wire / wire-format / dns-message
A DNS message is a 12-byte header followed by four sections: Question, Answer, Authority, and Additional. The header carries the transaction ID, flags (QR, Opcode, AA, TC, RD, RA, RCODE), and the four section counts (QDCOUNT/ANCOUNT/NSCOUNT/ARCOUNT). Names use length-prefixed labels with a compression pointer scheme.
aka: DNS packet · DNS wire format · resource record message
spec: RFC 1035
12-byte header + Question/Answer/Authority/Additional sections. Resource records share a TYPE/CLASS/TTL/RDLENGTH/RDATA layout — RDLENGTH then RDATA is itself a length-value (TLV-like) framing. Domain names are sequences of length-prefixed labels ending in a zero-length root label; a label whose top two bits are 11 is a 14-bit offset compression pointer.
| field | size | meaning |
|---|---|---|
| ID | 16 bits | Transaction identifier matching a response to its query. |
| Flags | 16 bits | QR (query/response), Opcode (4 bits), AA, TC (truncated), RD, RA, Z (3 bits), RCODE (4 bits, error code). |
| QDCOUNT | 16 bits | Number of entries in the Question section. |
| ANCOUNT | 16 bits | Number of resource records in the Answer section. |
| NSCOUNT | 16 bits | Number of name-server resource records in the Authority section. |
| ARCOUNT | 16 bits | Number of resource records in the Additional section. |
| Question section | variable | QDCOUNT entries of QNAME (labels) + QTYPE (16 bits) + QCLASS (16 bits). |
| Answer / Authority / Additional | variable | Resource records: NAME + TYPE(16) + CLASS(16) + TTL(32) + RDLENGTH(16) + RDATA(RDLENGTH bytes). |
example:
AA AA 01 00 00 01 00 00 00 00 00 00
ID 0xAAAA; flags 0x0100 = standard query, recursion desired (RD=1); QDCOUNT 1, ANCOUNT/NSCOUNT/ARCOUNT 0 — i.e. a recursive query with one question and no records yet.
see: dns-rrtype/AAAA
agent: curl -H 'accept: application/json' wire.phall.io/wire-format/dns-message
or /wire-format/dns-message.json