DNS Protocol. Description and Packet Format

DOMAIN NAME SYSTEM (DNS) 
(see RFC 1034 and RFC 1035)

DNS protocol is utilized to identify servers by their IP addresses and aliases given their 
registered name. The request is usually simple, including just the name of the server. The 
response however is usually very complex because it contains all the addresses and aliases 
that the server might have. Because of this a compression algorithm is utilized in all cases 
to reduce the number of redundant data and the size of the datagrams. UDP is utilized to send 
and receive DNS requests.

DNS MESSAGE FORMAT

Header
Question
Answer
Authority
Additional

DNS HEADER FORMAT

OCTET 1,2 	ID 
OCTET 3,4	QR(1 bit) + OPCODE(4 bit)+ AA(1 bit) + TC(1 bit) + RD(1 bit)+ RA(1 bit) + 
		Z(3 bit) + RCODE(4 bit)
OCTET 5,6	QDCOUNT 
OCTET 7,8	ANCOUNT	
OCTET 9,10	NSCOUNT	
OCTET 11,12	ARCOUNT

QUESTION FORMAT

OCTET 1,2,…n 	QNAME 
OCTET n+1,n+2	QTYPE
OCTET n+3,n+4	QCLASS 

ANSWER, AUTHORITY, ADDITIONAL FORMAT

OCTET 1,2,..n 		NAME 
OCTET n+1,n+2		TYPE
OCTET n+3,n+4		CLASS 
OCTET n+5,n+6,n+7,n+8	TTL 
OCTET n+9,n+10		RDLENGTH
OCTET n+11,n+12,…..	RDATA

DNS SESSION (example)

SEND
7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 
2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 
03 63 6F 6D 00 00 01 00 01 C7 00 7E 

Start		7E
Address		FF 03 
SEP		00 21 
IP Header	45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D
UDP Header	00 35 00 2C 0D 54
DNS Header	00 02 01 00 00 01 00 00 00 00 00 00
DNS Message	04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 
FCS		C7 00
Stop		7E 

IP Header
VER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 
SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000

UDP Header
SRC_PORT=046D DEST_PORT=0035 UDP_LEN=002C UDP_SUM=0D54 

DNS Header
ID=2   QR=0  OPCODE=0  AA = 0  TC=0 RD = 1 RA=0 Z =0  RCCODE=0  QDCOUNT=1 
ANCOUNT=0 NSCOUNT=0 ARCOUNT=0

DNS Message 
QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00  QTYPE=0001  QCLASS=0001 

Client sends a UDP/IP packet with a DNS question  (QR=0) as a standard query 
(OPCODE=0) with one entry  (QDCOUNT=1). It does not include any resource in neither one 
of the answer, authority or additional records (ANCOUNT=0  NSCOUNT=0  ARCOUNT=0). 
The QNAME specifies the domain name of the resource the client is searching for 
(QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by 
the length of the name that follows. The type and class of resource the client is searching 
for are QTYPE=1 (Host Address),  QCLASS=1 (Internet).

RECV 
7E 21 45 00 01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F 00 35 04 6D 01 4B 49 
AA 00 02 85 80 00 01 00 03 00 06 00 06 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 
6F 6D 00 00 01 00 01 C0 0C 00 05 00 01 00 00 00 3C 00 19 04 70 6F 70 64 04 62 65 73 74 02 
69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 C0 30 00 05 00 01 00 00 00 00 00 06 03 69 78 36 
C0 3A C0 55 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 06 C0 3A 00 02 00 01 00 00 1C 20 00 06 
03 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 32 C0 3A C0 3A 00 02 00 01 
00 00 1C 20 00 06 03 6E 73 33 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 34 C0 3A 
C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 31 C0 3A C0 3A 00 02 00 01 
00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 32 C0 3A C0 77 00 01 00 01 00 00 1C 20 00 04 
C7 B6 78 CB C0 89 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CA C0 9B 00 01 00 01 00 00 1C 20 
00 04 C7 B6 78 01 C0 AD 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 02 C0 BF 00 01 00 01 00 00 
1C 20 00 04 CE D6 62 21 C0 D7 00 01 00 01 00 00 1C 20 00 04 CE D6 62 22 C8 4C 7E

IP Header
VER=4 IHL=5 TOS=0 TOL=351 ID=63097 FLG=02 FRO=00 TTL=247 PRO=17 IP_SUM=ED98 
SRC=199.182.120.203. DEST=206.217.143.31. OPT=00000000

UDP Header
SRC_PORT=0035   DEST_PORT=046D   UDP_LEN=014B  UDP_SUM=49AA

DNS Header
ID=2  QR=1  OPCODE=0  AA=1  TC=0  RD=1  RA=1  RCODE=0 QDCOUNT=1 ANCOUNT=3 NSCOUNT=6 ARCOUNT=6

Server sends a response (QR=1) to the client standard query (OPCODE=0). 
Server is an authority for the domain name (AA=1) and can support recursive queries (RA=1). 
No errors occurred in the client's query (RCODE=0). The response has 1 entry in the 
question section (QDCOUNT=1), 3 resource records in the answer section (ANCOUNT=3), 
6 resource records in the authority section (NSCOUNT=6) and 6 resource records in the 
additional records section (ARCOUNT=6). Note that offsets are used to replace domain names 
and reduce the size of the DNS message.
 
