Every time we enter any domain name in the browser to access a website, we use the Dns protocol to perform a "Domain Name: IP" query. As a command line user, the Nslookup command is the most widely used dns-related command. As a programmer, taking c # as an example, the ip address of a domain name is probably the same as the line "System. net. dns. getHostByName (string UriHostName )".
On the back of this simple application, few people will really understand the rules of their protocols, which may be a bit of trouble for programmers who are highly encapsulated. Next, let's take a look at the dns protocol.
DNS structure:
The entire dns is divided into five parts: Header, Question, Answer, Authority, and Additional.
The header size is fixed to 12 bytes. These five parts are not all required. When sending a query request to the server, you only need the first two. The reply does not necessarily contain five (depending on the queried content and returned information ).
Header section:
The header must be 12 bytes long and must be specified no matter whether the query is sent or the result is returned. The result is as follows:
ID: The length is 16 bits. It is a random number defined by the user when sending a query. When the server returns the result, the returned package ID is consistent with the one sent by the user.
QR: The length is 1 bit. 0 indicates a request, and 1 indicates a response.
Opcode: four characters in length. The value 0 indicates a standard query, 1 indicates a reverse query, and 2 indicates a dead server status query.
AA: 1-bit authorization response (Authoritative Answer)-This bit makes sense only when responding. It indicates that the server that gives the response is the authorization resolution server that queries the domain name.
TC: 1-bit length, TrunCation-used to indicate that the message length is longer than the allowed length, resulting in TrunCation.
RD: 1-bit length, expected Recursion (Recursion Desired)-this bit is set by the request and the same value is returned during the response. If RD is set, it is recommended that the Domain Name Server perform recursive resolution. recursive query is optional.
RA: 1-bit length. Recursion Available is supported. This bit is set or canceled in the response to indicate whether the server supports recursive queries.
Z: it has three characters in length and is reserved. The value is 0.
RCode: it has four characters in length and a response code, similar to the http stateCode. The value 0 has no error, 1 has a format error, 2 has a server error, 3 has a name error, 4 does not support it, and 5 does not support it.
QDCount: 16-bit length, number of problem records in the packet request segment.
ANCount: 16-bit length, number of answer records in the message response segment.
NSCOUNT: 16-bit length, number of authorization records in the packet authorization segment.
ARCOUNT: 16-bit length, number of additional records in the additional packet segment.
Question:
This part of content is what you want to query. It is also required.
QName: The domain name you want to query. It is an indefinite field. The format is "length (1 byte) + N byte content (N defined by the previous length) + ~~~ + The length is 0. Starting with a length unit of N, the continuous N Bytes are its content, followed by a N2 length of one byte, followed by N2 bytes, until the length is 0.
QType: The length is 16 bits, indicating the query type. The values are as follows:
Enum QueryType // type of the queried resource record.
{
A = 0x01, // specify the IP address of the computer.
NS = 0x02, // specify the DNS name server used for the naming area.
MD = 0x03, // specify the email receiving site (this type is out of date and is replaced by MX)
MF = 0x04, // specify the Mail Transfer Station (this type is out of date and is replaced by MX)
CNAME = 0x05, // specify the canonical name for the alias.
SOA = 0x06, // specify the "Starting authority" for the DNS region ".
MB = 0x07, // specify the email domain name.
MG = 0x08, // specify the contact list members.
MR = 0x09, // specify the email to rename the domain name.
NULL = 0x0A, // specify an empty resource record
WKS = 0x0B, // describes known services.
PTR = 0x0C, // If the query is an IP address, specify the computer name; otherwise, specify a pointer to other information.
HINFO = 0x0D, // specify the CPU and operating system type of the computer.
MINFO = 0x0E, // specifies the email address or email list information.
MX = 0x0F, // specify the email exchanger.
TXT = 0x10, // specify text information.
UINFO = 0x64, // specify the user information.
UID = 0x65, // specify the user ID.
GID = 0x66, // group ID of the specified group name.
ANY = 0xFF // specify all data types.
};
QClass: The length is 16 bits, indicating classification.
Enum QueryClass // protocol group with specified information.
{
IN = 0x01, // specify the Internet category.
CSNET = 0x02, // specify the CSNET category. (Expired)
CHAOS = 0x03, // specify the Chaos category.
HESIOD = 0x04, // specify the MIT Athena Hesiod category.
ANY = 0xFF // specify ANY previously listed wildcard.
};
Resource Structure:
The following three structures are in the same format. They are all structures and fields.
Name: The domain Name to be queried. It may not be long. The name here is the same as that of the Question structure.
Assume that the content of the name field is as follows:
05 6c 69 78 69 6e 02 6d 65 0
The first byte is the length: 5, so the next five bytes are the content 6c 69 78 69 6e, And the ascii code is converted to "lixin ". Then the length is 2, and the content of the last two bytes is 6d 65 letters for me, and then the length is 0, indicating that the end is over. At last, we need to combine the two paragraphs and add some numbers in the middle to form lixin. me.
However, the question structure is like this. In the subsequent resource structure, if the content of the name field appears before it, it will not waste space to repeat the record, instead, it points to a position with a name in front. For example:
In the question structure, the content of the name field is lixin. me, that is, "05 6c 69 78 69 6e 02 6d 65 0 ". Then, in the answer of the 3rd structure, the content of the first field name is also lixin. me, so it will point to the name address in question and let us read the name content from that address. Therefore, the content of the name field in the answer structure is:
C0 0C
C0: it does not indicate how long the following content is, but the following content is in the offset,
0C: 12 in decimal format, that is, the offset of 12 bytes. The Header structure is fixed to 12 bytes, so the 0C offset is the Name field of Question, that is, the above "05 6c 69 78 69 6e 02 6d 65 0 ".
Type: Same as QType.
Class: Same as QClass.
TTL: time to live. 4 bytes, indicating the cache survival time of resource records in RDATA.
RDLength: the length of the resource.
RDdata: resource content.
The next article describes how to develop a dns queryer. First, let's make a forecast. The program is not complete yet. c # is used, and about 70% has been completed currently.
Reprinted Please note: from Li Xin