Networking / Beginners

DNS Protocol

The DNS protocol uses a simple request/reply system [RFC1035]. Both request and reply packets use the same format. The first 12 bytes of the packet form the DNS header (Listing below). The header identifies the type of request and number of parameters. After the header, there are four blocks of optional information. These are the queries, answers, name servers, and addition records.

DNS Header Format and Flags

/*** DNS packet header format ***/
struct DNS_RR /* request/reply */
  {
  u_int16_t ID; 	/* session serial number */
  u_int8_t Flags; 	/* see FLAGs */
  u_int8_t Rcode; 	/* see RCODE */
  u_int16_t Qcount; 	/* # entries in the question section */
  u_int16_t Acount; 	/* # entries in the answer section */
  u_int16_t NScount; 	/* # name server records
			in authority section */
  u_int16_t ARcount; 	/* # resource records
			in additional records section */
  /* NOTE: MTU for UDP is 512 bytes.
     512 bytes - header = 500 data bytes */
  unsigned char Data[500]; 	/* data */
  };
typedef struct DNS_RR DNS_RR;

/*** Flags for DNS header.  OR these together. ***/
#define FLAG_REPLY 0x80     /* is this a query or reply?
			       0=query, 1=reply */
#define FLAG_OPCODE_MASK 0x30 	/* query mask */
#define FLAG_OPCODE_QUERY 0x00 	/* standard query */
#define FLAG_OPCODE_IQUERY 0x10 /* inverse query */
#define FLAG_OPCODE_STATUS 0x20 /* server status request */
/* other opcode values bits reserved */
#define FLAG_AA 0x04 	/* authoritative answer */
#define FLAG_TC 0x02 	/* message truncated */
#define FLAG_RD 0x01 	/* recursion denied */

/* Flags added to the rcode byte */
#define FLAG_RA 0x80 	/* recursion available */
#define FLAG_AAA 0x20 	/* answer authenticated */
#define RCODE_MASK 0x0f
enum RCODE
  {
  RCODE_NO_ERROR=0, 	/* no error condition */
  RCODE_FORMAT_ERROR, 	/* format error */
  RCODE_SERVER_ERROR, 	/* server error */
  RCODE_NAME_ERROR, 	/* name error */
  RCODE_NA, 		/* not implemented (not available) */
  RCODE_REFUSED, 	/* refused */
  };
typedef enum RCODE RCODE;
[Previous] [Contents] [Next]

In this tutorial:

  1. Domain Name System (DNS)
  2. DNS Common Uses
  3. Hostname-to-Address Mapping
  4. Common Lookup Tools
  5. Naming Confusion Attack Vectors
  6. Dotted Names
  7. Name Formatting
  8. Exploited Anonymity
  9. Mail Servers
  10. Sender Policy Framework Overloading
  11. Domain Keys Overloading
  12. DNS Protocol
  13. Packet Information
  14. Simple DNS Server
  15. Distributed Architecture
  16. Top Level Domain Servers
  17. Generic Top Level Domain (gTLD)
  18. Secondary Level Domain (SLD)
  19. Primary and Secondary Servers
  20. Caching Servers
  21. DNS Management
  22. DNS Direct Risks
  23. DNS Performance versus Security
  24. DNS Cache Poisoning
  25. Corrupt DNS Packets
  26. DNS Domain Hijacking
  27. DNS Server Hijacking
  28. Dynamic DNS
  29. Similar Hostnames
  30. Domain Renewals
  31. Hostnames
  32. Zone Transfers
  33. Host Listing
  34. DNS Fields
  35. Mitgation Option
  36. Technical Threat Mitigation
  37. Social Threat Mitigation
  38. Defining Trusted Replies