All communications inside of the domain protocol are carried in a single format called a message. The top level format of message is divided into 5 sections (some of which are empty in certain cases) shown below:
+---------------------+
| Header |
+---------------------+
| Question | the question for the name server
+---------------------+
| Answer | RRs answering the question
+---------------------+
| Authority | RRs pointing toward an authority
+---------------------+
| Additional | RRs holding additional information
+---------------------+
The header section is always present. The header includes fields that specify which of the remaining sections are present, and also specify whether the message is a query or a response, a standard query or some other opcode, etc.
The names of the sections after the header are derived from their use in standard queries. The question section contains fields that describe a question to a name server. These fields are a query type (QTYPE), a query class (QCLASS), and a query domain name (QNAME). The last three sections have the same format: a possibly empty list of concatenated resource records (RRs). The answer section contains RRs that answer the question; the authority section contains RRs that point toward an authoritative name server; the additional records section contains RRs which relate to the query, but are not strictly answers for the question.
ID: A 16 bit identifier assigned by the program that generates any kind of query. This identifier is copied the corresponding reply and can be used by the to match up replies to outstanding queries.
QR: A one bit field that specifies whether this message is a query (0), or a response (1).
OPCODE: A four bit field that specifies kind of query in this message. This value is set by the originator of a query and copied into the response.
AA: Authoritative Answer - this bit is valid in responses, and specifies that the responding name server is authority for the domain name in question section.
TC: TrunCation - specifies that this message was truncated due to length greater than that permitted on the transmission channel.
RD: Recursion Desired - this bit may be set in a query and is copied into the response. If RD is set, it directs the name server to pursue the query recursively. Recursive query support is optional.
RA :Recursion Available - this be is set or cleared in a response, and denotes whether recursive query support is available in the name server.
Z: Reserved for future use. Must be zero in all queries and responses.
RCODE: Response code - this 4 bit field is set as part of responses.
QDCOUNT: an unsigned 16 bit integer specifying the number entries in the question section.
ANCOUNT: an unsigned 16 bit integer specifying the number resource records in the answer section.
NSCOUNT: an unsigned 16 bit integer specifying the number of name server resource records in the authority records section.
ARCOUNT: an unsigned 16 bit integer specifying the number of resource records in the additional records section.
Issue #40 show the code which pack the request header.
Question section format
The question section is used to carry the "question" in most queries, i.e., the parameters that define what is being asked. The section contains QDCOUNT (usually 1) entries, each of the following format:
QNAME: a domain name represented as a sequence of labels, where each label consists of a length octet followed by that number of octets. The domain name terminates with the zero length octet for the null label of the root. Note that this field may be an odd number of octets; no padding is used. To simplify implementations, the total length of a domain name (i.e., label octets and label length octets) is restricted to 255 octets or less.
QTYPE: a two octet code which specifies the type of the query.
QCLASS: a two octet code that specifies the class of the query. For example, the QCLASS field is IN for the Internet.
Resource record format
The answer, authority, and additional sections all share the same format: a variable number of resource records, where the number of records is specified in the corresponding count field in the header. Each resource record has the following format:
NAME: a domain name to which this resource record pertains.
TYPE: two octets containing one of the RR type codes. This field specifies the meaning of the data in the RDATA field.
CLASS: two octets which specify the class of the data in the RDATA field.
TTL: a 32 bit unsigned integer that specifies the time interval (in seconds) that the resource record may be cached before it should be discarded. Zero values are interpreted to mean that the RR can only be used for the transaction in progress, and should not be cached.
RDLENGTH: an unsigned 16 bit integer that specifies the length octets of the RDATA field.
RDATA :a variable length string of octets that describes the resource. The format of this information varies according to the TYPE and CLASS of the resource record. For example, the if the TYPE is A and the CLASS is IN, the RDATA field is a 4 octet ARPA Internet address.
