This article is mainly an interpretation of RFC 1035.
Zone
A DNS zone consists of two parts: Resource Records (RRs) and Directives
; zone file for example.com
$TTL 2d ; 172800 secs default TTL for zone
$ORIGIN example.com.
@ IN SOA ns1.example.com. hostmaster.example.com. (
2003080800 ; se = serial number
12h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
IN NS ns1.example.com.
IN MX 10 mail.example.net.
joe IN A 192.168.254.3
www IN CNAME joe
- A DNS zone file consists of comments, directives, and records (RRs)
- Comments start with ; and continue to the end of the line
- Directives start with
$.$ORIGINand$INCLUDEare defined in RFC 1035, while$GENERATEis a non-standard directive provided byBIND. - The
$TTLdirective must appear before the first RR - The first RR must be SOA (Start of Authority)
DNS Message
The message here refers to the message protocol between Resolver and the DNS system.
Format:
+---------------------+
| Header |
+---------------------+
| Question | the question for the name server
+---------------------+
| Answer | RRs answering the question
+---------------------+
| Authority | RRs pointing toward an authority
+---------------------+
| Additional | RRs holding additional information
+---------------------+
(Diagram from RFC-1035)
Header
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
(Diagram from RFC-1035)
- ID: A 16-bit request ID, returned as-is in the response, used to identify the uniqueness of requests
- QR: Request/response identifier bit. Set to 0 for request, 1 for response
- OPCODE:
- 0: QUERY. Standard query
- 1: IQUERY. Inverse query (optional support)
- 2: STATUS. DNS status
- 3-15: Reserved
- AA(res only): Authoritative Answer. Responses from zone owners are authoritative answers, while responses from other DNS servers based on cache are non-authoritative
- TC: Truncated. Message is truncated when the message body exceeds maximum transmittable size
- RD: Recursion Desired. Requests recursive query in request message; if server supports recursive queries, set to 1, otherwise 0
- RA(res only): Recursion Available. Whether this NS server supports recursive queries
- Z: Reserved bits, must be 0 in both request and response
- RCODE(res only): Identifies server response type (similar to error codes)
- 0: No error
- 1: Format error: Server cannot parse request
- 2: Server error: Server failed due to some reason, temporarily unable to respond
- 3: Response when authority-only server (no recursive support) doesn’t find the domain
- 4: Not implemented: Current query type not supported
- 5: Refused: Service denied due to policy or other reasons
- QDCOUNT: 16-bit unsigned integer, indicates number of Question Section entries
- ANCOUNT: 16-bit unsigned integer, indicates number of RR entries in Answer Section
- NSCOUNT: 16-bit unsigned integer, indicates number of Authority Section entries
- ARCOUNT: 16-bit unsigned integer, indicates number of Additional Section entries
Question
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
/ QNAME /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QTYPE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QCLASS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
(Diagram from RFC-1035)
Note: Each request usually has only one Question Section, but you can actually specify any number of Question Sections through QDCOUNT
- QNAME: The queried domain name. Format:
no. of charsdomain nameno. of charsdomain name… Whereno. of charsis the string length of adjacentdomain nameExample:
08 6D 79 64 6F 6D 61 69 6E 03 63 6F 6D 00
// printable
! m y d o m a i n ! c o m !
// note ! = unprintable
(Diagram from zytrax.open)
- QTYPE: Query type. Corresponds to
RR’sTYPE - QCLASS: Query class. Most common value is
x'0001representingIN or Internet
Answer
Answer / Authority / Additional Section / RR all use the same format
RR / Answer format:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
/ /
/ NAME /
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TYPE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| CLASS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TTL |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| RDLENGTH |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
/ RDATA /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
(Diagram from RFC-1035)
- NAME: Response domain name.
- Format 1: label format. Same as QNAME above
- Format 2: Pointer format. Compressed data format. A 16-bit value: first two bits fixed as
1(distinguished from label format due to label format’s max value limit of 63),OFFSETbit value is offset relative to message start. Where 0 represents the first bit of ID.
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| 1 1| OFFSET |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
(Diagram from RFC-1035)
- TYPE: RR type.
x'0001(1): A recordx'0002(2): NS recordx'0005(5): CNAME recordx'0006(6): SOA recordx'000B(11): WKS record – Well Known Source used to describe common services (likeSMTP) using specific protocols (likeTCP(6)) on the Internet RFC1010x'000C(12): PTR record. Reverse record for A and AAAA records (IP points to domain)x'000F(15): MX record. Domain used bySMTPAgentto receive mailx'0021(33): SRV record. RFC 2782 MX record is a special case. SRV record is a record field used by other specific services (like OpenLDAP)x'001C(28): AAAA record. IPv6 address
- CLASS: RR class. e.g.:
InternetChaos - TTL: Time (seconds) the record should be cached
- RDLENGTH: Length of RDATA
- RDATA: Each different type of RR data has a specific format.
- SOA: SOA record controls domain record update policy
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ MNAME /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ RNAME /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| SERIAL |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| REFRESH |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| RETRY |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| EXPIRE |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| MINIMUM |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- Primary NS: Primary NS server. Variable length. label/pointer/mixed
- Admin MB: Administrator mailbox. Variable length. label/pointer/mixed
- Serial Number: Serial number. 32-bit unsigned integer. Format is "YYYYMMDDnn"
- Refresh interval: 32-bit unsigned integer. Interval for secondary NS servers to check zone file updates
- Retry interval: 32-bit unsigned integer. Retry interval when primary NS server is unreachable
- Expiration Limit: 32-bit unsigned integer. How long DNS resolver can cache; for some DNS servers, it's the cache duration for responses to resolvers
- Minimum TTL: 32-bit unsigned integer. Field meaning depends on NS implementation, with three possibilities:
- Minimum cache duration for the domain by NS, rarely used by servers (officially deprecated)
- Default TTL value. (Used when no TTL record exists)
- Defines cache duration when domain has no records (distinct from TTL cache duration when records exist) [RFC 2308](https://www.ietf.org/rfc/rfc2308.txt) (officially recommended)
- MX:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| PREFERENCE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ EXCHANGE /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- PREFERENCE: Priority. Lower value = higher priority. Generally use `0`(max) for mail server records, use `10` for domain ownership verification
- Mail Exchanger: Domain providing service. Variable length. label/pointer/mixed
- A: 32-bit unsigned integer, IP address
- AAAA: 16 octets, IPv6 address
- PTR, NS: Address. label/pointer/mixed
Authority: (res only) Value is 0 in requests. Same format as
Answer. Data is usuallyNStypeRRAdditional: (res only) Value is 0 in requests. Same format as
Answer. Theoretically, any type ofRRis valid. In practice, this field providesAorAAAArecords corresponding toNSdomains mentioned inAuthority SectionNote:
(res only)means fields only valid in DNS responses
References:
- Chapter 8. DNS Resource Records (RRs) http://www.zytrax.com/books/dns/ch8/
- Chapter 15 DNS Messages http://www.zytrax.com/books/dns/ch15/
- Chaosnet https://en.wikipedia.org/wiki/Chaosnet
- DNS: Understanding The SOA Record http://www.peerwisdom.org/2013/05/15/dns-understanding-the-soa-record/
- MX record https://en.wikipedia.org/wiki/MX_record#Priority
