notwaldorf
commented
10 years ago I'm not going to lie, most of this does not parse as English to me. I will :+1::+1::+1: any and all PR's fixing this though :)
Closed colmmacc closed 10 years ago
notwaldorf
commented
10 years ago I'm not going to lie, most of this does not parse as English to me. I will :+1::+1::+1: any and all PR's fixing this though :)
The cat-dns query name parser assumes that the query name is at the end of the DNS query, minus 4 bytes. This doesn't work if the query includes an EDNS0 option. See RFC2671, EDNS0 options show up as OPT records in the additional section of a query. To parse the query name, you need to start 12 bytes in to the message (after the header) and then add each label, so; www.example.com appears on the wire as;
\3www\7example\3com\0
so the full qname length in bytes is is 3 + 1 + 7 + 1 + 3 + 1 + 0 + 1 (the plus ones are for the byte encoding the label length) and iteration is needed.
Technically this math is valid only if the label length is a value <= 63 (otherwise it's a label-compressed pointer, and counts as one byte), but this can be ignored in the question section (which is never compressed).