DNS Protocol message Format

DNS Message Format:

The message consists of a 12-byte header and 4 variable-length fields.

The Identity field is set by the client program and has the server return result.

The flag fields for 16bit are as follows:

qr:0 represents the query message, 1 indicates the response message

Opcode: Usually the value is 0 (standard query), the other value is 1 (reverse query) and 2 (server state request).

AA: An authorized Answer (authoritative answer).

TC: Can be truncated (truncated)

RD: Indicates expected recursion

RA: Indicates available recursion

The 3bit must then be 0

Rcode: Return code, usually 0 (without error) and 3 (name mistake)

The following 4 16bit fields describe the number of entries contained in the last 4 variable-length fields.

Part of the question:

Message format:

The query name is the name to look for, which consists of one or more identifiers sequences. Each identifier has a count of the number of bytes in the first byte to indicate the length of the indicator, with each name ending with 0. Count byte number must be between 0~63. The field does not need to populate bytes. such as: gemini.tuc.noao.edu

Each problem has a query type, usually the query type is a (get the IP address by name) or PTR (obtain the domain name corresponding to the IP address)

Resource records Section:

Message format:

DNS last 3 fields, answer fields, authorization fields, and additional information fields are in the same format as resource record RRs (Resource Records).

Domain name is the name of the resource data in the record. It has the same format as the query name segment.

Type description r r's type code. Class is usually 1, which means I n T e R n e t data.

The live Time field is the number of seconds that the client keeps the resource record.

The resource data length describes the amount of resource data. The format of the data depends on the value of the Type field. For Type 1 (a record) resource data is a 4-byte I-P address.

Packet DNS query: (DNS query)

0000 6e BF A4 1a B2 E0 (a) A. . Vn ..... E.

0010 3b Ed C6 e3 C3 ac 0f /AC    .; ...... ........

0020 F 9 9 2f BD 3e 3a 01 00 00 01 ..... 5. '/.>: .

0030 (6f 6f) 6c ... ww.googl. W ------

0040 (6e) e.cn .....

Description:

The preceding three segments are Ethernet headers, IP headers, and UDP headers.

Starts as a DNS packet from 0020 lines later.

3e 3a for standard literacy section

as a flag field, this field sets the TC to indicate that the message is truncated.

The number of query messages is 1.

for the answer, the authorization and additional information were 0.

The name of the query is www.google.com, for a 6f 6f, 6c, 6e

1 for Type a query

classes, 1 for Internet data.

 

Data Packets DNS Response (DNS response)

0000 A4 1a b2 e0 6e/BF .... .. Vn ..... E.

0010 A 7d-8b 9e ac F9 ac . XH ...}. ........

0020 0f - A9 db 3e 3a 81 80 00 01 ... 5...D u.>: .

0030 (6f 6f 6c ... w ww.googl , ...), with the same.

0040 6e c0 0c e.cn ... ........, ......

0050 6e 6c (6f 6f) 6c, at the same. b...cn. L.GOOGL

0060 to 6f 6d C0 2b 5f e.com..+ ......... _

0070 CB D0 C0 2b 5f ...!!!!!! E.+ ... _

0080 CB D0 21 64 ...! D

Description:

The preceding three segments are Ethernet headers, IP headers, and UDP headers.

3e 3a for standard literacy section

Bayi for the Flag field, which set the QR = 1,rd = 1,ra = 1

of Number of questions 1 , of Number of answers 3 , the remaining two are 0 .

The name of the query is www.google.com, for a 6f 6f, 6c, 6e

1 for Type a query

classes, 1 for Internet data.

next for the answer message ,

C0 0c to the domain name pointer

of represents CNAME (canonical name)

of class, expressed as Internet Data

at the same Life Time

One Data Length

6e 6c (6f 6f) 6c (6f) and 6d for Data cn.l.google.cn

then the next two paragraphs answer for the other two. The last data is the IP address.