.80.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 48220 (48220)
Source port: domain (53)
Destination port: 48220 (48220)
Length: 156
Checksum: 0x30b6 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 37]
[Time: 0.158029000 seconds]
Transaction ID: 0xd916
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 3
Additional RRs: 4
Queries
ns1.ext.origin-it.com: type AAAA, class IN
Name: ns1.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
origin-it.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns1.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns2.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns3.ext.origin-it.com
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 47 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.624105000
[Time delta from previous captured frame: 0.000429000 seconds]
[Time delta from previous displayed frame: 0.000429000 seconds]
[Time since reference or first frame: 1.098705000 seconds]
Frame Number: 47
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 212.159.192.10 (212.159.192.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xdb1d [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 212.159.192.10 (212.159.192.10)
User Datagram Protocol, Src Port: 45765 (45765), Dst Port: domain (53)
Source port: 45765 (45765)
Destination port: domain (53)
Length: 58
Checksum: 0x5fcd [incorrect, should be 0xf637 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 54]
Transaction ID: 0x295d
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns1.ext.origin-it.com: type AAAA, class IN
Name: ns1.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 48 (206 bytes on wire, 206 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.626902000
[Time delta from previous captured frame: 0.002797000 seconds]
[Time delta from previous displayed frame: 0.002797000 seconds]
[Time since reference or first frame: 1.101502000 seconds]
Frame Number: 48
Frame Length: 206 bytes
Capture Length: 206 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.31.80.30 (192.31.80.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 49
Protocol: UDP (0x11)
Header checksum: 0x6e18 [correct]
[Good: True]
[Bad : False]
Source: 192.31.80.30 (192.31.80.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 57398 (57398)
Source port: domain (53)
Destination port: 57398 (57398)
Length: 172
Checksum: 0x4ebc [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 38]
[Time: 0.161009000 seconds]
Transaction ID: 0x0598
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 3
Additional RRs: 4
Queries
ns2.ext.origin-it.com: type A, class IN
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Answers
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
Authoritative nameservers
origin-it.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns1.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns2.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns3.ext.origin-it.com
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 49 (190 bytes on wire, 190 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.629679000
[Time delta from previous captured frame: 0.002777000 seconds]
[Time delta from previous displayed frame: 0.002777000 seconds]
[Time since reference or first frame: 1.104279000 seconds]
Frame Number: 49
Frame Length: 190 bytes
Capture Length: 190 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.31.80.30 (192.31.80.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 176
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 50
Protocol: UDP (0x11)
Header checksum: 0x6d28 [correct]
[Good: True]
[Bad : False]
Source: 192.31.80.30 (192.31.80.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 35694 (35694)
Source port: domain (53)
Destination port: 35694 (35694)
Length: 156
Checksum: 0x745d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 41]
[Time: 0.163038000 seconds]
Transaction ID: 0xe45b
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 3
Additional RRs: 4
Queries
ns3.ext.origin-it.com: type AAAA, class IN
Name: ns3.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
origin-it.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns1.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns2.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns3.ext.origin-it.com
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 50 (190 bytes on wire, 190 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.629731000
[Time delta from previous captured frame: 0.000052000 seconds]
[Time delta from previous displayed frame: 0.000052000 seconds]
[Time since reference or first frame: 1.104331000 seconds]
Frame Number: 50
Frame Length: 190 bytes
Capture Length: 190 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.31.80.30 (192.31.80.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 176
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 50
Protocol: UDP (0x11)
