RFC 1034 – Domain names – concepts and facilities, November 1987
RFC 1035 – Domain names – implementation and specification, November 1987
RFC 1886 – DNS Extensions to support IP version 6, December 1995
RFC 2136 – Dynamic Updates in the Domain Name System (DNS UPDATE), April 1997
RFC 2308 – Negative Caching of DNS Queries (DNS NCACHE), March 1998
RFC 2535 – Domain Name System Security Extensions, March 1999
RFC DRAFT – A New Scheme for the Compression of Domain Names, June 1999 (not used?)
RFC 2874 – DNS Extensions to Support IPv6 Address Aggregation and Renumbering, July 2000
RFC 3225 – Indicating Resolver Support of DNSSEC, December 2001
RFC 3775 – Legacy Resolver Compatibility for Delegation Signer (DS), May 2004
RFC 4033 – DNS Security Introduction and Requirements, March 2005
RFC 4034 – Resource Records for the DNS Security Extensions, March 2005
RFC 4035 – Protocol Modifications for the DNS Security Extensions, March 2005
RFC 5155 – DNS Security (DNSSEC) Hashed Authenticated Denial of Existence, March 2008
RFC 6840 – Clarifications and Implementation Notes for DNS Security (DNSSEC), February 2013
RFC 6891 – Extension Mechanisms for DNS (EDNS(0)), April 2013 (OPT RR)
RFC 6895 – Domain Name System (DNS) IANA Considerations, April 2013
DNS Message Header and Question Section Format
O’Reilly DNS & BIND: C Programming with the Resolver Library Routines
Compressed Data
| 64 32 16| 8 4 2 1| 64 32 16| 8 4 2 1|
| 8 4 2 1| 8 4 2 1| 8 4 2 1| 8 4 2 1|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| 1 1 | OFFSET |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
The first two bits are ones. This allows a pointer to be distinguished from a label, since the label
must begin with two zero bits because labels are restricted to 63 octets or less.
00 0D B9 35 88 B4 00 1B 21 5C 22 01 08 00 45 00 ...5....!\"...E.
00 77 5D B5 00 00 3B 11 AC CA A0 55 C0 64 0A 29 .w]...;....U.d.)
0A 14 00 35 83 7B 00 63 CE A1 A2 20 81 80 00 01 ...5.{.c... .�..
00 04 00 00 00 00 06 67 6F 6F 67 6C 65 02 63 68 .......google.ch
00 00 01 00 01 C0 0C 00 01 00 01 00 00 00 CE 00 ................
04 AD C2 74 2F C0 0C 00 01 00 01 00 00 00 CE 00 ...t/...........
04 AD C2 74 37 C0 0C 00 01 00 01 00 00 00 CE 00 ...t7...........
04 AD C2 74 38 C0 0C 00 01 00 01 00 00 00 CE 00 ...t8...........
04 AD C2 74 3F ...t?
Ethernet Header
00 0D B9 35 88 B4 00 1B 21 5C 22 01 08 00 ...5....!\"...
Ethernet
|-Destination MAC 00:0d:b9:35:88:b4
|-Source MAC 00:1b:21:5c:22:01
|-Type IPv4 (0x0800)
IP Header
45 00 E.
00 77 5D B5 00 00 3B 11 AC CA A0 55 C0 64 0A 29 .w]...;....U.d.)
0A 14
IPv4 Header
|-IP Version 4
|-IP Header Length 5 dwords or 20 bytes
|-Differentiated Service 0x00
|-IP Total Length 119 bytes
|-Identification 0x5db5 (23989)
|-Flags 0x0000 (0)
|-Don't Fragment Field no set
|-More Fragment Field no set
|-Fragment Offset 0x0000 (0)
|-TTL 59
|-Protocol UDP (17)
|-Checksum 0xacca (44234)
|-Source IP 160.85.192.100 (0x64c055a0)
|-Destination IP 10.41.10.20 (0x140a290a)
UDP Header
. 00 35 83 7B 00 63 CE A1 .5.{.c..
UDPv4 Header
|-Source Port DNS (53)
|-Destination Port unknow (33659)
|-UDP Length 99 Bytes
|-UDP Checksum 0xcea1 (52897)
DNS Header
A2 20 81 80 00 01 . .�..
00 04 00 00 00 00 ......
DNS Header
|-Identifier 0xa220 (41504)
|-Flags 0x8180 (33152)
|-Query / Response (qr) Response
|-Operation Code (opcode) Query (0x0000)
|-Authoritative Answer (aa) not set
|-Truncation (tc) not set
|-Recursion Desired (rd) set
|-Recursion Available (ra) set
|-Authentic Data (ad) not set
|-Checking Disabled (cd) not set
|-Response Code (rcode) No Error (0)
|-Questions 1 (0x0001)
|-Answer RRs 4 (0x0004)
|-Authority RRs 0 (0x0000)
|-Additional RRs 0 (0x0000)
Query
QNAME (n labels), QTYPE, QCLASS
len value len value
len = zero 06 67 6F 6F 67 6C 65 02 63 68 .google.ch
00 00 01 00 01
qtype qclass
Answer
NAME (n labels), TYPE, CLASS, TTL, RDLENGTH, RDATA
link (16-bit)
value C0 0C 00 01 00 01 00 00 00 CE 00 ...........
04 AD C2 74 2F type class ttl len ...t/
C0 0C 00 01 00 01 00 00 00 CE 00 ...........
04 AD C2 74 37 ...t7
C0 0C 00 01 00 01 00 00 00 CE 00 ...........
04 AD C2 74 38 ...t8
C0 0C 00 01 00 01 00 00 00 CE 00 ...........
04 AD C2 74 3F ...t?
cb f3 81 80 00 01 00 02 00 00 00 00 07 61 6e 64
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01
00 01 c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00
01 00 00 02 53 00 04 c2 35 00 aa
DNS Header:
cb f3 81 80 00 01 00 02 00 00 00 00
Query:
07 61 6e 64
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01
00 01
Answer:
c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65
6f 67 72 6f 75 70 03 63 6f 6d 00
c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ………….l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..
c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ………….l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..
cb f3 81 80 00 01 00 02 00 00 00 00 07 61 6e 64 ………….and
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a roid.weatherpro.
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01 meteogroup.de…
00 01 c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ……………l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..
Multiple Questions in the same Request-Packet
can a dns packet have (question section > 1)
Some thoughts on QDCOUNT
Requesting A and AAAA records in single DNS query
4.1.1. Header section format
The header contains the following fields:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
3.2.2. The CD Bit
The CD bit exists in order to allow a security-aware resolver to
disable signature validation in a security-aware name server's
processing of a particular query
3.2.3. The AD Bit
The name server side of a security-aware recursive name server MUST
NOT set the AD bit in a response unless the name server considers all
RRsets in the Answer and Authority sections of the response to be
authentic. The name server side SHOULD set the AD bit if and only if
the resolver side considers all RRsets in the Answer section and any
relevant negative response RRs in the Authority section to be
authentic.
2. DNS Query/Response Headers
The header for DNS queries and responses contains field/bits in the
following diagram taken from [RFC2136]:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| OpCode |AA|TC|RD|RA| Z|AD|CD| RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT/ZOCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT/PRCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT/UPCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+