DNS报文格式 | 您所在的位置:网站首页 › linux 退出命令界面 › DNS报文格式 |
报文格式:
报文由12字节的首部和4个长度可变的字段组成。 标识字段由客户程序设置并有服务器返回结果。 16bit的标志字段 如下:
QR:0表示查询报文,1表示响应报文Opcode:通常值为0(标准查询),其他值为1(反向查询)和2(服务器状态请求)。AA:表示授权回答(authoritative answer).TC:表示可截断的(truncated)RD:表示期望递归RA:表示可用递归随后3bit必须为0Rcode:返回码,通常为0(没有差错)和3(名字差错) 后面4个16bit字段说明最后4个变长字段中包含的条目数。问题部分:报文格式:
查询名为要查找的名字,它由一个或者多个标示符序列组成。每个标示符已首字节数的计数值来说明该标示符长度,每个名字以0结束。计数字节数必须是0~63之间。该字段无需填充字节。如:www.xjtu.edu.cn
每个问题有一个查询类型,通常查询类型为A(由名字获得IP地址)或者PTR(获得IP地址对应的域名)资源记录部分:报文格式:DNS最后3个字段,回答字段,授权字段和附加信息字段均采用资源记录RR(Resource Record)的相同格式。
域名是记录中资源数据对应的名字。它的格式和查询名字段格式相同。 类型说明R R的类型码。类通常为1,指Internett数据。 生存时间字段是客户程序保留该资源记录的秒数。 资源数据长度说明资源数据的数量。该数据的格式依赖于类型字段的值。对于类型1(A记录)资源数据是4字节的I P地址
关于域名表示使用了 0xc0 这个特殊的跳转指令,其后跟的字节为跳转偏移量(从DNS数据报头,如指向第一个请求的name,使用0xc00c指令)。
DOMAIN NAME SYSTEM (DNS) (see RFC 1034 and RFC 1035) DNS protocol is utilized to identify servers by their IP addresses and aliases given their registered name. The request is usually simple, including just the name of the server. The response however is usually very complex because it contains all the addresses and aliases that the server might have. Because of this a compression algorithm is utilized in all cases to reduce the number of redundant data and the size of the datagrams. UDP is utilized to send and receive DNS requests. DNS MESSAGE FORMAT HeaderQuestionAnswerAuthorityAdditional DNS HEADER FORMAT OCTET 1,2 ID OCTET 3,4 QR(1 bit) + OPCODE(4 bit)+ AA(1 bit) + TC(1 bit) + RD(1 bit)+ RA(1 bit) + Z(3 bit) + RCODE(4 bit)OCTET 5,6 QDCOUNT OCTET 7,8 ANCOUNT OCTET 9,10 NSCOUNT OCTET 11,12 ARCOUNT QUESTION FORMAT OCTET 1,2,…n QNAME OCTET n+1,n+2 QTYPEOCTET n+3,n+4 QCLASS ANSWER, AUTHORITY, ADDITIONAL FORMAT OCTET 1,2,..n NAME OCTET n+1,n+2 TYPEOCTET n+3,n+4 CLASS OCTET n+5,n+6,n+7,n+8 TTL OCTET n+9,n+10 RDLENGTHOCTET n+11,n+12,….. RDATA
DNS SESSION (example) SEND7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C7 00 7E Start 7EAddress FF 03 SEP 00 21 IP Header 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6DUDP Header 00 35 00 2C 0D 54DNS Header 00 02 01 00 00 01 00 00 00 00 00 00DNS Message 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 FCS C7 00Stop 7E IP HeaderVER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000 UDP HeaderSRC_PORT=046D DEST_PORT=0035 UDP_LEN=002C UDP_SUM=0D54 DNS HeaderID=2 QR=0 OPCODE=0 AA = 0 TC=0 RD = 1 RA=0 Z =0 RCCODE=0 QDCOUNT=1 ANCOUNT=0 NSCOUNT=0 ARCOUNT=0 DNS Message QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 QTYPE=0001 QCLASS=0001 Client sends a UDP/IP packet with a DNS question (QR=0) as a standard query (OPCODE=0) with one entry (QDCOUNT=1). It does not include any resource in neither one of the answer, authority or additional records (ANCOUNT=0 NSCOUNT=0 ARCOUNT=0). The QNAME specifies the domain name of the resource the client is searching for (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by the length of the name that follows. The type and class of resource the client is searching for are QTYPE=1 (Host Address), QCLASS=1 (Internet). RECV 7E 21 45 00 01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F 00 35 04 6D 01 4B 49 AA 00 02 85 80 00 01 00 03 00 06 00 06 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C0 0C 00 05 00 01 00 00 00 3C 00 19 04 70 6F 70 64 04 62 65 73 74 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 C0 30 00 05 00 01 00 00 00 00 00 06 03 69 78 36 C0 3A C0 55 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 06 C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 32 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 33 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 34 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 32 C0 3A C0 77 