DNS Protocol – Message Format

  DNS, DNS Protocols, DNS Theory

The messages transmitted by DNS protocol consist of the following parts:

  • header – contains basic information about the transmitted data, the type, content, and several symptoms
  • question – contains the query client, the server repeats the query in the response message
  • answer section – the DNS records that provide answers to the request
  • authority section – a list of authoritative DNS servers of the zone from which the records from the previous part were obtained (ie NS records of the domain of this zone), or a link to DNS servers to be asked further (depending on whether the queried server is authoritative for the information sought or not)
  • additional section – A and AAAA records for names, which appear in the values ​​of the records in the responseor authoritative section and which the DNS server knows (i.e. is authoritative for them)

The header contains the following information:

  • ID – a 16-bit numeric identifier, allocated by the inquirer to the message with the query, the server sends a response message with the same ID, according to which the inquirer knows what this repsonse belongs to (it is necessary because the UDP transport protocol is stateless)
  • QR – A flag indicating whether it is a request message or response
  • OPCODE – indicates the type of request
  • AA (Authoritative Answer) – if this flag is set, it means that the server that sent us the response is authoritative for the name we are asking about. In other words, the data in the answer section does not come from the cache or from a recursive query, but it is current data directly from the zone file and the response was not mediated by any caching DNS server.
  • TC (Truncation) – a flag indicating the shortening of a response that is longer than 512 bytes and could not be sent in a single UDP packet
  • RD (Recursion Desired) – this flag is set by the inquirer if they wish for the server to perform recursive query processing as needed. The server may reject the recursive query, but sends the same setting for this flag in the response.
  • RA (Recursion Available) –this flag is set by the server if it offers recursive queries to the interviewer. If the server allows this service to the interviewer, it sends the RA flag in all responses as a notification about available options, it is not just a response to the RD flag in the query.
  • RCODE (Response code) – the code indicating the request result
    • 0 – without errors
    • 1 – error in request format
    • 2 – error on the part of the server (failure)
    • 3 – the authoritative server indicates that the requested record does not exist
    • 4 – an unsupported request type
    • 5 – rejected
  • QDCOUNT – the number of entries in the section with the request
  • ANCOUNT – the number of records in the response section
  • NSCOUNT – the number of records in the authoritative section
  • ARCOUNT – the number of records in the additional section
Děkujeme za zpětnou vazbu!