{"id":2536,"date":"2014-06-15T15:38:29","date_gmt":"2014-06-15T15:38:29","guid":{"rendered":"http:\/\/blog.bachi.net\/?p=2536"},"modified":"2014-09-02T19:10:21","modified_gmt":"2014-09-02T19:10:21","slug":"dns-domain-protocol","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=2536","title":{"rendered":"DNS – Domain Protocol"},"content":{"rendered":"

RFC 1034 – Domain names – concepts and facilities<\/a>, November 1987
\nRFC 1035 – Domain names – implementation and specification<\/a>, November 1987
\nRFC 1886 – DNS Extensions to support IP version 6<\/a>, December 1995
\nRFC 2136 – Dynamic Updates in the Domain Name System (DNS UPDATE)<\/a>, April 1997
\nRFC 2308 – Negative Caching of DNS Queries (DNS NCACHE)<\/a>, March 1998
\nRFC 2535 – Domain Name System Security Extensions<\/a>, March 1999
\nRFC DRAFT – A New Scheme for the Compression of Domain Names<\/a>, June 1999 (not used?)
\nRFC 2874 – DNS Extensions to Support IPv6 Address Aggregation and Renumbering<\/a>, July 2000
\nRFC 3225 – Indicating Resolver Support of DNSSEC<\/a>, December 2001
\nRFC 3775 – Legacy Resolver Compatibility for Delegation Signer (DS)<\/a>, May 2004
\nRFC 4033 – DNS Security Introduction and Requirements<\/a>, March 2005
\nRFC 4034 – Resource Records for the DNS Security Extensions<\/a>, March 2005
\nRFC 4035 – Protocol Modifications for the DNS Security Extensions<\/a>, March 2005
\nRFC 5155 – DNS Security (DNSSEC) Hashed Authenticated Denial of Existence<\/a>, March 2008
\nRFC 6840 – Clarifications and Implementation Notes for DNS Security (DNSSEC)<\/a>, February 2013
\nRFC 6891 – Extension Mechanisms for DNS (EDNS(0))<\/a>, April 2013 (OPT RR)
\nRFC 6895 – Domain Name System (DNS) IANA Considerations<\/a>, April 2013<\/p>\n

DNS Message Header and Question Section Format<\/a><\/p>\n

O’Reilly DNS & BIND: C Programming with the Resolver Library Routines<\/a><\/p>\n

