# DNS – Domain Protocol

DNS Message Header and Question Section Format

O’Reilly DNS & BIND: C Programming with the Resolver Library Routines

#### Compressed Data

|   64 32 16| 8  4  2  1|   64 32 16| 8  4  2  1|
| 8  4  2  1| 8  4  2  1| 8  4  2  1| 8  4  2  1|
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| 1 1 |                OFFSET                   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

The first two bits are ones. This allows a pointer to be distinguished from a label, since the label
must begin with two zero bits because labels are restricted to 63 octets or less.

00 0D B9 35 88 B4 00 1B  21 5C 22 01 08 00 45 00  ...5....!\"...E.
00 77 5D B5 00 00 3B 11  AC CA A0 55 C0 64 0A 29  .w]...;....U.d.)
0A 14 00 35 83 7B 00 63  CE A1 A2 20 81 80 00 01  ...5.{.c... .�..
00 04 00 00 00 00 06 67  6F 6F 67 6C 65 02 63 68  .......google.ch
00 00 01 00 01 C0 0C 00  01 00 01 00 00 00 CE 00  ................
04 AD C2 74 2F C0 0C 00  01 00 01 00 00 00 CE 00  ...t/...........
04 AD C2 74 37 C0 0C 00  01 00 01 00 00 00 CE 00  ...t7...........
04 AD C2 74 38 C0 0C 00  01 00 01 00 00 00 CE 00  ...t8...........
04 AD C2 74 3F                                    ...t?


00 0D B9 35 88 B4 00 1B  21 5C 22 01 08 00        ...5....!\"...

Ethernet
|-Destination MAC                    00:0d:b9:35:88:b4
|-Source MAC                         00:1b:21:5c:22:01
|-Type                               IPv4            (0x0800)


                                           45 00                E.
00 77 5D B5 00 00 3B 11  AC CA A0 55 C0 64 0A 29  .w]...;....U.d.)
0A 14

IPv4 Header
|-IP Version                         4
|-IP Header Length                   5 dwords or 20 bytes
|-Differentiated Service             0x00
|-IP Total Length                    119 bytes
|-Identification                     0x5db5          (23989)
|-Flags                              0x0000          (0)
|-Don't Fragment Field            no set
|-More Fragment Field             no set
|-Fragment Offset                    0x0000          (0)
|-TTL                                59
|-Protocol                           UDP             (17)
|-Checksum                           0xacca          (44234)
|-Source IP                          160.85.192.100  (0x64c055a0)
|-Destination IP                     10.41.10.20     (0x140a290a)


.     00 35 83 7B 00 63  CE A1                      .5.{.c..

UDPv4 Header
|-Source Port                        DNS             (53)
|-Destination Port                   unknow          (33659)
|-UDP Length                         99 Bytes
|-UDP Checksum                       0xcea1          (52897)


                               A2 20 81 80 00 01            . .�..
00 04 00 00 00 00                                 ......

DNS Header
|-Identifier                         0xa220          (41504)
|-Flags                              0x8180          (33152)
|-Query / Response     (qr)       Response
|-Operation Code       (opcode)   Query           (0x0000)
|-Truncation           (tc)       not set
|-Recursion Desired    (rd)       set
|-Recursion Available  (ra)       set
|-Checking Disabled    (cd)       not set
|-Response Code        (rcode)    No Error (0)
|-Questions                          1               (0x0001)
|-Authority RRs                      0               (0x0000)


#### Query

QNAME (n labels), QTYPE, QCLASS

                 len value             len value
len = zero        06 67  6F 6F 67 6C 65 02 63 68        .google.ch
00 00 01 00 01
qtype qclass


NAME (n labels), TYPE, CLASS, TTL, RDLENGTH, RDATA

               link (16-bit)
value       C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 2F       type   class ttl         len ...t/

C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 37                                    ...t7

C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 38                                    ...t8

C0 0C 00  01 00 01 00 00 00 CE 00       ...........
04 AD C2 74 3F                                    ...t?


cb f3 81 80 00 01 00 02 00 00 00 00 07 61 6e 64
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01
00 01 c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00
01 00 00 02 53 00 04 c2 35 00 aa

cb f3 81 80 00 01 00 02 00 00 00 00

Query:

07 61 6e 64
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01
00 01

c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65
6f 67 72 6f 75 70 03 63 6f 6d 00

c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ………….l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..

c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ………….l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..

cb f3 81 80 00 01 00 02 00 00 00 00 07 61 6e 64 ………….and
72 6f 69 64 0a 77 65 61 74 68 65 72 70 72 6f 0a roid.weatherpro.
6d 65 74 65 6f 67 72 6f 75 70 02 64 65 00 00 01 meteogroup.de…
00 01 c0 0c 00 05 00 01 00 00 00 af 00 1d 0c 6c ……………l
62 77 65 61 74 68 65 72 70 72 6f 0a 6d 65 74 65 bweatherpro.mete
6f 67 72 6f 75 70 03 63 6f 6d 00 c0 3e 00 01 00 ogroup.com..>…
01 00 00 02 53 00 04 c2 35 00 aa ….S…5..

#### Multiple Questions in the same Request-Packet

4.1.1. Header section format
The header contains the following fields:
1  1  1  1  1  1
0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                      ID                       |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    QDCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ANCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    NSCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ARCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

3.2.2. The CD Bit
The CD bit exists in order to allow a security-aware resolver to
disable signature validation in a security-aware name server's
processing of a particular query

The name server side of a security-aware recursive name server MUST
NOT set the AD bit in a response unless the name server considers all
RRsets in the Answer and Authority sections of the response to be
authentic.  The name server side SHOULD set the AD bit if and only if
the resolver side considers all RRsets in the Answer section and any
relevant negative response RRs in the Authority section to be
authentic.

2. DNS Query/Response Headers

The header for DNS queries and responses contains field/bits in the
following diagram taken from [RFC2136]:

1  1  1  1  1  1
0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                      ID                       |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR|   OpCode  |AA|TC|RD|RA| Z|AD|CD|   RCODE   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                QDCOUNT/ZOCOUNT                |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                ANCOUNT/PRCOUNT                |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                NSCOUNT/UPCOUNT                |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ARCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+