| Section | Meaning/Use
|
| Message ID | 16 bit message ID supplied by the requestion (the questioner) and reflected back unchanged by the responder
(answerer). Identifies the transaction.
|
| QR | Query - Response bit. Set to 0 by the questioner (query) and to 1 in the response (answer).
|
| OPCODE | Identifies the request/operation type. Currently assigned
values are:
| Value | Meaning/Use
| | 0 | QUERY. standard query.
| | 1 | IQUERY. Inverse query. Optional support by DNS
| | 2 | STATUS. DNS status request
|
|
| AA | Authoritative Answer. Valid in responses only. Because of aliases multiple owners may exists so the AA bit corresponds to the name which matches the query name, OR the first owner name in the answer section.
|
| TC | TrunCation - specifies that this message was truncated due to length greater than that permitted on the transmission channel. Set on all truncated messages except the last one.
|
| RD | Recursion Desired - this bit may be set in a query and is copied into the response if recursion supported by this Name Server. If Recursion is rejected by this Name Server, for example it has been configured as Authoritative Only, the response (answer) does not have this bit set. Recursive query support is optional.
|
| RA | Recursion Available - this bit is valid in a response (answer) and denotes whether recursive query support is available (1) or not (0) in the name server.
|
| RCODE | Identifies the response type to the query. Ignored on a request (question). Currently assigned values:
| Value | Meaning/Use
| | 0 | No error condition.
| | 1 | Format error - The name server was unable to interpret the query.
| | 2 | Server failure - The name server was unable to process this query due to a problem with the name server.
| | 3 | Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the
domain name referenced in the query does not exist.
| | 4 | Not Implemented - The name server does not support the requested kind of query.
| | 5 | Refused - The name server refuses to perform the specified operation for policy reasons. For example, a
name server may not wish to provide the information to the particular requester, or a name server may not
wish to perform a particular operation (e.g., zone transfer) for particular data.
|
|
|
QDCOUNT | Unsigned 16 bit integer specifying the number of entries in the Question Section.
|
| ANCOUNT | Unsigned 16 bit integer specifying the number of resource records in the Answer Section. May be 0 in which case no answer record is present in the message.
|
| NSCOUNT | Unsigned 16 bit integer specifying the number of name server resource records in the Authority Section. May be 0 in which case no authority record(s) is(are) present in the message.
|
| ARCOUNT | Unsigned 16 bit integer specifying the number of resource records in the Additional Section. May be 0 in which case no addtional record(s) is(are) present in the message.
|
Notes:
| Name | Meaning/Use
|
| QNAME | The name being queried, its content will depend upon the QTYPE (below), for example, a request for an A record will typically require a host part, such as, www.example.com, an MX query will only require a base domain name, such as, example.com. The name being queried is split into labels by removing the separating dots. Each label is represented as a length/data pair as follows:
| Value | Meaning/Use
| | no. of chars | Single octet defining the number of characters in the label which follows.
The top two bits of this number must be 00 (indicates the label format is
being used) which gives a maximum
domain name length of 63 bytes (octets). A value of zero indicates the end of the name
field.
| | domain name | A string containing the characters in the label.
|
Wow. To illustrate the above we'll use two examples:
// assume an MX query with a name of mydomain.com
// the hex representation is
08 6D 79 64 6F 6D 61 69 6E 03 63 6F 6D 00
// printable
! m y d o m a i n ! c o m !
// note ! = unprintable
// assume an A query with a name of www.mydomain.com
// the hex representation is
03 77 77 77 08 6D 79 64 6F 6D 61 69 6E 03 63 6F 6D 00
// printable
! w w w ! m y d o m a i n ! c o m !