Compressed Data<\/h4>\n
\r\n|   64 32 16| 8  4  2  1|   64 32 16| 8  4  2  1|\r\n| 8  4  2  1| 8  4  2  1| 8  4  2  1| 8  4  2  1|\r\n+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n| 1 1 |                OFFSET                   |\r\n+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n\r\nThe first two bits are ones. This allows a pointer to be distinguished from a label, since the label\r\nmust begin with two zero bits because labels are restricted to 63 octets or less.\r\n<\/pre>\n
\r\n00 0D B9 35 88 B4 00 1B  21 5C 22 01 08 00 45 00  ...5....!\\"...E.\r\n00 77 5D B5 00 00 3B 11  AC CA A0 55 C0 64 0A 29  .w]...;....U.d.)\r\n0A 14 00 35 83 7B 00 63  CE A1 A2 20 81 80 00 01  ...5.{.c... .\ufffd..\r\n00 04 00 00 00 00 06 67  6F 6F 67 6C 65 02 63 68  .......google.ch\r\n00 00 01 00 01 C0 0C 00  01 00 01 00 00 00 CE 00  ................\r\n04 AD C2 74 2F C0 0C 00  01 00 01 00 00 00 CE 00  ...t\/...........\r\n04 AD C2 74 37 C0 0C 00  01 00 01 00 00 00 CE 00  ...t7...........\r\n04 AD C2 74 38 C0 0C 00  01 00 01 00 00 00 CE 00  ...t8...........\r\n04 AD C2 74 3F                                    ...t?\r\n<\/pre>\n
Ethernet Header<\/h4>\n
\r\n00 0D B9 35 88 B4 00 1B  21 5C 22 01 08 00        ...5....!\\"...\r\n<\/pre>\n
\r\nEthernet\r\n   |-Destination MAC                    00:0d:b9:35:88:b4\r\n   |-Source MAC                         00:1b:21:5c:22:01\r\n   |-Type                               IPv4            (0x0800)\r\n<\/pre>\n
IP Header<\/h4>\n
\r\n                                           45 00                E.\r\n00 77 5D B5 00 00 3B 11  AC CA A0 55 C0 64 0A 29  .w]...;....U.d.)\r\n0A 14\r\n<\/pre>\n
\r\nIPv4 Header\r\n   |-IP Version                         4\r\n   |-IP Header Length                   5 dwords or 20 bytes\r\n   |-Differentiated Service             0x00\r\n   |-IP Total Length                    119 bytes\r\n   |-Identification                     0x5db5          (23989)\r\n   |-Flags                              0x0000          (0)\r\n      |-Don't Fragment Field            no set         \r\n      |-More Fragment Field             no set         \r\n   |-Fragment Offset                    0x0000          (0)\r\n   |-TTL                                59\r\n   |-Protocol                           UDP             (17)\r\n   |-Checksum                           0xacca          (44234)\r\n   |-Source IP                          160.85.192.100  (0x64c055a0)\r\n   |-Destination IP                     10.41.10.20     (0x140a290a)\r\n<\/pre>\n
UDP Header<\/h4>\n
\r\n.     00 35 83 7B 00 63  CE A1                      .5.{.c..\r\n<\/pre>\n
\r\nUDPv4 Header\r\n   |-Source Port                        DNS             (53)\r\n   |-Destination Port                   unknow          (33659)\r\n   |-UDP Length                         99 Bytes\r\n   |-UDP Checksum                       0xcea1          (52897)\r\n<\/pre>\n
DNS Header<\/h4>\n
\r\n                               A2 20 81 80 00 01            . .\ufffd..\r\n00 04 00 00 00 00                                 ......\r\n<\/pre>\n
\r\nDNS Header\r\n   |-Identifier                         0xa220          (41504)\r\n   |-Flags                              0x8180          (33152)\r\n      |-Query \/ Response     (qr)       Response\r\n      |-Operation Code       (opcode)   Query           (0x0000)\r\n      |-Authoritative Answer (aa)       not set\r\n      |-Truncation           (tc)       not set\r\n      |-Recursion Desired    (rd)       set\r\n      |-Recursion Available  (ra)       set\r\n      |-Authentic Data       (ad)       not set\r\n      |-Checking Disabled    (cd)       not set\r\n      |-Response Code        (rcode)    No Error (0)\r\n   |-Questions                          1               (0x0001)\r\n   |-Answer RRs                         4               (0x0004)\r\n   |-Authority RRs                      0               (0x0000)\r\n   |-Additional RRs                     0               (0x0000)\r\n<\/pre>\n
Query<\/h4>\n
QNAME (n labels), QTYPE, QCLASS<\/p>\n
\r\n                 len value             len value\r\nlen = zero        06 67  6F 6F 67 6C 65 02 63 68        .google.ch\r\n00 00 01 00 01\r\n   qtype qclass\r\n<\/pre>\n
Answer<\/h4>\n
NAME (n labels), TYPE, CLASS, TTL, RDLENGTH, RDATA<\/p>\n
\r\n               link (16-bit)\r\n   value       C0 0C 00  01 00 01 00 00 00 CE 00       ...........\r\n04 AD C2 74 2F       type   class ttl         len ...t\/\r\n\r\n               C0 0C 00  01 00 01 00 00 00 CE 00       ...........\r\n04 AD C2 74 37                                    ...t7\r\n\r\n               C0 0C 00  01 00 01 00 00 00 CE 00       ...........\r\n04 AD C2 74 38                                    ...t8\r\n\r\n               C0 0C 00  01 00 01 00 00 00 CE 00       ...........\r\n04 AD C2 74 3F                                    ...t?\r\n<\/pre>\n

\ncb f3 81 80 00 01 00 02  00 00 00 00 07 61 6e 64
\n72 6f 69 64 0a 77 65 61  74 68 65 72 70 72 6f 0a
\n6d 65 74 65 6f 67 72 6f  75 70 02 64 65 00 00 01
\n00 01 c0 0c 00 05 00 01  00 00 00 af 00 1d 0c 6c
\n62 77 65 61 74 68 65 72  70 72 6f 0a 6d 65 74 65
\n6f 67 72 6f 75 70 03 63  6f 6d 00 c0 3e 00 01 00
\n01 00 00 02 53 00 04 c2  35 00 aa
\n<\/span><\/p>\n
DNS Header:
\n
\ncb f3<\/span> 81 80<\/span> 00 01<\/span> 00 02<\/span>  00 00<\/span> 00 00<\/span>
\n<\/span><\/p>\n
Query:
\n
\n                                     07<\/span> 61 6e 64
\n72 6f 69 64 0a<\/span> 77 65 61  74 68 65 72 70 72 6f 0a<\/span>
\n6d 65 74 65 6f 67 72 6f  75 70 02<\/span> 64 65 00<\/span> 00 01<\/span>
\n00 01
\n<\/span><\/p>\n
Answer:
\n
\n      c0 0c<\/span> 00 05<\/span> 00 01<\/span>  00 00 00 af<\/span> 00 1d<\/span> 0c<\/span> 6c
\n62 77 65 61 74 68 65 72  70 72 6f 0a<\/span> 6d 65 74 65
\n6f 67 72 6f 75 70 03<\/span> 63  6f 6d 00<\/span>
\n<\/span><\/p>\n