Header checksum: 0x6d28 [correct]
[Good: True]
[Bad : False]
Source: 192.31.80.30 (192.31.80.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 49777 (49777)
Source port: domain (53)
Destination port: 49777 (49777)
Length: 156
Checksum: 0xa1e0 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 39]
[Time: 0.163595000 seconds]
Transaction ID: 0x70d6
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 3
Additional RRs: 4
Queries
ns2.ext.origin-it.com: type AAAA, class IN
Name: ns2.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
origin-it.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns1.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns2.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns3.ext.origin-it.com
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 51 (206 bytes on wire, 206 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.629856000
[Time delta from previous captured frame: 0.000125000 seconds]
[Time delta from previous displayed frame: 0.000125000 seconds]
[Time since reference or first frame: 1.104456000 seconds]
Frame Number: 51
Frame Length: 206 bytes
Capture Length: 206 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.31.80.30 (192.31.80.30), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 192
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 50
Protocol: UDP (0x11)
Header checksum: 0x6d18 [correct]
[Good: True]
[Bad : False]
Source: 192.31.80.30 (192.31.80.30)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 43175 (43175)
Source port: domain (53)
Destination port: 43175 (43175)
Length: 172
Checksum: 0x3c63 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 40]
[Time: 0.163465000 seconds]
Transaction ID: 0x00e4
Flags: 0x8000 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 3
Additional RRs: 4
Queries
ns3.ext.origin-it.com: type A, class IN
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Answers
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
Authoritative nameservers
origin-it.com: type NS, class IN, ns ns1.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns1.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns2.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 6
Name server: ns2.ext.origin-it.com
origin-it.com: type NS, class IN, ns ns3.ext.origin-it.com
Name: origin-it.com
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 2 days
Data length: 2
Name server: ns3.ext.origin-it.com
Additional records
ns1.ext.origin-it.com: type A, class IN, addr 212.159.192.10
Name: ns1.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 212.159.192.10
ns2.ext.origin-it.com: type A, class IN, addr 203.95.78.38
Name: ns2.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 203.95.78.38
ns3.ext.origin-it.com: type A, class IN, addr 12.174.168.53
Name: ns3.ext.origin-it.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 2 days
Data length: 4
Addr: 12.174.168.53
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Frame 52 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.630186000
[Time delta from previous captured frame: 0.000330000 seconds]
[Time delta from previous displayed frame: 0.000330000 seconds]
[Time since reference or first frame: 1.104786000 seconds]
Frame Number: 52
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 212.159.192.10 (212.159.192.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xdb1d [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 212.159.192.10 (212.159.192.10)
User Datagram Protocol, Src Port: 42994 (42994), Dst Port: domain (53)
Source port: 42994 (42994)
Destination port: domain (53)
Length: 58
Checksum: 0x5fcd [incorrect, should be 0x63e3 (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System (query)
[Response In: 55]
Transaction ID: 0xc683
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns2.ext.origin-it.com: type AAAA, class IN
Name: ns2.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 53 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.630430000
[Time delta from previous captured frame: 0.000244000 seconds]
[Time delta from previous displayed frame: 0.000244000 seconds]
[Time since reference or first frame: 1.105030000 seconds]
Frame Number: 53
Frame Length: 92 bytes
Capture Length: 92 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1]
Ethernet II, Src: D-Link_52:bf:ab (00:1b:11:52:bf:ab), Dst: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Destination: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.10.47 (192.168.10.47), Dst: 212.159.192.10 (212.159.192.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xdb1d [correct]
[Good: True]
[Bad : False]
Source: 192.168.10.47 (192.168.10.47)
Destination: 212.159.192.10 (212.159.192.10)
User Datagram Protocol, Src Port: 49832 (49832), Dst Port: domain (53)
Source port: 49832 (49832)
Destination port: domain (53)
Length: 58
Checksum: 0x5fcd [incorrect, should be 0xd93f (maybe caused by "UDP checksum offload"?)]
