设为首页收藏本站
开启辅助访问
DNS报文格式 您所在的位置:网站首页 linux 退出命令界面 DNS报文格式

DNS报文格式

#DNS报文格式| 来源: 网络整理| 查看: 265

 报文格式:

 

报文由12字节的首部和4个长度可变的字段组成。

标识字段由客户程序设置并有服务器返回结果。

16bit的标志字段 如下: 

 

QR:0表示查询报文,1表示响应报文Opcode:通常值为0(标准查询),其他值为1(反向查询)和2(服务器状态请求)。AA:表示授权回答(authoritative answer).TC:表示可截断的(truncated)RD:表示期望递归RA:表示可用递归随后3bit必须为0Rcode:返回码,通常为0(没有差错)和3(名字差错)

后面4个16bit字段说明最后4个变长字段中包含的条目数。问题部分:报文格式:

 

 

查询名为要查找的名字,它由一个或者多个标示符序列组成。每个标示符已首字节数的计数值来说明该标示符长度,每个名字以0结束。计数字节数必须是0~63之间。该字段无需填充字节。如:www.xjtu.edu.cn

 

每个问题有一个查询类型,通常查询类型为A(由名字获得IP地址)或者PTR(获得IP地址对应的域名)资源记录部分:报文格式:DNS最后3个字段,回答字段,授权字段和附加信息字段均采用资源记录RR(Resource Record)的相同格式。

 

 

 

域名是记录中资源数据对应的名字。它的格式和查询名字段格式相同。

类型说明R R的类型码。类通常为1,指Internett数据。

生存时间字段是客户程序保留该资源记录的秒数。

资源数据长度说明资源数据的数量。该数据的格式依赖于类型字段的值。对于类型1(A记录)资源数据是4字节的I P地址

 

 关于域名表示使用了 0xc0 这个特殊的跳转指令,其后跟的字节为跳转偏移量(从DNS数据报头,如指向第一个请求的name,使用0xc00c指令)。

 

DOMAIN NAME SYSTEM (DNS) (see RFC 1034 and RFC 1035)

DNS protocol is utilized to identify servers by their IP addresses and aliases given their registered name. The request is usually simple, including just the name of the server. The response however is usually very complex because it contains all the addresses and aliases that the server might have. Because of this a compression algorithm is utilized in all cases to reduce the number of redundant data and the size of the datagrams. UDP is utilized to send and receive DNS requests. DNS MESSAGE FORMAT

HeaderQuestionAnswerAuthorityAdditional

DNS HEADER FORMAT

OCTET 1,2  ID OCTET 3,4 QR(1 bit) + OPCODE(4 bit)+ AA(1 bit) + TC(1 bit) + RD(1 bit)+ RA(1 bit) +   Z(3 bit) + RCODE(4 bit)OCTET 5,6 QDCOUNT OCTET 7,8 ANCOUNT OCTET 9,10 NSCOUNT OCTET 11,12 ARCOUNT

QUESTION FORMAT

OCTET 1,2,…n  QNAME OCTET n+1,n+2 QTYPEOCTET n+3,n+4 QCLASS

ANSWER, AUTHORITY, ADDITIONAL FORMAT

OCTET 1,2,..n   NAME OCTET n+1,n+2  TYPEOCTET n+3,n+4  CLASS OCTET n+5,n+6,n+7,n+8 TTL OCTET n+9,n+10  RDLENGTHOCTET n+11,n+12,….. RDATA

 

DNS SESSION (example)

SEND7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C7 00 7E

Start  7EAddress  FF 03 SEP  00 21 IP Header 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6DUDP Header 00 35 00 2C 0D 54DNS Header 00 02 01 00 00 01 00 00 00 00 00 00DNS Message 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 FCS  C7 00Stop  7E

IP HeaderVER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000

UDP HeaderSRC_PORT=046D DEST_PORT=0035 UDP_LEN=002C UDP_SUM=0D54

DNS HeaderID=2   QR=0  OPCODE=0  AA = 0  TC=0 RD = 1 RA=0 Z =0  RCCODE=0  QDCOUNT=1 ANCOUNT=0 NSCOUNT=0 ARCOUNT=0

DNS Message QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00  QTYPE=0001  QCLASS=0001

Client sends a UDP/IP packet with a DNS question  (QR=0) as a standard query (OPCODE=0) with one entry  (QDCOUNT=1). It does not include any resource in neither one of the answer, authority or additional records (ANCOUNT=0  NSCOUNT=0  ARCOUNT=0). The QNAME specifies the domain name of the resource the client is searching for (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by the length of the name that follows. The type and class of resource the client is searching for are QTYPE=1 (Host Address),  QCLASS=1 (Internet).

