mail us  |  mail this page

products  |  company  |  support  |  downloads  |  isp services  |  contact us

Chapter 15 DNS Messages

15.1 Overview Generic Format
15.2 The Message Header
15.3 The DNS Question
15.4 The DNS Answer
15.5 Domain Authority
15.6 Additional Information

15.1 Overview

This section details the format of messages that pass between a Resolver and a DNS system. The really smart thing to do is install ethereal and let it to all the analysis for you. However if you are in de-bug mode then you may need this stuff. This where the Rocket Scientists wannabees hang out. Welcome.

Message formats are defined in RFC 1035.

The good news is that each message has the same generic format with 5 sections. This is the last good news.

Section Meaning/Use
Section 1 Message Header
Section 2 The DNS question being asked
Section 3 The Resource Record(s) which answer the question
Section 4 The Resource Record(s) which point to the domain authority
Section 5 The Resource Record(s) which may hold additional information

Notes:

  1. Unused sections are not present - determined by count values in the message header

15.2 The Message Header

Present in all messages. Never empty. Contains various flags and values which control the transaction. If you are not comfortable with bits, bytes and hex values take up origami or read this quick memory jogger. And while you are in this receptive mode you may want remind yourself that bit numbering standards are a real mess.

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Message ID
QR OPCODE AA TC RD RA res1 res2 res3 RCODE
QDCOUNT
ANCOUNT
NSCOUNT
ARCOUNT

The following table defines the field values above:

Section Meaning/Use
Message ID 16 bit message ID supplied by the requestion (the questioner) and reflected back unchanged by the responder (answerer). Identifies the transaction.
QR Query - Response bit. Set to 0 by the questioner (query) and to 1 in the response (answer).
OPCODE Identifies the request/operation type. Currently assigned values are:
Value Meaning/Use
0 QUERY. standard query.
1 IQUERY. Inverse query. Optional support by DNS
2 STATUS. DNS status request
AA Authoritative Answer. Valid in responses only. Because of aliases multiple owners may exists so the AA bit corresponds to the name which matches the query name, OR the first owner name in the answer section.
TC TrunCation - specifies that this message was truncated due to length greater than that permitted on the transmission channel. Set on all truncated messages except the last one.
RD Recursion Desired - this bit may be set in a query and is copied into the response if recursion supported if rejected the response (answer) does not have this bit set. Recursive query support is optional.
RA Recursion Available - this bit is valid in a response (answer) and denotes whether recursive query support is available (1) or not (0) in the name server.
RCODE Identifies the response type to the query. Ignored on a request (question). Currently assigned values:
Value Meaning/Use
0 No error condition.
1 Format error - The name server was unable to interpret the query.
2 Server failure - The name server was unable to process this query due to a problem with the name server.
3 Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist.
4 Not Implemented - The name server does not support the requested kind of query.
5 Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data.
QDCOUNT Unsigned 16 bit integer specifying the number of entries in the question section.
ANCOUNT Unsigned 16 bit integer specifying the number of resource records in the answer section. May be 0 in which case no answer record is present in the message.
NSCOUNT Unsigned 16 bit integer specifying the number of name server resource records in the authority section. May be 0 in which case no authority record(s) is(are) present in the message.
ARCOUNT Unsigned 16 bit integer specifying the number of resource records in the additional records section. May be 0 in which case no addtional record(s) is(are) present in the message.

Notes:

15.3 The DNS Question

While it is normal to have only one question per message, it is permissible to have any number defined by QDCOUNT each question has the same format as defined below:

Field Name Meaning/Use
QNAME The domain name being queried
QTYPE The resource records being requested
QCLASS The Resource Record(s) class being requested e.g. internet, chaos etc.

