DNS Protocol – messages format

  DNS, DNS theory, Protocol of DNS

The messages transmitted by DNS protocol consists of the following parts:

  • header – contains basic information about transmitted data, the type, content, and several symptoms
  • question – contains the query client, the server repeats the query in the response message
  • answer section – DNS records that provide answers to the request
  • authority section – list of authoritative DNS server for the zone, from which were obtained records from the previous section (NS records of the domain zone), or reference for DNS servers, which we have to inquire further (depends on whether the queried server is authoritative for the information or not)
  • additional section – A and AAAA records for names, which appear in the values ​​of the records in response section or the authoritative DNS server (authoritative for them)

The header contains the following information:

  • ID – 16-bit numeric identifier, allocated by the inquirer to message with the request, the server sends a response message with the same ID, according to that inquirer knows, where belongs this response (is necessary because the UDP transport protocol is stateless)
  • QR – A flag indicating whether it is a request message or response
  • OPCODE – indicate the type of request
  • AA (Authoritative Answer) – If this flag is set, it means that the server which sent answer to us is authoritative for the name for which we ask. In other words, this means that the data in the part “answer” not from cache or from a recursive query, but it is the actual data directly from the zone file a response was not mediated by any caching DNS server.
  • TC (Truncation) – a flag indicating shortening of a response that is longer than 512 bytes and could not be sent in a single UDP packet
  • RD (Recursion Desired) – this flag set by the inquirer in the case to perform recursive query processing from the server. Server may reject the recursive request, but in response sends the same setting of this flag.
  • RA (Recursion Available) – The server sets this flag when it provides recursive requests. If the server supports this service, sends RA flag in all responses as notification of available options, it is not only a response to the RD flag in the query.
  • RCODE (Response code) – code indicating the request result
    • 0 – without errors
    • 1 – error in request format
    • 2 – error on the server-side (failer)
    • 3 – authoritative server indicates that the requested record does not exist
    • 4 – unsupported request type
    • 5 – rejected
  • QDCOUNT – number of entries in the section with request
  • ANCOUNT – number of records in the response section
  • NSCOUNT – number of records in the authoritative section
  • ARCOUNT – number of records in the additional section