DNS Message Format

In this article we will discuss DNS Message Format, will make brief discussion on DNS Message Format, In last article we discuss about Domain Name Service.

The DNS server stores different types of resource records used to resolve names. These records contain the name, address, and type of record. Some of these record types are:

  • A – An end device IPv4 address
  • NS – An authoritative name server
  • AAAA – An end device IPv6 address (pronounced quad-A)
  • MX – A mail exchange record

When a client makes a query, the server’s DNS process first looks at its own records to resolve the name. If it is unable to resolve the name using its stored records, it contacts other servers to resolve the name. After a match is found and returned to the original requesting server, the server temporarily stores the numbered address in the event that the same name is requested again.

Depending of the request, the 4 sections contain various RR, some required, some optional…

  • Question count equals to 1 in general, but could be 0 or >1 in very special cases
  • Response section contains the matching RRset w.r.t the question
  • Authority section contains NS record for Authoritative zone servers. Sometime it also contains the SOA record.
  • Additional contains any additional useful information. For instance Address Records (A, AAAA) for host names used in previous sections (Glue,…)

For an iterative response (RD=0 or RA=0),

  • Response section is empty in general,
  • Authority section contains NS records describing “a better zone server” for next iteration. (Worst case is root zone)
  • Additional section contains if known addresses for servers described in authority section.

For a positive recursive response (RD=RA=1, Rcode=NOERROR, Response-Count>0),

  • Response contains the searched RRset
  • Authority contains the authoritative zone name for the response and the zone servers.

For a negative recursive response (RD=RA=1, NXDOMAIN or NO DATA),

  • Response section is empty.
  • Authority section contains an SOA record with the Negative Cache TTL as parameter

The DNS Client service on Windows PCs also stores previously resolved names in memory. The ipconfig /displaydns command displays all of the cached DNS entries.

Add a Comment

Your email address will not be published. Required fields are marked *