/* * This is the extended log file for the discussion found at * http://www.mnin.org/write/slims.html * * 1/04 michael.ligh@mnin.org */ use this document as a reference of concepts and issues related to packet payload. Then return to the full report. There is one DNS message defined for both queries and responses. Below is the overall format of the message - a fixed 12 byte header followed by four variable-length fields. The header is divided into 6 sections - 2 bytes each. The majority of our discussions related to the packet's payload will deal with the header field data. 0________________________15 16________________________31 ___ | | | ^ | identification | flags | | |__________________________|___________________________| | | | | | | number of questions | number of answer RRs | 12 bytes |__________________________|___________________________| | | | | | | number of authority RRs | number of additional RRs | | |__________________________|___________________________| ___ | | \ questions \ |______________________________________________________| | | \ answers (variable number of resource records) \ |______________________________________________________| | | \ authority (variable number of resource records) \ |______________________________________________________| | | \ additional information (variable numbmer...) \ |______________________________________________________| Now let's apply this new information to our sample packet. The the first 12 bytes that make up the header are: 01 02 00 FE D0 84 3F 26 00 08 53 C8 We can plug them into the correct fields and then convert the hex value to decimal. 0________________________15 16________________________31 ___ | | | ^ | 01 02 = 258 | 00 FE = * | | |__________________________|___________________________| | | | | | | D0 84 = 53380 | 3F 26 = 16166 | 12 bytes |__________________________|___________________________| | | | | | | 00 08 = 8 | 53 C8 = 21448 | | |__________________________|___________________________| ___ | | \ questions \ |______________________________________________________| | | \ answers (variable number of resource records) \ |______________________________________________________| | | \ authority (variable number of resource records) \ |______________________________________________________| | | \ additional information (variable numbmer...) \ |______________________________________________________| <--> Carried over to full report