Scribd Logo
Upload

Welcome to Scribd!

  • DNS Protocol Explained

    Uploaded by

    Edson Bulalacao
    55 views5 pages
    The DNS protocol is used to map server names to their IP addresses. A client sends a DNS query to look up the IP address for a domain name. The server response contains the IP address along with additional metadata like name servers for the domain. Compression is used to reduce the size of DNS responses, which can contain multiple addresses and aliases for efficient lookups.

    Original Description:

    Original Title

    aa

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The DNS protocol is used to map server names to their IP addresses. A client sends a DNS query to look up the IP address for a domain name. The server response contains the IP address along with additional metadata like name servers for the domain. Compression is used to reduce the size of DNS responses, which can contain multiple addresses and aliases for efficient lookups.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views5 pages

    DNS Protocol Explained

    Uploaded by

    Edson Bulalacao
    The DNS protocol is used to map server names to their IP addresses. A client sends a DNS query to look up the IP address for a domain name. The server response contains the IP address along with additional metadata like name servers for the domain. Compression is used to reduce the size of DNS responses, which can contain multiple addresses and aliases for efficient lookups.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    -------------------------------------------------------------------------------DOMAIN NAME SYSTEM (DNS)

    (see RFC 1034 and RFC 1035)


    DNS protocol is utilized to identify servers by their IP addresses and aliases g
    iven their
    registered name. The request is usually simple, including just the name of the s
    erver. The
    response however is usually very complex because it contains all the addresses a
    nd aliases
    that the server might have. Because of this a compression algorithm is utilized
    in all cases
    to reduce the number of redundant data and the size of the datagrams. UDP is uti
    lized to send
    and receive DNS requests.
    DNS MESSAGE FORMAT
    Header
    Question
    Answer
    Authority
    Additional
    DNS HEADER FORMAT
    OCTET 1,2
    OCTET 3,4
    (1 bit) +

    ID
    QR(1 bit) + OPCODE(4 bit)+ AA(1 bit) + TC(1 bit) + RD(1 bit)+ RA

    OCTET
    OCTET
    OCTET
    OCTET

    Z(3 bit) + RCODE(4 bit)


    QDCOUNT
    ANCOUNT
    NSCOUNT
    ARCOUNT

    5,6
    7,8
    9,10
    11,12

    QUESTION FORMAT
    OCTET 1,2, n
    OCTET n+1,n+2
    OCTET n+3,n+4

    QNAME
    QTYPE
    QCLASS

    ANSWER, AUTHORITY, ADDITIONAL FORMAT


    OCTET
    OCTET
    OCTET
    OCTET
    OCTET
    OCTET

    1,2,..n
    n+1,n+2
    n+3,n+4
    n+5,n+6,n+7,n+8
    n+9,n+10
    n+11,n+12, ..

    NAME
    TYPE
    CLASS
    TTL
    RDLENGTH
    RDATA

    DNS SESSION (example)


    SEND
    7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D
    00 35 00

    2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74
    63 6F 6D
    03 63 6F 6D 00 00 01 00 01 C7 00 7E
    Start
    Address
    SEP
    IP Header
    D
    UDP Header
    DNS Header
    DNS Message
    1 00 01
    FCS
    Stop

    7E
    FF 03
    00 21
    45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6
    00 35 00 2C 0D 54
    00 02 01 00 00 01 00 00 00 00 00 00
    04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 0
    C7 00
    7E

    IP Header
    VER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030
    SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000
    UDP Header
    SRC_PORT=046D DEST_PORT=0035 UDP_LEN=002C UDP_SUM=0D54
    DNS Header
    ID=2 QR=0 OPCODE=0 AA = 0 TC=0 RD = 1 RA=0 Z =0 RCCODE=0 QDCOUNT=1
    ANCOUNT=0 NSCOUNT=0 ARCOUNT=0
    DNS Message
    QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 QTYPE=0001 Q
    CLASS=0001
    Client sends a UDP/IP pac et with a DNS question (QR=0) as a standard query
    (OPCODE=0) with one entry (QDCOUNT=1). It does not include any resource in neit
    her one
    of the answer, authority or additional records (ANCOUNT=0 NSCOUNT=0 ARCOUNT=0)
    .
    The QNAME specifies the domain name of the resource the client is searching for
    (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are repl
    aced by
    the length of the name that follows. The type and class of resource the client i
    s searching
    for are QTYPE=1 (Host Address), QCLASS=1 (Internet).
    RECV
    7E 21 45 00
    4B 49
    AA 00 02 85
    6D 03 63
    6F 6D 00 00
    73 74 02
    69 78 06 6E
    69 78 36
    C0 3A C0 55
    20 00 06
    03 6E 73 31
    02 00 01
    00 00 1C 20
    34 C0 3A
    C0 3A 00 02
    02 00 01

    01 5F F6 79 40 00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F 00 35 04 6D 01
    80 00 01 00 03 00 06 00 06 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F
    01 00 01 C0 0C 00 05 00 01 00 00 00 3C 00 19 04 70 6F 70 64 04 62 65
    65 74 63 6F 6D 03 63 6F 6D 00 C0 30 00 05 00 01 00 00 00 00 00 06 03
    00 01 00 01 00 00 1C 20 00 04 C7 B6 78 06 C0 3A 00 02 00 01 00 00 1C
    C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73 32 C0 3A C0 3A 00
    00 06 03 6E 73 33 C0 3A C0 3A 00 02 00 01 00 00 1C 20 00 06 03 6E 73
    00 01 00 00 1C 20 00 0C 09 64 66 77 2D 69 78 6E 73 31 C0 3A C0 3A 00

    00 00 1C 20
    20 00 04
    C7 B6 78 CB
    00 1C 20
    00 04 C7 B6
    01 00 00
    1C 20 00 04

    00 0C 09 64 66 77 2D 69 78 6E 73 32 C0 3A C0 77 00 01 00 01 00 00 1C
    C0 89 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 CA C0 9B 00 01 00 01 00
    78 01 C0 AD 00 01 00 01 00 00 1C 20 00 04 C7 B6 78 02 C0 BF 00 01 00
    CE D6 62 21 C0 D7 00 01 00 01 00 00 1C 20 00 04 CE D6 62 22 C8 4C 7E

    IP Header
    VER=4 IHL=5 TOS=0 TOL=351 ID=63097 FLG=02 FRO=00 TTL=247 PRO=17 IP_SUM=ED98
    SRC=199.182.120.203. DEST=206.217.143.31. OPT=00000000
    UDP Header
    SRC_PORT=0035

    DEST_PORT=046D

    UDP_LEN=014B UDP_SUM=49AA

    DNS Header
    ID=2 QR=1 OPCODE=0 AA=1 TC=0 RD=1 RA=1 RCODE=0 QDCOUNT=1 ANCOUNT=3 NSCOUN
    T=6 ARCOUNT=6
    Server sends a response (QR=1) to the client standard query (OPCODE=0).
    Server is an authority for the domain name (AA=1) and can support recursive quer
    ies (RA=1).
    No errors occurred in the client's query (RCODE=0). The response has 1 entry in
    the
    question section (QDCOUNT=1), 3 resource records in the answer section (ANCOUNT=
    3),
    6 resource records in the authority section (NSCOUNT=6) and 6 resource records i
    n the
    additional records section (ARCOUNT=6). Note that offsets are used to replace do
    main names
    and reduce the size of the DNS message.
    Start
    SEP
    IP Header
    UDP Header
    DNS Header
    QUESTION
    1 00 01
    ANSWER

    7E
    21
    45
    00
    00
    04

    00
    35
    02
    70

    01
    04
    85
    6F

    5F
    6D
    80
    70

    F6
    01
    00
    64

    79
    4B
    01
    02

    40
    49
    00
    69

    00 F7 11 ED 98 C7 B6 78 CB CE D9 8F 1F
    AA
    03 00 06 00 06
    78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 0

    Name [C0 0C] (offset to position 12 of the DNS message)


    Type [00 05] Class [00 01] TTL [00 00 00 3C] RDLENGTH [00 19]
    RDDATA [04 70 6F 70 64 04 62 65 73 74 02 69 78 06 6E 65 74 63 6F

