DNS – Domain Protocol

Leave a reply

RFC 1034 – Domain names – concepts and facilities, November 1987
RFC 1035 – Domain names – implementation and specification, November 1987
RFC 1886 – DNS Extensions to support IP version 6, December 1995
RFC 2136 – Dynamic Updates in the Domain Name System (DNS UPDATE), April 1997
RFC 2308 – Negative Caching of DNS Queries (DNS NCACHE), March 1998
RFC 2535 – Domain Name System Security Extensions, March 1999
RFC DRAFT – A New Scheme for the Compression of Domain Names, June 1999 (not used?)
RFC 2874 – DNS Extensions to Support IPv6 Address Aggregation and Renumbering, July 2000
RFC 3225 – Indicating Resolver Support of DNSSEC, December 2001
RFC 3775 – Legacy Resolver Compatibility for Delegation Signer (DS), May 2004
RFC 4033 – DNS Security Introduction and Requirements, March 2005
RFC 4034 – Resource Records for the DNS Security Extensions, March 2005
RFC 4035 – Protocol Modifications for the DNS Security Extensions, March 2005
RFC 5155 – DNS Security (DNSSEC) Hashed Authenticated Denial of Existence, March 2008
RFC 6840 – Clarifications and Implementation Notes for DNS Security (DNSSEC), February 2013
RFC 6891 – Extension Mechanisms for DNS (EDNS(0)), April 2013 (OPT RR)
RFC 6895 – Domain Name System (DNS) IANA Considerations, April 2013

DNS Message Header and Question Section Format

O’Reilly DNS & BIND: C Programming with the Resolver Library Routines

Compressed Data

|   64 32 16| 8  4  2  1|   64 32 16| 8  4  2  1|
| 8  4  2  1| 8  4  2  1| 8  4  2  1| 8  4  2  1|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| 1 1 |                OFFSET                   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

The first two bits are ones. This allows a pointer to be distinguished from a label, since the label
must begin with two zero bits because labels are restricted to 63 octets or less.

00 0D B9 35 88 B4 00 1B  21 5C 22 01 08 00 45 00  ...5....!\"...E.
00 77 5D B5 00 00 3B 11  AC CA A0 55 C0 64 0A 29  .w]...;....U.d.)
0A 14 00 35 83 7B 00 63  CE A1 A2 20 81 80 00 01  ...5.{.c... .�..
00 04 00 00 00 00 06 67  6F 6F 67 6C 65 02 63 68  .......google.ch
00 00 01 00 01 C0 0C 00  01 00 01 00 00 00 CE 00  ................
04 AD C2 74 2F C0 0C 00  01 00 01 00 00 00 CE 00  ...t/...........
04 AD C2 74 37 C0 0C 00  01 00 01 00 00 00 CE 00  ...t7...........
04 AD C2 74 38 C0 0C 00  01 00 01 00 00 00 CE 00  ...t8...........
04 AD C2 74 3F                                    ...t?

Ethernet Header

00 0D B9 35 88 B4 00 1B  21 5C 22 01 08 00        ...5....!\"...

Ethernet
   |-Destination MAC                    00:0d:b9:35:88:b4
   |-Source MAC                         00:1b:21:5c:22:01
   |-Type                               IPv4            (0x0800)

IP Header

                                           45 00                E.
00 77 5D B5 00 00 3B 11  AC CA A0 55 C0 64 0A 29  .w]...;....U.d.)
0A 14

IPv4 Header
   |-IP Version                         4
   |-IP Header Length                   5 dwords or 20 bytes
   |-Differentiated Service             0x00
   |-IP Total Length                    119 bytes
   |-Identification                     0x5db5          (23989)
   |-Flags                              0x0000          (0)
      |-Don't Fragment Field            no set         
      |-More Fragment Field             no set         
   |-Fragment Offset                    0x0000          (0)
   |-TTL                                59
   |-Protocol                           UDP             (17)
   |-Checksum                           0xacca          (44234)
   |-Source IP                          160.85.192.100  (0x64c055a0)
   |-Destination IP                     10.41.10.20     (0x140a290a)

UDP Header

.     00 35 83 7B 00 63  CE A1                      .5.{.c..

