4. Messages
All communications inside of the domain protocol are carried in a single format called a message.
4.1. Format
The top level format of a message is divided into 5 sections (some of which are empty in certain cases):
+---------------------+
| Header |
+---------------------+
| Question | the question for the name server
+---------------------+
| Answer | RRs answering the question
+---------------------+
| Authority | RRs pointing toward an authority
+---------------------+
| Additional | RRs holding additional information
+---------------------+
Section Descriptions:
-
Header: Always present. Includes fields that specify which remaining sections are present, and whether the message is a query or response, a standard query or other opcode, etc.
-
Question: Contains fields that describe a question to a name server. These fields are a query type (QTYPE), a query class (QCLASS), and a query domain name (QNAME).
-
Answer: Contains RRs that answer the question.
-
Authority: Contains RRs that point toward an authoritative name server.
-
Additional: Contains RRs which relate to the query, but are not strictly answers for the question.
The last three sections have the same format: a possibly empty list of concatenated resource records (RRs).
4.1.1. Header Section Format
The header contains the following fields:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
Field Descriptions
ID (16 bits):
- A 16 bit identifier assigned by the program that generates any kind of query
- This identifier is copied into the corresponding reply
- Can be used by the requester to match up replies to outstanding queries
QR (1 bit):
- Query/Response flag
- Specifies whether this message is a query (0) or a response (1)
OPCODE (4 bits):
- Specifies the kind of query in this message
- Set by the originator of a query and copied into the response
- Values:
0- Standard query (QUERY)1- Inverse query (IQUERY)2- Server status request (STATUS)3-15- Reserved for future use
AA (1 bit):
- Authoritative Answer
- Valid in responses
- Specifies that the responding name server is an authority for the domain name in question section
- Note: The answer section may have multiple owner names because of aliases. The AA bit corresponds to the name which matches the query name, or the first owner name in the answer section.
TC (1 bit):
- TrunCation
- Specifies that this message was truncated due to length greater than that permitted on the transmission channel
RD (1 bit):
- Recursion Desired
- May be set in a query and is copied into the response
- If RD is set, it directs the name server to pursue the query recursively
- Recursive query support is optional
RA (1 bit):
- Recursion Available
- Set or cleared in a response
- Denotes whether recursive query support is available in the name server
Z (3 bits):
- Reserved for future use
- Must be zero in all queries and responses
RCODE (4 bits):
- Response code
- Set as part of responses
- Values:
0- No error condition1- Format error - The name server was unable to interpret the query2- Server failure - The name server was unable to process this query due to a problem with the name server3- Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist4- Not Implemented - The name server does not support the requested kind of query5- Refused - The name server refuses to perform the specified operation for policy reasons6-15- Reserved for future use
QDCOUNT (16 bits):
- An unsigned 16 bit integer specifying the number of entries in the question section
ANCOUNT (16 bits):
- An unsigned 16 bit integer specifying the number of resource records in the answer section
NSCOUNT (16 bits):
- An unsigned 16 bit integer specifying the number of name server resource records in the authority records section
ARCOUNT (16 bits):
- An unsigned 16 bit integer specifying the number of resource records in the additional records section
4.1.2. Question Section Format
The question section is used to carry the "question" in most queries, i.e., the parameters that define what is being asked.
The section contains QDCOUNT (usually 1) entries, each of the following format:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
/ QNAME /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QTYPE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QCLASS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
Field Descriptions
QNAME (variable):
- A domain name represented as a sequence of labels
- Each label consists of a length octet followed by that number of octets
- The domain name terminates with the zero length octet for the null label of the root
- Note: This field may be an odd number of octets; no padding is used
QTYPE (16 bits):
- A two octet code which specifies the type of the query
- The values for this field include all codes valid for a TYPE field, together with some more general codes which can match more than one type of RR
QCLASS (16 bits):
- A two octet code that specifies the class of the query
- For example, the QCLASS field is IN for the Internet
4.1.3. Resource Record Format
The answer, authority, and additional sections all share the same format: a variable number of resource records, where the number of records is specified in the corresponding count field in the header.
