dns record and packet

最後更新: 2019-03-22



Resource Record (RR)


每一隻 DNS record 都叫 RR (type, TTL, data) [A, 300, n.n.n.n]

有效的 Domain

  • ASCII letters A-Z
  • digits 0-9
  • hyphen -
  • case-insensitive


SRV records ( RFC 2782 )



_service._proto.owner-name. TTL class SRV priority weight port target.


# SRV for provision of SIP (VoIP) services

_sip._udp    IN SRV 1 0 5523 sip2.example.com.

# autodiscover

_autodiscover._tcp 3600 IN SRV 0 0 443 autodiscover
autodiscover       3600 IN   A         n.n.n.n


Defines the "symbolic service name"

symbolic service name:

    _http - web service
    _ftp - file transfer service
    _ldap - LDAP service
    _imap - IMAP mail service


    _tcp - TCP protocol
    _udp - UDP protocol


Defines the base domain (or zone) name

一般情況不用填 (leaving the entry blank (without a dot) will substitute the current the zone root)




Optional. Standard CLASS parameter. (IN)


The relative Priority of this service (Lowest is highest priority)


        Used when more than one service has the same priority. (highest is most frequently delivered)
        0 indicates no weighting should be applied.




DNS Packet


response fits into a single UDP datagram

large responses => lookup can be retried over TCP

| Header     |
| Question   | the question for the name server (QNAME,  QTYPE , QCLASS ...)
| Answer     | RRs answering the question (TTL, RDATA ...)
| Authority  | RRs pointing toward an authority
| Additional | RRs holding additional information

Authority section

may contain a list of resource records, pointing to authoritative name servers (某 Somain NS Server)

Additional section

may contain additional information to answers (i.e. NS Record IP)

Header section

|                      ID                       |
|QR|   Opcode  |AA|TC|RD|RA| Z|AD|CD|   RCODE   |
|                    QDCOUNT                    |
|                    ANCOUNT                    |
|                    NSCOUNT                    |
|                    ARCOUNT                    |


16-bit value, that is kept same in the response.


  • QR: 0=Query, 1=response
  • OPCODE: 0000=query
  • AA: Authoritative Answer (set by the server)
  • TC: message is TrunCated (set by the server)
  • RD: Recursion Desired (set by the client and copied to the response) (Disable: +nordflag)
    if the server is not authoritative, it will do a recursive query to find the answer.
  • RA: Recursion Available (set by the server)
  • RCODE, 4-bits: 0000=NOERROR.

DNSSEC flag:

  • AD: Authenticated Data (set by the server)
    no Authenticated Data (ad) => a validation problem with one or more records returned
  • CD: Checking Disabled (set by the client, copied to the response)
    1 => if the RRs cannot be verified, they should still be returned.


number of records in each section