UDPv4 Header
   |-Source Port                        DNS             (53)
   |-Destination Port                   unknow          (33659)
   |-UDP Length                         99 Bytes
   |-UDP Checksum                       0xcea1          (52897)

DNS Header

                               A2 20 81 80 00 01            . .�..
00 04 00 00 00 00                                 ......

DNS Header
   |-Identifier                         0xa220          (41504)
   |-Flags                              0x8180          (33152)
      |-Query / Response     (qr)       Response
      |-Operation Code       (opcode)   Query           (0x0000)
      |-Authoritative Answer (aa)       not set
      |-Truncation           (tc)       not set
      |-Recursion Desired    (rd)       set
      |-Recursion Available  (ra)       set
      |-Authentic Data       (ad)       not set
      |-Checking Disabled    (cd)       not set
      |-Response Code        (rcode)    No Error (0)
   |-Questions                          1               (0x0001)
   |-Answer RRs                         4               (0x0004)
   |-Authority RRs                      0               (0x0000)
   |-Additional RRs                     0               (0x0000)

Query

QNAME (n labels), QTYPE, QCLASS

                 len value             len value
len = zero        06 67  6F 6F 67 6C 65 02 63 68        .google.ch
00 00 01 00 01
   qtype qclass

Answer

NAME (n labels), TYPE, CLASS, TTL, RDLENGTH, RDATA

               link (16-bit)
   value       C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 2F       type   class ttl         len ...t/

               C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 37                                    ...t7

               C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 38                                    ...t8

               C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 3F                                    ...t?


cb f3 81 80 00 01 00 02 00 00 00 00 07 61 6e 64
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01
00 01 c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00
01 00 00 02 53 00 04 c2 35 00 aa

DNS Header:

cb f3 81 80 00 01 00 02 00 00 00 00

Query:

07 61 6e 64
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01
00 01

Answer:

c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65
6f 67 72 6f 75 70 03 63 6f 6d 00


c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ………….l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..

c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ………….l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..

cb f3 81 80 00 01 00 02 00 00 00 00 07 61 6e 64 ………….and
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a roid.weatherpro.
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01 meteogroup.de…
00 01 c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ……………l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..

Multiple Questions in the same Request-Packet

can a dns packet have (question section > 1)
Some thoughts on QDCOUNT
Requesting A and AAAA records in single DNS query

4.1.1. Header section format
The header contains the following fields:
                                    1  1  1  1  1  1
      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |                      ID                       |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |                    QDCOUNT                    |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |                    ANCOUNT                    |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |                    NSCOUNT                    |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |                    ARCOUNT                    |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

3.2.2. The CD Bit
   The CD bit exists in order to allow a security-aware resolver to
   disable signature validation in a security-aware name server's
   processing of a particular query

3.2.3. The AD Bit
   The name server side of a security-aware recursive name server MUST
   NOT set the AD bit in a response unless the name server considers all
   RRsets in the Answer and Authority sections of the response to be
   authentic.  The name server side SHOULD set the AD bit if and only if
   the resolver side considers all RRsets in the Answer section and any
   relevant negative response RRs in the Authority section to be
   authentic.

2. DNS Query/Response Headers


   The header for DNS queries and responses contains field/bits in the
   following diagram taken from [RFC2136]:

                                            1  1  1  1  1  1
              0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
             |                      ID                       |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
             |QR|   OpCode  |AA|TC|RD|RA| Z|AD|CD|   RCODE   |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
             |                QDCOUNT/ZOCOUNT                |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
             |                ANCOUNT/PRCOUNT                |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
             |                NSCOUNT/UPCOUNT                |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
             |                    ARCOUNT                    |
             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

Leave a Reply

Your email address will not be published. Required fields are marked *