In order to reduce the size of messages, the domain system utilizes a compression scheme which eliminates the repetition of domain names in a message. More details can be found in RFC 1035 4.1.4. Message compression and #42 .
TYPE and QTYPE values
TYPE fields are used in resource records. Note that these types are a subset of QTYPEs. There are some common types:
TYPE
value and meaning
A
1 a host address
NS
2 an authoritative name server
CNAME
5 the canonical name for an alias
MX
15 mail exchange
TXT
16 text strings
AAAA
28 IPv6 address record
QTYPE fields appear in the question part of a query. QTYPES are a superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the following QTYPEs are defined:
QTYPE
value and meaning
*
255 A request for all records
CLASS and QCLASS values
CLASS fields appear in resource records. The following CLASS mnemonics and values are defined:
IN: 1 the Internet
CH: 3 the CHAOS class
HS: 4 Hesiod [Dyer 87]
QCLASS fields appear in the question section of a query. QCLASS values are a superset of CLASS values; every CLASS is a valid QCLASS. In addition to CLASS values, the following QCLASSes are defined:
*: 255 any class
RDATA format
The format of RDATA varies according to the TYPE and CLASS of the resource record. NS, SOA, CNAME, and PTR will be used in all classes, and have the same format in all classes. Because their RDATA format is known, all domain names in the RDATA section of these RRs may be compressed.
CNAME RDATA format: A which specifies the canonical or primary name for the owner.
NS RDATA format: A which specifies a host which should be authoritative for the specified class and domain.
There are some internet specific RRs:
A RDATA format: A 32 bit Internet address. Hosts that have multiple Internet addresses will have multiple A records.
AAAA RDATA format: A 128 bit IPv6 address is encoded in the data portion of an AAAA resource record in network byte order (high-order byte first).
Message format
All communications inside of the domain protocol are carried in a single format called a
message. The top level format of message is divided into 5 sections (some of which are empty in certain cases) shown below:The header section is always present. The header includes fields that specify which of the remaining sections are present, and also specify whether the message is a query or a response, a standard query or some other opcode, etc.
The names of the sections after the header are derived from their use in standard queries. The question section contains fields that describe a question to a name server. These fields are a query type (QTYPE), a query class (QCLASS), and a query domain name (QNAME). The last three sections have the same format: a possibly empty list of concatenated resource records (RRs). The answer section contains RRs that answer the question; the authority section contains RRs that point toward an authoritative name server; the additional records section contains RRs which relate to the query, but are not strictly answers for the question.
Header section format
The header contains the following fields:
where:
Issue #40 show the code which pack the request header.
Question section format
The question section is used to carry the "question" in most queries, i.e., the parameters that define what is being asked. The section contains QDCOUNT (usually 1) entries, each of the following format:
where:
Resource record format
The answer, authority, and additional sections all share the same format: a variable number of resource records, where the number of records is specified in the corresponding count field in the header. Each resource record has the following format:
where:
In order to reduce the size of messages, the domain system utilizes a compression scheme which eliminates the repetition of domain names in a message. More details can be found in RFC 1035 4.1.4. Message compression and #42 .
TYPE and QTYPE values
TYPE fields are used in resource records. Note that these types are a subset of QTYPEs. There are some common types:
QTYPE fields appear in the question part of a query. QTYPES are a superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the following QTYPEs are defined:
CLASS and QCLASS values
CLASS fields appear in resource records. The following CLASS mnemonics and values are defined:
QCLASS fields appear in the question section of a query. QCLASS values are a superset of CLASS values; every CLASS is a valid QCLASS. In addition to CLASS values, the following QCLASSes are defined:
RDATA format
The format of RDATA varies according to the TYPE and CLASS of the resource record. NS, SOA, CNAME, and PTR will be used in all classes, and have the same format in all classes. Because their RDATA format is known, all domain names in the RDATA section of these RRs may be compressed.
There are some internet specific RRs:
Ref
RFC 1035
List of DNS record types
RFC 3596: DNS Extensions to Support IP Version 6