Start		7E
SEP		21
IP Header	45 00 01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F 
UDP Header	00 35 04 6D 01 4B 49 AA 
DNS Header	00 02 85 80 00 01 00 03 00 06 00 06 
QUESTION	04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01
ANSWER 		Name [C0 0C] (offset to position 12 of the DNS message)
		Type [00 05] Class [00 01] TTL [00 00 00 3C] RDLENGTH [00 19]
		RDDATA [04 70 6F 70 64 04 62 65 73 74 02 69 78 06 6E 65 74 63 6F 6D 03 63 
		6F 6D 00] 
		C0 30 00 05 00 01 00 00 00 00 00 06
		03 69 78 36 C0 3A 
		C0 55 00 01 00 01 00 00 1C 20 00 04 
		C7 B6 78 06
AUTHORITY	C0 3A 00 02 00 01 00 00 1C 20 00 06
		03 6E 73 31 C0 3A
		C0 3A 00 02 00 01 00 00 1C 20 00 06
		03 6E 73 32 C0 3A 
		C0 3A 00 02 00 01 00 00 1C 20 00 06 03 
		6E 73 33 C0 3A 
		C0 3A 00 02 00 01 00 00 1C 20 00 06 03 
		6E 73 34 C0 3A
		C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 
		64 66 77 2D 69 78 6E 73 31 C0 3A 
		C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 
		64 66 77 2D 69 78 6E 73 32 C0 3A 
ADDITIONAL	C0 77 00 01 00 01 00 00 1C 20 00 04 
		C7 B6 78 CB 
		C0 89  00 01 00 01 00 00 1C 20 00 04 
		C7 B6 78 CA
		C0 9B 00 01 00 01 00 00 1C 20 00 04 
		C7 B6 78 01
		C0 AD 00 01 00 01 00 00 1C 20 00 04 
		C7 B6 78 02
		C0 BF 00 01 00 01 00 00 1C 20 00 04 
		CE D6 62 21
		C0 D7 00 01 00 01 00 00 1C 20 00 04 
		CE D6 62 22 
FCS		C8 4C 
Stop		7E 

QUESTION
popd.ix.netcom.com QTYPE=1  QCLASS=1

ANSWERS
NAME: .popd.ix.netcom.com
RDDATA: .popd.best.ix.netcom.com   TYPE=5 CLASS=1 TTL=60
NAME: .popd.best.ix.netcom.com
RDDATA: .ix6.ix.netcom.com   TYPE=5 CLASS=1 TTL=0
NAME: .ix6.ix.netcom.com
RDDATA: 199.182.120.6.   TYPE=1 CLASS=1 TTL=7200

AUTORITIES
NAME: .ix.netcom.com
RDDATA: .ns1.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200
NAME: .ix.netcom.com
RDDATA: .ns2.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200
NAME: .ix.netcom.com
RDDATA: .ns3.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200
NAME: .ix.netcom.com
RDDATA: .ns4.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200
NAME: .ix.netcom.com
RDDATA: .dfw-ixns1.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200
NAME: .ix.netcom.com
RDDATA: .dfw-ixns2.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200

ADDITIONAL RECORDS
NAME: .ns1.ix.netcom.com
RDDATA: 199.182.120.203.   TYPE=1 CLASS=1 TTL=7200
NAME: .ns2.ix.netcom.com
RDDATA: 199.182.120.202.   TYPE=1 CLASS=1 TTL=7200
NAME: .ns3.ix.netcom.com
RDDATA: 199.182.120.1.   TYPE=1 CLASS=1 TTL=7200
NAME: .ns4.ix.netcom.com
RDDATA: 199.182.120.2.   TYPE=1 CLASS=1 TTL=7200
NAME: .dfw-ixns1.ix.netcom.com
RDDATA: 206.214.98.33.   TYPE=1 CLASS=1 TTL=7200
NAME: .dfw-ixns2.ix.netcom.com
RDDATA: 206.214.98.34.   TYPE=1 CLASS=1 TTL=7200

DNS Address = 199.182.120.6.

Previous Next Contents

alex@netfor2.com