\n      c0 0c 00 05 00 01  00 00 00 af 00 1d 0c 6c    ………….l
\n62 77 65 61 74 68 65 72  70 72 6f 0a 6d 65 74 65  bweatherpro.mete
\n6f 67 72 6f 75 70 03 63  6f 6d 00 c0 3e 00 01 00  ogroup.com..>…
\n01 00 00 02 53 00 04 c2  35 00 aa                 ….S…5..<\/p>\n
      c0 0c 00 05 00 01  00 00 00 af 00 1d 0c 6c    ………….l
\n62 77 65 61 74 68 65 72  70 72 6f 0a 6d 65 74 65  bweatherpro.mete
\n6f 67 72 6f 75 70 03 63  6f 6d 00 c0 3e 00 01 00  ogroup.com..>…
\n01 00 00 02 53 00 04 c2  35 00 aa                 ….S…5..<\/p>\n
cb f3 81 80 00 01 00 02  00 00 00 00 07 61 6e 64  ………….and
\n72 6f 69 64 0a 77 65 61  74 68 65 72 70 72 6f 0a  roid.weatherpro.
\n6d 65 74 65 6f 67 72 6f  75 70 02 64 65 00 00 01  meteogroup.de…
\n00 01 c0 0c 00 05 00 01  00 00 00 af 00 1d 0c 6c  ……………l
\n62 77 65 61 74 68 65 72  70 72 6f 0a 6d 65 74 65  bweatherpro.mete
\n6f 67 72 6f 75 70 03 63  6f 6d 00 c0 3e 00 01 00  ogroup.com..>…
\n01 00 00 02 53 00 04 c2  35 00 aa                 ….S…5..<\/p>\n
<\/span><\/p>\n
Multiple Questions in the same Request-Packet<\/h4>\n
can a dns packet have (question section > 1)<\/a>
\nSome thoughts on QDCOUNT<\/a>
\nRequesting A and AAAA records in single DNS query<\/a><\/p>\n
\r\n4.1.1. Header section format\r\nThe header contains the following fields:\r\n                                    1  1  1  1  1  1\r\n      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n    |                      ID                       |\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n    |                    QDCOUNT                    |\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n    |                    ANCOUNT                    |\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n    |                    NSCOUNT                    |\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n    |                    ARCOUNT                    |\r\n    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n<\/pre>\n
\r\n3.2.2. The CD Bit\r\n   The CD bit exists in order to allow a security-aware resolver to\r\n   disable signature validation in a security-aware name server's\r\n   processing of a particular query\r\n\r\n3.2.3. The AD Bit\r\n   The name server side of a security-aware recursive name server MUST\r\n   NOT set the AD bit in a response unless the name server considers all\r\n   RRsets in the Answer and Authority sections of the response to be\r\n   authentic.  The name server side SHOULD set the AD bit if and only if\r\n   the resolver side considers all RRsets in the Answer section and any\r\n   relevant negative response RRs in the Authority section to be\r\n   authentic.\r\n<\/pre>\n
\r\n2. DNS Query\/Response Headers\r\n\r\n\r\n   The header for DNS queries and responses contains field\/bits in the\r\n   following diagram taken from [RFC2136]:\r\n\r\n                                            1  1  1  1  1  1\r\n              0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n             |                      ID                       |\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n             |QR|   OpCode  |AA|TC|RD|RA| Z|AD|CD|   RCODE   |\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n             |                QDCOUNT\/ZOCOUNT                |\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n             |                ANCOUNT\/PRCOUNT                |\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n             |                NSCOUNT\/UPCOUNT                |\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n             |                    ARCOUNT                    |\r\n             +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
RFC 1034 – Domain names – concepts and facilities, November 1987 RFC 1035 – Domain names – implementation and specification, November 1987 RFC 1886 – DNS Extensions to support IP version 6, December 1995 RFC 2136 – Dynamic Updates in the Domain Name System (DNS UPDATE), April 1997 RFC 2308 – Negative Caching of DNS […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2536","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/2536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2536"}],"version-history":[{"count":43,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/2536\/revisions"}],"predecessor-version":[{"id":2910,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/2536\/revisions\/2910"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}