Answer with NXDomain - Githubissues

mafintosh / dns-packet

An abstract-encoding compliant module for encoding / decoding DNS packets

MIT License

201 stars 70 forks source link

Answer with NXDomain #61

Open ndmgrphc opened 3 years ago

ndmgrphc commented 3 years ago

This is a wonderful library. I am curious how to structure query responses in cases where you want to authoritatively answer that this domain cannot be found.

I found the following article: Know thy DNS: Understanding the four most common DNS response codes

Unless I missed something, would it be worthwhile to document how to formulate (and return) the NXDOMAIN response?

nhnt11 commented 3 years ago

+1. It seems it trivially works to set the last two bits of the flags bitfield in the param object passed to encode. (the last 4 bits are the rcode, and NXDOMAIN is 0x03). So e.g.:

let NXDOMAIN_RCODE = 0x03;
dnsPacket.encode({
  type: "response",
  id,
  flags: dnsPacket.RECURSION_DESIRED | NXDOMAIN_RCODE,
  questions,
  answers,
});

(see https://github.com/mafintosh/dns-packet/blob/c11116822afcdaab05ccd9f76549e9089bb44f47/index.js#L119)

jphgoo049 commented 4 months ago

I've tested it and you just need to use bitwise operations to assign the flags according to the spec: https://www.rfc-editor.org/rfc/rfc1035.html#section-4.1.1

For example, setting flags: 1 << 12 changes the opcode to STATUS and flags: 3 changes the rcode to NXDOMAIN. You can combine multiple settings using bitwise or (|) e.g. flags: (1 << 12) | 3.