    6D 03 63

    AUTHORITY

    6F
    C0
    03
    C0
    C7
    C0
    03
    C0
    03
    C0
    6E
    C0
    6E
    C0
    64
    C0
    64

    6D
    30
    69
    55
    B6
    3A
    6E
    3A
    6E
    3A
    73
    3A
    73
    3A
    66
    3A
    66

    00]
    00 05
    78 36
    00 01
    78 06
    00 02
    73 31
    00 02
    73 32
    00 02
    33 C0
    00 02
    34 C0
    00 02
    77 2D
    00 02
    77 2D

    00 01 00 00 00 00 00 06
    C0 3A
    00 01 00 00 1C 20 00 04
    00
    C0
    00
    C0
    00
    3A
    00
    3A
    00
    69
    00
    69

    01 00 00 1C 20 00 06
    3A
    01 00 00 1C 20 00 06
    3A
    01 00 00 1C 20 00 06 03
    01 00 00 1C 20 00 06 03
    01
    78
    01
    78

    00
    6E
    00
    6E

    00
    73
    00
    73

    1C
    31
    1C
    32

    20
    C0
    20
    C0

    00 0C 09
    3A
    00 0C 09
    3A

    ADDITIONAL

    FCS
    Stop

    C0
    C7
    C0
    C7
    C0
    C7
    C0
    C7
    C0
    CE
    C0
    CE
    C8
    7E

    77
    B6
    89
    B6
    9B
    B6
    AD
    B6
    BF
    D6
    D7
    D6
    4C

    00 01 00 01 00 00 1C 20 00 04
    78 CB
    00 01 00 01 00 00 1C 20 00 04
    78 CA
    00 01 00 01 00 00 1C 20 00 04
    78 01
    00 01 00 01 00 00 1C 20 00 04
    78 02
    00 01 00 01 00 00 1C 20 00 04
    62 21
    00 01 00 01 00 00 1C 20 00 04
    62 22

    QUESTION
    popd.ix.netcom.com QTYPE=1 QCLASS=1
    ANSWERS
    NAME: .popd.ix.netcom.com
    RDDATA: .popd.best.ix.netcom.com TYPE=5 CLASS=1 TTL=60
    NAME: .popd.best.ix.netcom.com
    RDDATA: .ix6.ix.netcom.com TYPE=5 CLASS=1 TTL=0
    NAME: .ix6.ix.netcom.com
    RDDATA: 199.182.120.6. TYPE=1 CLASS=1 TTL=7200
    AUTORITIES
    NAME: .ix.netcom.com
    RDDATA: .ns1.ix.netcom.com TYPE=2 CLASS=1 TTL=7200
    NAME: .ix.netcom.com
    RDDATA: .ns2.ix.netcom.com TYPE=2 CLASS=1 TTL=7200
    NAME: .ix.netcom.com
    RDDATA: .ns3.ix.netcom.com TYPE=2 CLASS=1 TTL=7200
    NAME: .ix.netcom.com
    RDDATA: .ns4.ix.netcom.com TYPE=2 CLASS=1 TTL=7200
    NAME: .ix.netcom.com
    RDDATA: .dfw-ixns1.ix.netcom.com TYPE=2 CLASS=1 TTL=7200
    NAME: .ix.netcom.com
    RDDATA: .dfw-ixns2.ix.netcom.com TYPE=2 CLASS=1 TTL=7200
    ADDITIONAL RECORDS
    NAME: .ns1.ix.netcom.com
    RDDATA: 199.182.120.203. TYPE=1 CLASS=1 TTL=7200
    NAME: .ns2.ix.netcom.com
    RDDATA: 199.182.120.202. TYPE=1 CLASS=1 TTL=7200
    NAME: .ns3.ix.netcom.com
    RDDATA: 199.182.120.1. TYPE=1 CLASS=1 TTL=7200
    NAME: .ns4.ix.netcom.com
    RDDATA: 199.182.120.2. TYPE=1 CLASS=1 TTL=7200
    NAME: .dfw-ixns1.ix.netcom.com
    RDDATA: 206.214.98.33. TYPE=1 CLASS=1 TTL=7200
    NAME: .dfw-ixns2.ix.netcom.com
    RDDATA: 206.214.98.34. TYPE=1 CLASS=1 TTL=7200
    DNS Address = 199.182.120.6.
    -------------------------------------------------------------------------------Previous Next Contents

    alex@netfor2.com

    You might also like