Each resource record has the following format:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| |
/ /
/ NAME /
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TYPE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| CLASS |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| TTL |
| |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| RDLENGTH |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
/ RDATA /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
Field Descriptions
NAME (variable):
- A domain name to which this resource record pertains
TYPE (16 bits):
- Two octets containing one of the RR type codes
- This field specifies the meaning of the data in the RDATA field
CLASS (16 bits):
- Two octets which specify the class of the data in the RDATA field
TTL (32 bits):
- A 32 bit unsigned integer that specifies the time interval (in seconds) that the resource record may be cached before it should be discarded
- Zero values are interpreted to mean that the RR can only be used for the transaction in progress, and should not be cached
RDLENGTH (16 bits):
- An unsigned 16 bit integer that specifies the length in octets of the RDATA field
RDATA (variable):
- A variable length string of octets that describes the resource
- The format of this information varies according to the TYPE and CLASS of the resource record
- For example, if the TYPE is A and the CLASS is IN, the RDATA field is a 4 octet ARPA Internet address
4.1.4. Message Compression
In order to reduce the size of messages, the domain system utilizes a compression scheme which eliminates the repetition of domain names in a message.
Compression Method
In this scheme, an entire domain name or a list of labels at the end of a domain name is replaced with a pointer to a prior occurrence of the same name.
Pointer Format:
The pointer takes the following form:
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| 1 1| OFFSET |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- The first two bits are ones
- This allows a pointer to be distinguished from a label, since labels must begin with two zero bits
- The OFFSET field specifies an offset from the start of the message (i.e., the first octet of the ID field in the domain header)
- A zero offset specifies the first byte of the ID field, etc.
Compression Rules
The compression scheme allows a domain name in a message to be represented as either:
- A sequence of labels ending in a zero octet
- A pointer
- A sequence of labels ending with a pointer
Important Restrictions:
- Pointers can only be used for occurrences of a domain name where the format is not class specific
- If this were not the case, a name server or resolver would be required to know the format of all RRs it handles
- As yet, there are no such cases, but they may occur in future RDATA formats
Compression is Allowed:
- In the NAME field of resource records
- In the QNAME field of question entries
- Whenever a domain name appears in the RDATA field (only for certain RR types where the format is known)
Compression is NOT Allowed:
- In the RDATA of RR types where the RDATA format is unknown or variable
Example
If a query contains:
www.example.com
mail.example.com
The second occurrence of "example.com" can be replaced with a pointer to the first occurrence, saving bytes.
4.2. Transport
DNS messages can be carried by different transport protocols:
4.2.1. UDP Usage
- Default Transport: UDP is the preferred transport for DNS queries and responses
- Maximum Size: DNS messages sent over UDP should not exceed 512 octets
- Truncation: If a response exceeds 512 octets, the TC (Truncation) bit should be set in the header
- Retry: When TC=1, the client should retry the query using TCP
Advantages of UDP:
- Lower overhead
- Faster for small queries
- No connection setup required
4.2.2. TCP Usage
- When to Use: TCP should be used when:
- The response size exceeds 512 octets
- Reliable delivery is required
- Zone transfers are performed
- Message Format: When using TCP, a 16-bit length field precedes each message
- Connection Management: Connections may be persistent or closed after each query-response pair
TCP Message Format:
+---------------------+
| Length (16 bits) |
+---------------------+
| |
| DNS Message |
| |
+---------------------+
4.3. Standard Query Example
Here's an example of a standard query for the A record of www.example.com:
Query Message Structure:
Header:
ID: 0x1234
QR: 0 (Query)
OPCODE: 0 (Standard Query)
RD: 1 (Recursion Desired)
QDCOUNT: 1
ANCOUNT: 0
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: www.example.com
QTYPE: A (1)
QCLASS: IN (1)
Response Message Structure:
Header:
ID: 0x1234
QR: 1 (Response)
OPCODE: 0 (Standard Query)
AA: 1 (Authoritative Answer)
RD: 1 (Recursion Desired)
RA: 1 (Recursion Available)
RCODE: 0 (No Error)
QDCOUNT: 1
ANCOUNT: 1
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: www.example.com
QTYPE: A (1)
QCLASS: IN (1)
Answer:
NAME: www.example.com
TYPE: A (1)
CLASS: IN (1)
TTL: 3600
RDLENGTH: 4
RDATA: 93.184.216.34
Next: 5. Master Files