// note ! = unprintable
|
| QTYPE | Unsigned 16 bit value. The resource records being requested. These values are assigned by IANA and a complete list of values may be obtained from them. The following are the most commonly used values:
| Value | Meaning/Use
| | x'0001 (1) | Requests the A record for the domain name
| | x'0002 (2) | Requests the NS record(s) for the domain name
| | x'0005 (5) | Requests the CNAME record(s) for the domain name
| | x'0006 (6) | Requests the SOA record(s) for the domain name
| | x'000B (11) | Requests the WKS record(s) for the domain name
| | x'000C (12) | Requests the PTR record(s) for the domain name
| | x'000F (15) | Requests the MX record(s) for the domain name
| | x'0021 (33) | Requests the SRV record(s) for the domain name
| | x'001C (28) | Requests the AAAA record(s) for the domain name
| | x'00FF (255) | Requests ANY resource record (typically wants SOA, MX, NS and MX)
|
|
| QCLASS | Unsigned 16 bit value. The CLASS of resource records being requested e.g. Internet, CHAOS etc. These values are assigned by IANA and a complete list of values may be obtained from them. The following are the most commonly used values:
| Value | Meaning/Use
| | x'0001 (1) | IN or Internet
|
|
| Field Name | Meaning/Use
|
| NAME | The name being returned e.g. www or ns1.example.net If the name is in the same domain as the question then typically only the host part (label) is returned, if not then a FQDN is returned.
|
| TYPE | The RR type, for example, SOA or AAAA
|
| CLASS | The RR class, for instance, Internet, Chaos etc.
|
| TTL | The TTL in seconds of the RR, say, 2800
|
| RLENGTH | The length of RR specific data in octets, for example, 27
|
| RDATA | The RR specific data (see Binary RR Formats below) whose length is defined by RDLENGTH, for instance, 192.168.254.2
|
The various fields have the following meanings:
| Name | Meaning/Use
|
| NAME | This name reflects the QNAME of the question i.e. any may take one of TWO formats. The first format is the
label format defined for QNAME above. The second format is a pointer (in the interests of data compression
which to fair to the original authors was far more important then than now). A pointer is an unsigned 16-bit
value with the following format (the top two bits of 11 indicate the pointer format):
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15
| | 1 | 1 | The offset in octets (bytes) from the start of the whole message. Must point to a label format record to derive name length.
|
Note: Pointers, if used, terminate names. The name field may consist of a label (or sequence of labels)
terminated with a zero length record OR a single pointer OR a label (or label sequence) terminated with a
pointer.
|
| TYPE | Unsigned 16 bit value. The resource record types - determines the content of the RDATA field. These values
are assigned by IANA and a complete list of values may be obtained from them. The following are the most
commonly used values:
| Value | Meaning/Use
| | x'0001 (1) | An A record for the domain name
| | x'0002 (2) | A NS record( for the domain name
| | x'0005 (5) | A CNAME record for the domain name
| | x'0006 (6) | A SOA record for the domain name
| | x'000B (11) | A WKS record(s) for the domain name
| | x'000C (12) | A PTR record(s) for the domain name
| | x'000F (15) | A MX record for the domain name
| | x'0021 (33) | A SRV record(s) for the domain name
| | x'001C (28) | An AAAA record(s) for the domain name
|
|
| CLASS | Unsigned 16 bit value. The CLASS of resource records being requested, for example, Internet, CHAOS etc.
These values are assigned by IANA and a complete list of values may be obtained from them. The following
are the most commonly used values:
th>Value| Meaning/Use
| | x'0001 (1) | IN or Internet
|
|
| TTL | Unsigned 32 bit value. The time in seconds that the record may be cached. A value of 0 indicates the record should not be cached.
|
| RDLENGTH | Unsigned 16-bit value that defines the length in bytes (octets) of the RDATA record.
|
| RDATA | Each (or rather most) resource record types have a specific RDATA format which reflect their resource record
format as defined below:
SOA
| Value | Meaning/Use
| | Primary NS | Variable length. The name of the Primary Master for the domain. May be a label, pointer or any combination.
| | Admin MB | Variable length. The administrator's mailbox. May be a label, pointer or any combination.
| | Serial Number | Unsigned 32-bit integer.
| | Refresh interval | Unsigned 32-bit integer.
| | Retry Interval | Unsigned 32-bit integer.
| | Expiration Limit | Unsigned 32-bit integer.
| | Minimum TTL | Unsigned 32-bit integer.
|
MX
| Value | Meaning/Use
| | Preference | Unsigned 16-bit integer.
| | Mail Exchanger | The name host name that provides the service.
May be a label, pointer or any combination.
|
A
| Value | Meaning/Use
| | IP Address | Unsigned 32-bit value representing the IP address
|
|---|
AAAA
| Value | Meaning/Use
| | IP Address | 16 octets representing the IP address
|
PTR, NS
| Value | Meaning/Use
| | Name | The host name that represents the supplied IP address (in the case of a PTR) or the NS name for the supplied domain (in the case of NS). May be a label, pointer or any combination.
|
|