Each field has the following format:

Name Meaning/Use
QNAME The name being queried will depend upon the QTYPE (below) e.g. a request for an A record will require a host part i.e. www.mydomain.com an MX query will obviously only use a domain name i.e. mydomain.com The name being queried is split into labels by removing the separating dots. Each label is represented as a length/data pair as follows:
Value Meaning/Use
no. of chars single octet defining the number of characters in the label which follows. The top two bits of this number must be 00 (indicates the label format is being used) which gives a maximum domain name length of 63 bytes (octets). If we assume this is comprised of a TLD + domain and the TLD (and its accompanying dot) can have a maximum length 4 bytes this gives the well-known maximum domain name length of 59 bytes (octets). Well that was true until we had .museum and all the other new TLDs so each domain name limit is actually TLD specific. Another global truth falls by the wayside. A value of zero indicates the end of the name field.
domain name A string containing the characters in the label.
Wow. To illustrate the above we'll use two examples: 
// assume an MX query with a name of mydomain.com
// the hex representation is
08 6D 79 64 6F 6D 61 69 6E 03 63 6F 6D 00
// printable
 !  m  y  d  o  m  a  i  n  !  c  o  m  !
// note ! = unprintable

// assume an A query with a name of www.mydomain.com
// the hex representation is
03 77 77 77 08 6D 79 64 6F 6D 61 69 6E 03 63 6F 6D 00
// printable
 !  w  w  w  !   m  y  d  o  m  a  i n  !  c  o  m  !
// note ! = unprintable
QTYPE Unsigned 16 bit value. The resource records being requested. These values are assigned by IANA and a complete list of values may be obtained from them. The following are the most commonly used values:
Value Meaning/Use
x'0001 (1) Requests the A record for the domain name
x'0002 (2) Requests the NS record(s) for the domain name
x'0005 (5) Requests the CNAME record(s) for the domain name
x'0006 (6) Requests the SOA record(s) for the domain name
x'000B (11) Requests the WKS record(s) for the domain name
x'000C (12) Requests the PTR record(s) for the domain name
x'000F (15) Requests the MX record(s) for the domain name
x'0021 (33) Requests the SRV record(s) for the domain name
x'0026 (38) Requests the A6 record(s) for the domain name
x'00FF (255) Requests ANY resource record (typically wants SOA, MX, NS and MX)
QCLASS Unsigned 16 bit value. The CLASS of resource records being requested e.g. Internet, CHAOS etc. These values are assigned by IANA and a complete list of values may be obtained from them. The following are the most commonly used values:
Value Meaning/Use
x'0001 (1) IN or Internet

15.4 The DNS Answer

The Answer, Authority and Additional Section all comprise RRs and hence share the same format. The section the record appears in determines its type e.g. an A RR can appear in the Answer or Additional section. So far this stuff has been relatively straightforward if messy - take a deep breath before reading on. The format of these records is:

Field Name Meaning/Use
NAME The name being returned e.g. www or ns1.example.net If the name is in the same domain as the question then typically only the host part (label) is returned, if not then a FQDN is returned.
TYPE The RR type e.g. SOA or AAAA
CLASS The RR class e.g. Internet, Chaos etc.
TTL The TTL in seconds of the RR e.g. 2800
RLENGTH The length of RR specific data in octets e.g. 27
RDATA The RR specific data (see Binary RR Formats below) whose length is defined by RDLENGTH e.g. 192.168.254.2

The various fields have the following meanings:

Name Meaning/Use
NAME This name reflects the QNAME of the question i.e. any may take one of TWO formats. The first format is the label format defined for QNAME above. The second format is a pointer (in the interests of data compression which to fair to the original authors was far more important then than now). A pointer is an unsigned 16-bit value with the following format (the top two bits of 11 indicate the pointer format):
 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 1 The offset in octets (bytes) from the start of the whole message. Must point to a label format record to derive name length.