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CB C0 89 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CA C0 9B 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 01 C0 AD 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 02 C0 BF 00 01 00 01 00 00 1C 20 00 04 CE D6 62 21 C0 D7 00 01 00 01 00 00 1C 20 00 04 CE D6 62 22 C8 4C 7E IP HeaderVER=4 IHL=5 TOS=0 TOL=351 ID=63097 FLG=02 FRO=00 TTL=247 PRO=17 IP_SUM=ED98 SRC=199.182.120.203. DEST=206.217.143.31. OPT=00000000 UDP HeaderSRC_PORT=0035 DEST_PORT=046D UDP_LEN=014B UDP_SUM=49AA DNS HeaderID=2 QR=1 OPCODE=0 AA=1 TC=0 RD=1 RA=1 RCODE=0 QDCOUNT=1 ANCOUNT=3 NSCOUNT=6 ARCOUNT=6 Server sends a response (QR=1) to the client standard query (OPCODE=0). Server is an authority for the domain name (AA=1) and can support recursive queries (RA=1). No errors occurred in the client's query (RCODE=0). The response has 1 entry in the question section (QDCOUNT=1), 3 resource records in the answer section (ANCOUNT=3), 6 resource records in the authority section (NSCOUNT=6) and 6 resource records in the additional records section (ARCOUNT=6). Note that offsets are used to replace domain names and reduce the size of the DNS message. Start 7ESEP 21IP Header 45 00 01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F UDP Header 00 35 04 6D 01 4B 49 AA DNS Header 00 02 85 80 00 01 00 03 00 06 00 06 QUESTION 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01ANSWER Name [C0 0C] (offset to position 12 of the DNS message) Type [00 05] Class [00 01] TTL [00 00 00 3C] RDLENGTH [00 19] RDDATA [04 70 6F 70 64 04 62 65 73 74 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00] C0 30 00 05 00 01 00 00 00 00 00 06 03 69 78 36 C0 3A C0 55 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 06AUTHORITY C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 32 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 33 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 34 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 31 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 32 C0 3A ADDITIONAL C0 77 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CB C0 89 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CA C0 9B 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 01 C0 AD 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 02 C0 BF 00 01 00 01 00 00 1C 20 00 04 CE D6 62 21 C0 D7 00 01 00 01 00 00 1C 20 00 04 CE D6 62 22 FCS C8 4C Stop 7E QUESTIONpopd.ix.netcom.com QTYPE=1 QCLASS=1 ANSWERSNAME: .popd.ix.netcom.comRDDATA: .popd.best.ix.netcom.com TYPE=5 CLASS=1 TTL=60NAME: .popd.best.ix.netcom.comRDDATA: .ix6.ix.netcom.com TYPE=5 CLASS=1 TTL=0NAME: .ix6.ix.netcom.comRDDATA: 199.182.120.6. TYPE=1 CLASS=1 TTL=7200 AUTORITIESNAME: .ix.netcom.comRDDATA: .ns1.ix.netcom.com TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .ns2.ix.netcom.com TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .ns3.ix.netcom.com TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .ns4.ix.netcom.com TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .dfw-ixns1.ix.netcom.com TYPE=2 CLASS=1 TTL=7200NAME: .ix.netcom.comRDDATA: .dfw-ixns2.ix.netcom.com TYPE=2 CLASS=1 TTL=7200 ADDITIONAL RECORDSNAME: .ns1.ix.netcom.comRDDATA: 199.182.120.203. TYPE=1 CLASS=1 TTL=7200NAME: .ns2.ix.netcom.comRDDATA: 199.182.120.202. TYPE=1 CLASS=1 TTL=7200NAME: .ns3.ix.netcom.comRDDATA: 199.182.120.1. TYPE=1 CLASS=1 TTL=7200NAME: .ns4.ix.netcom.comRDDATA: 199.182.120.2. TYPE=1 CLASS=1 TTL=7200NAME: .dfw-ixns1.ix.netcom.comRDDATA: 206.214.98.33. TYPE=1 CLASS=1 TTL=7200NAME: .dfw-ixns2.ix.netcom.comRDDATA: 206.214.98.34. TYPE=1 CLASS=1 TTL=7200 DNS Address = 199.182.120.6. |
CopyRight 2018-2019 实验室设备网 版权所有 |