Home
Independent
Networking

DNS message format

This page shows the DNS message format. A DNS Message Format contains 5 sections (RFC 1035)

  1. Header - Includes:
    1. Bits 0-15 are the query identifier
    2. Bit 16 - QR bit, The message is a query if the value is 0. The message is a response if the value is 1/
    3. Bits 17-20 - Opcode values - Identifies the query type. The message is a standard query if 0, The message is an inverse query if 1, The message is a server status request if 2.
    4. Bit 21 - AA - Authoritative answer - If set, it indicates the responding name server is an aurhority for the domain name in question.
    5. Bit 22 - TC - Indicates the message was truncated.
    6. Bit 23 - RD - Recursion Desired - Set in a query and indicates the query should be persued recursively.
    7. Bit 24 - RA - Recursion Available - A bit that is set or cleared in a response indicating that recursion is available.
    8. Bit 25-27 - Z - Future use, required to always be 0
    9. Bit 28-31 - RCODE - Response code - No error if 0, Format error if 1, Server failure if 2
    10. Word 3 - QDCOUNT - Indicates the number of DNS querise (entries in the question section)
    11. Word 4 - ANCOUNT - Indicates the number of answers (Resource records in the answer section)
    12. Word 5 - NSCOUNT - The number of name server records in the authority records section.
    13. Word 6 - ARCOUNT - The number of resource records in the additional records section.
  2. Question - Includes:
    1. QNAME - Domain name strings with a length byte followed by a string of the designated length.
    2. QTYPE - Two bytes indicating the query type
    3. QCLASS - Two bytes indicating the class field such as IN for internet.
  3. Answer - Resource Records (RRs) answering the question
    1. NAME - domain name
    2. TYPE - Two bytes with resource record type.
    3. CLASS - Two bytes indicating the class of the data
    4. TTL - A 32 bit unsigned integer indicating the time interval in seconds that the may be stored on the DNS server.
    5. RDLENGTH - 16 bits indicating the length of the RDATA field in bytes.
    6. RDATA - This may be the IP address for a domain name but the information varies depending on the type and class of the resource record.
  4. Authority - Resource Records (RRs) pointing to an authority - The format is the same as the Answer section.
  5. Additional - Resource Records (RRs) holding additional information - The format is the same as the Answer section.

TYPE fields are used in resource records. Note that these types are a subset of QTYPEs. TYPE value and meaning

  1. A 1 a host address
  2. NS 2 an authoritative name server
  3. MD 3 a mail destination (Obsolete - use MX)
  4. MF 4 a mail forwarder (Obsolete - use MX)
  5. CNAME 5 the canonical name for an alias
  6. SOA 6 marks the start of a zone of authority
  7. MB 7 a mailbox domain name (EXPERIMENTAL)
  8. MG 8 a mail group member (EXPERIMENTAL)
  9. MR 9 a mail rename domain name (EXPERIMENTAL)
  10. NULL 10 a null RR (EXPERIMENTAL)
  11. WKS 11 a well known service description
  12. PTR 12 a domain name pointer
  13. HINFO 13 host information
  14. MINFO 14 mailbox or mail list information
  15. MX 15 mail exchange
  16. TXT 16 text strings