 
Note: Pointers, if used, terminate names. The name field may consist of a label (or sequence of labels) terminated with a zero length record OR a single pointer OR a label (or label sequence) terminated with a pointer.
TYPE Unsigned 16 bit value. The resource record types - determines the content of the RDATA field. These values are assigned by IANA and a complete list of values may be obtained from them. The following are the most commonly used values:
 
Value Meaning/Use
x'0001 (1) An A record for the domain name
x'0002 (2) A NS record( for the domain name
x'0005 (5) A CNAME record for the domain name
x'0006 (6) A SOA record for the domain name
x'000B (11) A WKS record(s) for the domain name
x'000C (12) A PTR record(s) for the domain name
x'000F (15) A MX record for the domain name
x'0021 (33) A SRV record(s) for the domain name
x'0026 (38) An A6 record(s) for the domain name
CLASS Unsigned 16 bit value. The CLASS of resource records being requested e.g. Internet, CHAOS etc. These values are assigned by IANA and a complete list of values may be obtained from them. The following are the most commonly used values:
 
Value Meaning/Use
x'0001 (1) IN or Internet
TTL Unsigned 32 bit value. The time in seconds that the record may be cached. A value of 0 indicates the record should not be cached.
RDLENGTH Unsigned 16-bit value that defines the length in bytes (octets) of the RDATA record.
RDATA Each (or rather most) resource record types have a specific RDATA format which reflect their resource record format as defined below:

SOA

Value Meaning/Use
Primary NS Variable length. The name of the Primary Master for the domain. May be a label, pointer or any combination.
Admin MB Variable length. The administrator's mailbox. May be a label, pointer or any combination.
Serial Number Unsigned 32-bit integer.
Refresh interval Unsigned 32-bit integer.
Retry Interval Unsigned 32-bit integer.
Expiration Limit Unsigned 32-bit integer.
Minimum TTL Unsigned 32-bit integer.

MX

Value Meaning/Use
Preference Unsigned 16-bit integer.
Mail Exchanger The name host name that provides the service. May be a label, pointer or any combination.

A

Value Meaning/Use
IP Address Unsigned 32-bit value representing the IP address

PTR, NS

Value Meaning/Use
Name The host name that represents the supplied IP address (in the case of a PTR) or the NS name for the supplied domain (in the case of NS). May be a label, pointer or any combination.

15.5 Domain Authority

You will be delighted to know that authority records have exactly the same format as Answer records it is simply their position in an authority section that determines they are authority records (and that they will be of TYPE NS).

15.6 Additional Information

You will be delighted to know that additional records have exactly the same format as Answer records it is simply their position in an additional section that determines they are additional records.

Memory jogger - Binary, decimal and hexadecimal

The contents of an 8 bit byte (an octet) may be expressed in decimal (base 10), binary (base 2) or hexadecimal (base 16 - 0-9, A-F) as follows:

Decimal Hexadecimal Binary
0 00 0000 0000
65 41 0100 0001
187 BB 1011 1011
255 FF 1111 1111

To convert a dotted decimal IP e.g. 192.168.0.5 to hexadecimal, take each dotted decimal value and convert it using a hex calculator (standard windows calculator in scientific mode will do the job). This will yield C0.A8.00.05 for our example above.

Bit numbering

Bit numbering can be very confusing with various standard bodies adopting different conventions. The following are all valid, and used, bit numbering conventions for describing an 8 bit byte (an octet).

Memory contents 0 0 0 0 0 0 0 0
Bit numbering conventions
Left to right base 0 (IETF) 0 1 2 3 4 5 6 7
Left to right base 1 1 2 3 4 5 6 7 8
Right to left base 1 (ITU) 8 7 6 5 4 3 2 1
Power of 2 7 6 5 4 3 2 1 0

Always check what convention is used on any specification. The convention used by the IETF is a LEFT to RIGHT number starting from (base) ZERO. Many (but not all) C compliers allocate bits in a field using this convention.

Copyright © 1994 - 2008 ZyTrax, Inc.
All rights reserved. Legal and Privacy 		site by zytrax
Hosted by super.net.sg		 web-master at zytrax
Page modified: August 10 2006.

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 dns records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfc's
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Mozilla

web zytrax.com



Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux

Applications

OpenOffice
Mozilla
SourceForge
GNU-Free SW Foundation

Organisations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

printer friendly

Print Page

SPF Record Conformant Domain Logo