How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 1035 http://tools.ietf.org/html/rfc1035
RFC 1706 http://tools.ietf.org/html/rfc1706

The Domain Name Service (DNS) protocol searches for resources using a database distributed among different name servers.

The DNS message header structure is shown in the following illustration:

16
21
 
28
32 bits

ID

Q

Query

A

T

R

V

B

Rcode

Question count

Answer count

Authority count

Additional count

DNS message header structure

ID
16-bit field used to correlate queries and responses.

Q
1-bit field that identifies the message as a query or response.

Query
4-bit field that describes the type of message:

0 Standard query (name to address).
1 Inverse query (address to name).
2 Server status request.

A
Authoritative Answer. 1-bit field. When set to 1, identifies the response as one made by an authoritative name server.

T
Truncation. 1-bit field. When set to 1, indicates the message has been truncated.

R
1-bit field. Set to 1 by the resolve to request recursive service by the name server.

V
1-bit field. Signals the availability of recursive service by the name server.

B
3-bit field. Reserved for future use. Must be set to 0.

RCode
Response Code. 4-bit field that is set by the name server to identify the status of the query:

0 No error condition.
1 Unable to interpret query due to format error.
2 Unable to process due to server failure.
3 Name in query does not exist.
4 Type of query not supported.
5 Query refused.

Question count
16-bit field that defines the number of entries in the question section.

Answer count
16-bit field that defines the number of resource records in the answer section.

Authority count
16-bit field that defines the number of name server resource records in the authority section.

Additional count
16-bit field that defines the number of resource records in the additional records section

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT