|DNS, Domain Name System|
|Protocol type:||Application layer name space translation protocol.|
|Port:||53 (TCP, UDP) server.|
|SNMP MIBs:||iso.org.dod.internet.mgmt.mib-2.dns (220.127.116.11.2.1.32).|
dns, Domain Name System.|
dnsext, DNS Extensions.
dnsind, DNS IXFR, Notification, and Dynamic Update.
dnsop, Domain Name Server Operations.
DNS security algorithm numbers.
DNS SSHFP Resource Record Parameters.
|MAC header||IP header||TCP | UDP header||DNS header||Data :::|
|Total Questions||Total Answer RRs|
|Total Authority RRs||Total Additional RRs|
|Questions  :::|
|Answer RRs  :::|
|Authority RRs  :::|
|Additional RRs  :::|
Used to match request/reply packets.
QR, Query/Response. 1 bit.
Opcode. 4 bits.
|0||QUERY, Standard query.||RFC 1035|
|1||IQUERY, Inverse query.||RFC 1035, RFC 3425|
|2||STATUS, Server status request.||RFC 1035|
AA, Authoritative Answer.
Specifies that the responding name server is an authority for the domain name in question section. Note that the contents of the answer section may have multiple owner names because of aliases. This bit corresponds to the name which matches the query name, or the first owner name in the answer section.
Indicates that only the first 512 bytes of the reply was returned.
RD, Recursion Desired.
May be set in a query and is copied into the response. If set, the name server is directed to pursue the query recursively. Recursive query support is optional.
|0||Recursion not desired.|
RA, Recursion Available.
Indicates if recursive query support is available in the name server.
|0||Recursive query support not available.|
|1||Recursive query support available.|
Z. 1 bit.
AD, Authenticated data.
Indicates in a response that all data included in the answer and authority sections of the response have been authenticated by the server according to the policies of that server. It should be set only if all data in the response has been cryptographically verified or otherwise meets the server's local security policy.
CD, Checking Disabled. 1 bit.
Rcode, Return code. 4 bits.
|0||No error. The request completed successfully.||RFC 1035|
|1||Format error. The name server was unable to interpret the query.||RFC 1035|
|2||Server failure. The name server was unable to process this query due to a problem with the name server.||RFC 1035|
|3||Name Error. Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist.||RFC 1035|
|4||Not Implemented. The name server does not support the requested kind of query.||RFC 1035|
|5||Refused. The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data.||RFC 1035|
|6||YXDomain. Name Exists when it should not.||RFC 2136|
|7||YXRRSet. RR Set Exists when it should not.||RFC 2136|
|8||NXRRSet. RR Set that should exist does not.||RFC 2136|
|9||NotAuth. Server Not Authoritative for zone.||RFC 2136|
|10||NotZone. Name not contained in zone.||RFC 2136|
|16||BADVERS.Bad OPT Version.
BADSIG.TSIG Signature Failure.
|17||BADKEY. Key not recognized.||RFC 2845|
|18||BADTIME. Signature out of time window.||RFC 2845|
|19||BADMODE. Bad TKEY Mode.||RFC 2930|
|20||BADNAME. Duplicate key name.||RFC 2930|
|21||BADALG. Algorithm not supported.||RFC 2930|
|22||BADTRUNC. Bad truncation.||RFC 4635|
|Private use.||RFC 6195|
16 bits, unsigned.
Number of entries in the question list that were returned.
Total Answer RRs.
16 bits, unsigned.
Number of entries in the answer resource record list that were returned.
Total Authority RRs.
16 bits, unsigned.
Number of entries in the authority resource record list that were returned.
Total Additional RRs.
16 bits, unsigned.
Number of entries in the additional resource record list that were returned.
A list of zero or more Query structures.
A list of zero or more Answer Resource Record structures.
A list of zero or more Authority Resource Record structures.
A list of zero or more Additional Resource Record structures.
Query. Variable length.
|Query Name :::|
Resource Record. Variable length.
|Rdata Length||Rdata :::|
Type. 16 bits, unsigned.
|1||A, IPv4 address.||RFC 1035|
|2||NS, Authoritative name server.||RFC 1035|
|3||MD, Mail destination. Obsolete use MX instead.||RFC 1035|
|4||MF, Mail forwarder. Obsolete use MX instead.||RFC 1035|
|5||CNAME, Canonical name for an alias.||RFC 1035|
|6||SOA, Marks the start of a zone of authority.||RFC 1035|
|7||MB, Mailbox domain name.||RFC 1035|
|8||MG, Mail group member.||RFC 1035|
|9||MR, Mail rename domain name.||RFC 1035|
|10||NULL, Null resource record.||RFC 1035|
|11||WKS, Well known service description.||RFC 1035|
|12||PTR, Domain name pointer.||RFC 1035|
|13||HINFO, Host information.||RFC 1035|
|14||MINFO, Mailbox or mail list information.||RFC 1035|
|15||MX, Mail exchange.||RFC 1035|
|16||TXT, Text strings.||RFC 1035|
|17||RP, Responsible Person.||RFC 1183|
|18||AFSDB, AFS Data Base location.||RFC 1183, RFC 5864|
|19||X25, X.25 PSDN address.||RFC 1183|
|20||ISDN, ISDN address.||RFC 1183|
|21||RT, Route Through.||RFC 1183|
|22||NSAP, NSAP address. NSAP style A record.||RFC 1706|
|24||SIG, Security signature.||RFC 2931, RFC 4034|
|25||KEY, Security key.||RFC 3445, RFC 4034|
|26||PX, X.400 mail mapping information.||RFC 2163|
|27||GPOS, Geographical Position.||RFC 1712|
|28||AAAA, IPv6 Address.||RFC 3596|
|29||LOC, Location Information.||RFC 1876|
|30||NXT, Next Domain (obsolete).||RFC 2535|
|31||EID, Endpoint Identifier.|
|32||NIMLOC, Nimrod Locator.|
NB, NetBIOS general Name Service.
|33||SRV, Server Selection.|
NBSTAT, NetBIOS NODE STATUS.
RFC 2052, RFC 2782|
|34||ATMA, ATM Address.|
|35||NAPTR, Naming Authority Pointer.||RFC 3403|
|36||KX, Key Exchanger.||RFC 2230|
|37||CERT.||RFC 2538, RFC 4398|
|38||A6.||RFC 2874, RFC 3226, RFC 6563|
|43||DS, Delegation Signer.||RFC 3658|
|44||SSHFP, SSH Key Fingerprint.||RFC 4255|
|47||NSEC, NextSECure.||RFC 3755, RFC 3845|
|49||DHCID, DHCP identifier.||RFC 4701|
|55||HIP, Host Identity Protocol.||RFC 5205|
|58||TALINK, Trust Anchor LINK.|
|99||SPF, Sender Policy Framework.||RFC 4408|
|250||TSIG, Transaction Signature.||RFC 2845, RFC 3645|
|251||IXFR, Incremental transfer.||RFC 1995|
|252||AXFR, A request for a transfer of an entire zone.||RFC 1035|
|253||MAILB, A request for mailbox-related records (MB, MG or MR).||RFC 1035|
|254||MAILA, A request for mail agent RRs. Obsolete.||RFC 1035|
|255||*. A request for all records.||RFC 1035|
|257||CAA, Certification Authority Authorization.|
|32768||DNSSEC Trust Authorities.|
|32769||DNSSEC Lookaside Validation.||RFC 4431, RFC 5074|
Class. 16 bits, unsigned.
|1||IN, Internet.||RFC 1035.|
|3||CH, Chaos.||RFC 1035.|
|4||HS, Hesiod.||RFC 1035.|
|255||Any (QCLASS only).||RFC 1035.|
|Private use.||RFC 5395|
(RFC 2182) A server that knows the content of a DNS zone from local knowledge, and thus can answer queries about that zone without needing to query other servers.
DNSSEC, Domain Name System Security Extensions.
An extension to DNS that uses digital signatures over DNS data to provide source authentication and integrity protection.
(RFC 2182) A zone containing data mapping names to host addresses, mail exchange targets, etc.
(RFC 2182) An Authoritative Server for which there is an "NS" resource record (RR) in the zone.
(RFC 1996) Any authoritative server configured to be the source of zone transfer for one or more slave servers.
(RFC 1996) A set of servers to be notified of changes to some zone. The default is all servers named in the NS RRset, except for any server also named in the SOA MNAME. Some implementations will permit the name server administrator to override this set or add elements to it (such as, for example, stealth servers).
(RFC 1996) Master server at the root of the zone transfer dependency graph. The primary master is named in the zone's SOA MNAME field and optionally by an NS RR. There is by definition only one primary master server per zone.
(RFC 2182) An authoritative server for which the zone information is locally configured. Sometimes known as a Master server.
A DNS client which seeks information contained in a zone using the DNS protocols.
(RFC 2182) A zone containing data used to map addresses to names.
(RFC 2182) An authoritative server that obtains information about a zone from a Primary Server via a zone transfer mechanism. Sometimes known as a Slave Server.
(RFC 1996) An authoritative server which uses zone transfer to retrieve the zone. All slave servers are named in the NS RRs for the zone.
(RFC 1996) Similar to a slave server except it is not listed in an NS RR for the zone. A stealth server, unless explicitly configured to do otherwise, will set the AA bit in responses and be capable of acting as a master. A stealth server will only be known by other servers if they are given static configuration data indicating its existence.
(RFC 2182) An authoritative server, usually secondary, which is not a Listed Server.
TLD, Top level domain name.
WKS, Well Known Services.
(RFC 2182) A part of the DNS tree, that is treated as a unit.
[RFC 830] A Distributed System for Internet Name Service.
[RFC 881] The Domain Names Plan and Schedule.
[RFC 897] Domain Name System Implementation Schedule.
[RFC 920] Domain Requirements.
[RFC 921] Domain Name System Implementation Schedule - Revised.
[RFC 974] MAIL ROUTING AND THE DOMAIN SYSTEM.
[RFC 1002] PROTOCOL STANDARD FOR A NetBIOS SERVICE ON A TCP/UDP TRANSPORT: DETAILED SPECIFICATIONS.
[RFC 1031] MILNET NAME DOMAIN TRANSITION.
[RFC 1032] DOMAIN ADMINISTRATORS GUIDE.
[RFC 1033] DOMAIN ADMINISTRATORS OPERATIONS GUIDE.
[RFC 1034] DOMAIN NAMES - CONCEPTS AND FACILITIES.
[RFC 1035] DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION.
[RFC 1101] DNS Encoding of Network Names and Other Types.
[RFC 1123] Requirements for Internet Hosts -- Application and Support.
[RFC 1183] New DNS RR Definitions.
[RFC 1279] X.500 and Domains.
[RFC 1296] Internet Growth (1981-1991).
[RFC 1383] An Experiment in DNS Based IP Routing.
[RFC 1401] Correspondence between the IAB and DISA on the use of DNS throughout the Internet.
[RFC 1464] Using the Domain Name System To Store Arbitrary String Attributes.
[RFC 1480] The US Domain.
[RFC 1535] A Security Problem and Proposed Correction With Widely Deployed DNS Software.
[RFC 1536] Common DNS Implementation Errors and Suggested Fixes.
[RFC 1591] Domain Name System Structure and Delegation.
[RFC 1611] DNS Server MIB Extensions.
[RFC 1612] DNS Resolver MIB Extensions.
[RFC 1706] DNS NSAP Resource Records.
[RFC 1712] DNS Encoding of Geographical Location.
[RFC 1713] Tools for DNS debugging.
[RFC 1794] DNS Support for Load Balancing.
[RFC 1876] A Means for Expressing Location Information in the Domain Name System.
[RFC 1912] Common DNS Operational and Configuration Errors.
[RFC 1982] Serial Number Arithmetic.
[RFC 1995] Incremental Zone Transfer in DNS.
[RFC 1996] A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY).
[RFC 2053] The AM (Armenia) Domain.
[RFC 2136] Dynamic Updates in the Domain Name System (DNS UPDATE).
[RFC 2142] MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS.
[RFC 2146] U.S. Government Internet Domain Names.
[RFC 2163] Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM).
[RFC 2181] Clarifications to the DNS Specification.
[RFC 2182] Selection and Operation of Secondary DNS Servers.
[RFC 2219] Use of DNS Aliases for Network Services.
[RFC 2230] Key Exchange Delegation Record for the DNS.
[RFC 2308] Negative Caching of DNS Queries (DNS NCACHE).
[RFC 2517] Building Directories from DNS: Experiences from WWWSeeker.
[RFC 2536] DSA KEYs and SIGs in the Domain Name System (DNS).
[RFC 2539] Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
[RFC 2540] Detached Domain Name System (DNS) Information.
[RFC 2541] DNS Security Operational Considerations.
[RFC 2606] Reserved Top Level DNS Names.
[RFC 2671] Extension Mechanisms for DNS (EDNS0).
[RFC 2672] Non-Terminal DNS Name Redirection.
[RFC 2673] Binary Labels in the Domain Name System.
[RFC 2694] DNS extensions to Network Address Translators (DNS_ALG).
[RFC 2782] A DNS RR for specifying the location of services (DNS SRV).
[RFC 2826] IAB Technical Comment on the Unique DNS Root.
[RFC 2845] Secret Key Transaction Authentication for DNS (TSIG).
[RFC 2870] Root Name Server Operational Requirements.
[RFC 2874] DNS Extensions to Support IPv6 Address Aggregation and Renumbering.
[RFC 2930] Secret Key Establishment for DNS (TKEY RR).
[RFC 2931] DNS Request and Transaction Signatures ( SIG(0)s ).
[RFC 3007] Secure Domain Name System (DNS) Dynamic Update.
[RFC 3027] Protocol Complications with the IP Network Address Translator.
[RFC 3071] Reflections on the DNS, RFC 1591, and Categories of Domains.
[RFC 3110] RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS).
[RFC 3123] A DNS RR Type for Lists of Address Prefixes (APL RR).
[RFC 3130] Notes from the State-Of-The-Technology: DNSSEC.
[RFC 3197] Applicability Statement for DNS MIB Extensions.
[RFC 3225] Indicating Resolver Support of DNSSEC.
[RFC 3226] DNSSEC and IPv6 A6 aware server/resolver message size requirements.
[RFC 3245] The History and Context of Telephone Number Mapping (ENUM) Operational Decisions: Informational Documents Contributed to ITU-T Study Group 2 (SG2).
[RFC 3258] Distributing Authoritative Name Servers via Shared Unicast Addresses.
[RFC 3363] Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS).
[RFC 3364] Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6).
[RFC 3403] Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database.
[RFC 3425] Obsoleting IQUERY.
[RFC 3467] Role of the Domain Name System (DNS).
[RFC 3568] Known Content Network (CN) Request-Routing Mechanisms.
[RFC 3596] DNS Extensions to Support IP Version 6.
[RFC 3597] Handling of Unknown DNS Resource Record (RR) Types.
[RFC 3645] Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG).
[RFC 3646] DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
[RFC 3675] .sex Considered Dangerous.
[RFC 3681] Delegation of E.F.F.3.IP6.ARPA.
[RFC 3696] Application Techniques for Checking and Transformation of Names.
[RFC 3761] The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM).
[RFC 3832] Remote Service Discovery in the Service Location Protocol (SLP) via DNS SRV.
[RFC 3833] Threat Analysis of the Domain Name System (DNS).
[RFC 3901] DNS IPv6 Transport Operational Guidelines.
[RFC 3958] Domain-Based Application Service Location Using SRV RRs and the Dynamic Delegation Discovery Service (DDDS).
[RFC 4025] A Method for Storing IPsec Keying Material in DNS.
[RFC 4027] Domain Name System Media Types.
[RFC 4033] DNS Security Introduction and Requirements.
[RFC 4034] Resource Records for the DNS Security Extensions.
[RFC 4035] Protocol Modifications for the DNS Security Extensions.
[RFC 4074] Common Misbehavior Against DNS Queries for IPv6 Addresses.
[RFC 4095] Attaching Meaning to Solicitation Class Keywords.
[RFC 4143] Facsimile Using Internet Mail (IFAX) Service of ENUM.
[RFC 4183] A Suggested Scheme for DNS Resolution of Networks and Gateways.
[RFC 4185] National and Local Characters for DNS Top Level Domain (TLD) Names.
[RFC 4213] Basic Transition Mechanisms for IPv6 Hosts and Routers.
[RFC 4255] Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints.
[RFC 4310] Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP).
[RFC 4322] Opportunistic Encryption using the Internet Key Exchange (IKE).
[RFC 4339] IPv6 Host Configuration of DNS Server Information Approaches.
[RFC 4343] Domain Name System (DNS) Case Insensitivity Clarification.
[RFC 4367] What's in a Name: False Assumptions about DNS Names.
[RFC 4386] Internet X.509 Public Key Infrastructure Repository Locator Service.
[RFC 4398] Storing Certificates in the Domain Name System (DNS).
[RFC 4406] Sender ID: Authenticating E-Mail.
[RFC 4408] Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1.
[RFC 4431] The DNSSEC Lookaside Validation (DLV) DNS Resource Record.
[RFC 4470] Minimally Covering NSEC Records and DNSSEC On-line Signing.
[RFC 4471] Derivation of DNS Name Predecessor and Successor.
[RFC 4472] Operational Considerations and Issues with IPv6 DNS.
[RFC 4477] Dynamic Host Configuration Protocol (DHCP): IPv4 and IPv6 Dual-Stack Issues.
[RFC 4501] Domain Name System Uniform Resource Identifiers.
[RFC 4509] Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs).
[RFC 4697] Observed DNS Resolution Misbehavior.
[RFC 5358] Preventing Use of Recursive Nameservers in Reflector Attacks.
[RFC 5452] Measures for Making DNS More Resilient against Forged Answers.
[RFC 6014] Cryptographic Algorithm Identifier Allocation for DNSSEC.
[RFC 6186] Use of SRV Records for Locating Email Submission/Access Services.
[RFC 6195] Domain Name System (DNS) IANA Considerations.
[RFC 6589] Considerations for Transitioning Content to IPv6.
[RFC 6594] Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records.
[RFC 6604] xNAME RCODE and Status Bits Clarification.
[RFC 6605] Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC.
[RFC 6725] DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates.
[RFC 882] DOMAIN NAMES - CONCEPTS and FACILITIES.
[RFC 883] DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION.
[RFC 973] Domain System Changes and Observations.
[RFC 1348] DNS NSAP RRs.
[RFC 1386] The US Domain.
[RFC 1537] Common DNS Data File Configuration Errors.
[RFC 1637] DNS NSAP Resource Records.
[RFC 1664] Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables.
[RFC 1811] U.S. Government Internet Domain Names.
[RFC 1816] U.S. Government Internet Domain Names.
[RFC 1886] DNS Extensions to support IP version 6.
[RFC 1933] Transition Mechanisms for IPv6 Hosts and Routers.
[RFC 2010] Operational Criteria for Root Name Servers.
[RFC 2052] A DNS RR for specifying the location of services (DNS SRV).
[RFC 2065] Domain Name System Security Extensions.
[RFC 2137] Secure Domain Name System Dynamic Update.
[RFC 2168] Resolution of Uniform Resource Identifiers using the Domain Name System.
[RFC 2535] Domain Name System Security Extensions.
[RFC 2537] RSA/MD5 KEYs and SIGs in the Domain Name System (DNS).
[RFC 2538] Storing Certificates in the Domain Name System (DNS).
[RFC 2893] Transition Mechanisms for IPv6 Hosts and Routers.
[RFC 2915] The Naming Authority Pointer (NAPTR) DNS Resource Record.
[RFC 2916] E.164 number and DNS.
[RFC 2929] Domain Name System (DNS) IANA Considerations.
[RFC 3008] Domain Name System Security (DNSSEC) Signing Authority.
[RFC 3090] DNS Security Extension Clarification on Zone Status.
[RFC 3152] Delegation of IP6.ARPA.
[RFC 3445] Limiting the Scope of the KEY Resource Record (RR).
[RFC 3655] Redefinition of DNS Authenticated Data (AD) bit.
[RFC 3658] Delegation Signer (DS) Resource Record (RR).
[RFC 3755] Legacy Resolver Compatibility for Delegation Signer (DS).
[RFC 3757] Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag.
[RFC 3845] DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format.
[RFC 5395] Domain Name System (DNS) IANA Considerations.