Info.txt
3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
A simple DNS message and response implementation.
It only supports name queries.
good informations about dns:
rfc1035
http://technet.microsoft.com/en-us/library/dd197470(v=ws.10).aspx
serveral more could be found via google.
What we need:
dns header 6 * 16bit
16bit ID
16bit Flags
1bit request/response indicator (0 = request)
4bit operation code / what operation to be done (0 = query)
1bit authoritive answer / obviosly only used for responses
1bit truncation / indicate that the message was to large for a UDP datagram
1bit recursion desired / 1 to recurse the request (we normally want this)
1bit recursion available / obvious
3bit reserved / set to 000
4bit return code / 0 means successfull, currently all other are wrong for us
16bit Question count
16bit Answer count
16bit Authority count
16bit Additional count
1 question resource record (valriable len) our would look like this.
question name: 0x09localhost0x00
16bit question type: 0x0001 (for A record question)
16bit question class: 0x0001 (represents the IN question class)
TYPE value and meaning
========================================================
(removed all obsolete and experimental codes)
A 1 a host address
NS 2 an authoritative name server
CNAME 5 the canonical name for an alias
SOA 6 marks the start of a zone of authority
WKS 11 a well known service description
PTR 12 a domain name pointer
HINFO 13 host information
MINFO 14 mailbox or mail list information
MX 15 mail exchange
TXT 16 text strings
QTYPE values
========================================================
QTYPE fields appear in the question part of a query. QTYPES are a
superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
following QTYPEs are defined:
AXFR 252 A request for a transfer of an entire zone
* 255 A request for all records
CLASS values
========================================================
IN 1 the Internet
CH 3 the CHAOS class
HS 4 Hesiod [Dyer 87]
Our hardcoded request message:
434301000001000000000000096C6F63616C686F73740000010001
^ ^ ^ ^ ^ ^
ID | | | | |
flags | | | |
one query | | |
query name (localhost) | |
type |
class
OK, as i analyse the response i realize that my request was repeated back along
with the answer. For now I assume this is the default behaviour of DNS.
At least I can be sure that our DNS will always respond that way.
The last 4 bytes of the answer record represent the ip address. We can savely
assume this as currently we only query IPv4 A records. With these this should
be always true.
out complete response was:
434381800001000100000000096c6f63616c686f73740000010001c00c000100010000000f00040a0100dc
^ ^ ^
no error | |
one request |
one response
We cut of the headers and the request (as it was our own...we do not care about
it), leaving us with:
c00c000100010000000f00040a0100dc
^ ^ ^ ^ ^ ^
nref | | | | |
type | | | |
class | | |
TTL | |
resource date len |
here starts our ip
nref => is a reference of the name queried corresponding the
DNS Packet Compression Schema:
2bits: compression indicator (11 when compression is active)
rest: offset to name
In our case this means the offset is 0x0c (12). The offset is the offset from
the start of the message.