[Good Checksum: False]
[Bad Checksum: True]
Domain Name System
uery)
[Response In: 56]
Transaction ID: 0x3670
Flags: 0x0010 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...1 .... = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
ns3.ext.origin-it.com: type AAAA, class IN
Name: ns3.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 54 (155 bytes on wire, 155 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.693191000
[Time delta from previous captured frame: 0.062761000 seconds]
[Time delta from previous displayed frame: 0.062761000 seconds]
[Time since reference or first frame: 1.167791000 seconds]
Frame Number: 54
Frame Length: 155 bytes
Capture Length: 155 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 212.159.192.10 (212.159.192.10), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 141
Identification: 0xbd19 (48409)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 242
Protocol: UDP (0x11)
Header checksum: 0x6bc4 [correct]
[Good: True]
[Bad : False]
Source: 212.159.192.10 (212.159.192.10)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 45765 (45765)
Source port: domain (53)
Destination port: 45765 (45765)
Length: 121
Checksum: 0xb8a9 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 47]
[Time: 0.069086000 seconds]
Transaction ID: 0x295d
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
ns1.ext.origin-it.com: type AAAA, class IN
Name: ns1.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
origin-it.com: type SOA, class IN, mname ns1.ext.origin-it.com
Name: origin-it.com
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 hour
Data length: 51
Primary name server: ns1.ext.origin-it.com
Responsible authority's mailbox: hostmaster.origin-services.com
Serial number: 2005111500
Refresh interval: 3 hours
Retry interval: 1 hour
Expiration limit: 14 days
Minimum TTL: 1 hour
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 55 (159 bytes on wire, 159 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.700821000
[Time delta from previous captured frame: 0.007630000 seconds]
[Time delta from previous displayed frame: 0.007630000 seconds]
[Time since reference or first frame: 1.175421000 seconds]
Frame Number: 55
Frame Length: 159 bytes
Capture Length: 159 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 212.159.192.10 (212.159.192.10), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 145
Identification: 0xbd1a (48410)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 242
Protocol: UDP (0x11)
Header checksum: 0x6bbf [correct]
[Good: True]
[Bad : False]
Source: 212.159.192.10 (212.159.192.10)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 42994 (42994)
Source port: domain (53)
Destination port: 42994 (42994)
Length: 125
Checksum: 0x7ed6 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 52]
[Time: 0.070635000 seconds]
Transaction ID: 0xc683
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
ns2.ext.origin-it.com: type AAAA, class IN
Name: ns2.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
origin-it.com: type SOA, class IN, mname ns1.ext.origin-it.com
Name: origin-it.com
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 hour
Data length: 55
Primary name server: ns1.ext.origin-it.com
Responsible authority's mailbox: hostmaster.origin-services.com
Serial number: 2005111500
Refresh interval: 3 hours
Retry interval: 1 hour
Expiration limit: 14 days
Minimum TTL: 1 hour
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Frame 56 (159 bytes on wire, 159 bytes captured)
Arrival Time: Jan 28, 2009 15:56:18.701281000
[Time delta from previous captured frame: 0.000460000 seconds]
[Time delta from previous displayed frame: 0.000460000 seconds]
[Time since reference or first frame: 1.175881000 seconds]
Frame Number: 56
Frame Length: 159 bytes
Capture Length: 159 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8), Dst: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Destination: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
Address: D-Link_52:bf:ab (00:1b:11:52:bf:ab)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
Address: AcctonTe_8e:cb:b8 (00:00:e8:8e:cb:b8)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 212.159.192.10 (212.159.192.10), Dst: 192.168.10.47 (192.168.10.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 145
Identification: 0xbd1b (48411)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 242
Protocol: UDP (0x11)
Header checksum: 0x6bbe [correct]
[Good: True]
[Bad : False]
Source: 212.159.192.10 (212.159.192.10)
Destination: 192.168.10.47 (192.168.10.47)
User Datagram Protocol, Src Port: domain (53), Dst Port: 49832 (49832)
Source port: domain (53)
Destination port: 49832 (49832)
Length: 125
Checksum: 0xf432 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 53]
[Time: 0.070851000 seconds]
Transaction ID: 0x3670
Flags: 0x8400 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
ns3.ext.origin-it.com: type AAAA, class IN
Name: ns3.ext.origin-it.com
Type: AAAA (IPv6 address)
Class: IN (0x0001)
Authoritative nameservers
origin-it.com: type SOA, class IN, mname ns1.ext.origin-it.com
Name: origin-it.com
Type: SOA (Start of zone of authority)
Class: IN (0x0001)
Time to live: 1 hour
Data length: 55
Primary name server: ns1.ext.origin-it.com
Responsible authority's mailbox: hostmaster.origin-services.com
Serial number: 2005111500
Refresh interval: 3 hours
Retry interval: 1 hour
Expiration limit: 14 days
Minimum TTL: 1 hour
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
VI. Remerciements Developpez▲
Vous pouvez retrouver l'article original ici : L'Internet Rapide et Permanent. Christian Caleca a aimablement autorisé l'équipe « Réseaux » de Developpez.com à reprendre son article. Retrouvez tous les articles de Christian Caleca sur cette page.
Nos remerciements à zoom61 et sevyc64 pour leur relecture orthographique.
N'hésitez pas à commenter cet article ! Commentez