RECV 7E 21 45 00 01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F 00 35 04 6D 01 4B 49 AA 00 02 85 80 00 01 00 03 00 06 00 06 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C0 0C 00 05 00 01 00 00 00 3C 00 19 04 70 6F 70 64 04 62 65 73 74 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 C0 30 00 05 00 01 00 00 00 00 00 06 03 69 78 36 C0 3A C0 55 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 06 C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 32 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 33 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 34 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 32 C0 3A C0 77 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CB C0 89 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CA C0 9B 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 01 C0 AD 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 02 C0 BF 00 01 00 01 00 00 1C 20 00 04 CE D6 62 21 C0 D7 00 01 00 01 00 00 1C 20 00 04 CE D6 62 22 C8 4C 7E

IP HeaderVER=4 IHL=5 TOS=0 TOL=351 ID=63097 FLG=02 FRO=00 TTL=247 PRO=17 IP_SUM=ED98 SRC=199.182.120.203. DEST=206.217.143.31. OPT=00000000

UDP HeaderSRC_PORT=0035   DEST_PORT=046D   UDP_LEN=014B  UDP_SUM=49AA

DNS HeaderID=2  QR=1  OPCODE=0  AA=1  TC=0  RD=1  RA=1  RCODE=0 QDCOUNT=1 ANCOUNT=3 NSCOUNT=6 ARCOUNT=6

Server sends a response (QR=1) to the client standard query (OPCODE=0). Server is an authority for the domain name (AA=1) and can support recursive queries (RA=1). No errors occurred in the client's query (RCODE=0). The response has 1 entry in the question section (QDCOUNT=1), 3 resource records in the answer section (ANCOUNT=3), 6 resource records in the authority section (NSCOUNT=6) and 6 resource records in the additional records section (ARCOUNT=6). Note that offsets are used to replace domain names and reduce the size of the DNS message. Start  7ESEP  21IP Header 45 00 01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F UDP Header 00 35 04 6D 01 4B 49 AA DNS Header 00 02 85 80 00 01 00 03 00 06 00 06 QUESTION 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01ANSWER   Name [C0 0C] (offset to position 12 of the DNS message)  Type [00 05] Class [00 01] TTL [00 00 00 3C] RDLENGTH [00 19]  RDDATA [04 70 6F 70 64 04 62 65 73 74 02 69 78 06 6E 65 74 63 6F 6D 03 63   6F 6D 00]   C0 30 00 05 00 01 00 00 00 00 00 06  03 69 78 36 C0 3A   C0 55 00 01 00 01 00 00 1C 20 00 04   C7 B6 78 06AUTHORITY C0 3A 00 02 00 01 00 00 1C 20 00 06  03 6E 73 31 C0 3A  C0 3A 00 02 00 01 00 00 1C 20 00 06  03 6E 73 32 C0 3A   C0 3A 00 02 00 01 00 00 1C 20 00 06 03   6E 73 33 C0 3A   C0 3A 00 02 00 01 00 00 1C 20 00 06 03   6E 73 34 C0 3A  C0 3A 00 02 00 01 00 00 1C 20 00 0C 09   64 66 77 2D 69 78 6E 73 31 C0 3A   C0 3A 00 02 00 01 00 00 1C 20 00 0C 09   64 66 77 2D 69 78 6E 73 32 C0 3A ADDITIONAL C0 77 00 01 00 01 00 00 1C 20 00 04   C7 B6 78 CB   C0 89  00 01 00 01 00 00 1C 20 00 04   C7 B6 78 CA  C0 9B 00 01 00 01 00 00 1C 20 00 04   C7 B6 78 01  C0 AD 00 01 00 01 00 00 1C 20 00 04   C7 B6 78 02  C0 BF 00 01 00 01 00 00 1C 20 00 04   CE D6 62 21  C0 D7 00 01 00 01 00 00 1C 20 00 04   CE D6 62 22 FCS  C8 4C Stop  7E

QUESTIONpopd.ix.netcom.com QTYPE=1  QCLASS=1

ANSWERSNAME: .popd.ix.netcom.comRDDATA: .popd.best.ix.netcom.com   TYPE=5 CLASS=1 TTL=60NAME: .popd.best.ix.netcom.comRDDATA: .ix6.ix.netcom.com   TYPE=5 CLASS=1 TTL=0NAME: .ix6.ix.netcom.comRDDATA: 199.182.120.6.   TYPE=1 CLASS=1 TTL=7200

AUTORITIESNAME: .ix.netcom.comRDDATA: .ns1.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .ns2.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .ns3.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .ns4.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .dfw-ixns1.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .dfw-ixns2.ix.netcom.com   TYPE=2 CLASS=1 TTL=7200

ADDITIONAL RECORDSNAME: .ns1.ix.netcom.comRDDATA: 199.182.120.203.   TYPE=1 CLASS=1 TTL=7200NAME: .ns2.ix.netcom.comRDDATA: 199.182.120.202.   TYPE=1 CLASS=1 TTL=7200NAME: .ns3.ix.netcom.comRDDATA: 199.182.120.1.   TYPE=1 CLASS=1 TTL=7200NAME: .ns4.ix.netcom.comRDDATA: 199.182.120.2.   TYPE=1 CLASS=1 TTL=7200NAME: .dfw-ixns1.ix.netcom.comRDDATA: 206.214.98.33.   TYPE=1 CLASS=1 TTL=7200NAME: .dfw-ixns2.ix.netcom.comRDDATA: 206.214.98.34.   TYPE=1 CLASS=1 TTL=7200

DNS Address = 199.182.120.6.



【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有