DNS Protocol

Applies To: Windows Server 2008

The DNS protocol consists of different types of DNS messages that are processed according to the information in their message fields. This section discusses the types of DNS messages and the fields in each message type.

In this section, the following DNS message topics are discussed:

  • Message types

  • DNS query message format

  • DNS query message header

  • DNS query question entries

  • DNS resource records

  • Name query message

  • Name query response

  • Reverse name query message

  • DNS update message format

  • DNS update message flags

  • Dynamic update response message

Message types

There are three types of DNS messages:

  • Queries

  • Responses

  • Updates

Queries and responses are defined in the original DNS standard, and updates are defined in RFC 2136. All three types follow a common message format.

DNS query message format

The common DNS message format has a fixed-length, 12-byte header and a variable position reserved for question, answer, authority, and additional DNS resource records. The common message format can be illustrated as follows:

Standard DNS query message format

DNS Message Format

DNS header (fixed length)

Question entries (variable length)

Answer resource records (variable length)

Authority resource records (variable length)

Additional resource records(variable length)

DNS query message header

The DNS message header contains the following fields, in the following order:

DNS query message header fields

Field Name Description

Transaction ID

A 16-bit field identifying a specific DNS transaction. The transaction ID is created by the message originator and is copied by the responder into its response message. Using the transaction ID, the DNS client can match responses to its requests.

Flags:

A 16-bit field containing various service flags that are communicated between the DNS client and the DNS server, including:

Request/response

1-bit field set to 0 to represent a name service request or set to 1 to represent a name service response.

Operation code

4-bit field represents the name service operation of the packet: 0x0 is a query.

Authoritative answer

1-bit field represents that the responder is authoritative for the domain name in the query message.

Truncation

1-bit field that is set to 1 if the total number of responses exceeded the User Datagram Protocol (UDP) datagram. Unless UDP datagrams larger than 512 bytes or EDNS0 are enabled, only the first 512 bytes of the UDP reply are returned.

Recursion desired

1-bit field set to 1 to indicate a recursive query and 0 for iterative queries. If a DNS server receives a query message with this field set to 0, it returns a list of other DNS servers that the client can contact. This list is populated from local cache data.

Recursion available

1-bit field set by a DNS server to 1 to represent that the DNS server can handle recursive queries. If recursion is disabled, the DNS server sets the field appropriately.

Reserved

3-bit field that is reserved and set to 0.

Return code

4-bit field holding the return code:

  • 0 is a successful response (query answer is in the query response).

  • 0x3 is a name error, indicating that an authoritative DNS server responded that the domain name in the query message does not exist. For more information about return codes, see DNS Reference Information.

Question Resource Record count

A 16-bit field representing the number of entries in the question section of the DNS message.

Answer Resource Record count

A 16-bit field representing the number of entries in the answer section of the DNS message.

Authority Resource Record count

A 16-bit field representing the number of authority resource records in the DNS message.

Additional Resource Record count

A 16-bit field representing the number of additional resource records in the DNS message.

DNS query Question Entries section

The DNS message’s Question Entries section contains the domain name that is being queried and has the following three fields:

DNS query Question Entry fields

Field Name Description

Question Name

The domain name that is being queried. DNS domain names are expressed as a series of labels, such as microsoft.com, but in the Question Name field, the domain name is encoded as a series of length-value pairs consisting of a 1-byte file that indicates the length of the value, followed by the value (the label). For example, the domain microsoft.com is expressed as 0x09microsoft0x03com0x00, where the hexadecimal digits represent the length of each label, the ASCII characters indicate the individual labels, and the final 0 indicates the end of the name.

Question Type

A 16-bit integer used to represent the resource record type that should be returned, as expressed below:

Type value

Record(s) returned

0x01

Host (A) record

0x02

Name server (NS) record

0x05

Alias (CNAME) record

0x0C (12)

Reverse-lookup (PTR) record

0x0F (15)

Mail exchange (MX) record

0x21 (33)

Service (SRV) record

0xFB (251)

Incremental zone transfer (IXFR) record

0xFC (252)

Standard zone transfer (AXFR) record

0xFF (255)

All records

Question Class

Represents the IN (Internet) question class and is normally set to 0x0001.

DNS resource records

The answer, authority, and additional information sections of a DNS response message can contain resource records that answer the query message question section. Resource records are formatted as follows:

DNS resource record message fields

Field Name Description

Resource Record Name

The DNS domain name recorded as a variable-length field following the same formatting as the Question Name field.

Resource Record Type

The resource record type value.

Resource Record Class

The resource record class code, the Internet class, 0x0001.

Time-to-Live

The TTL expressed in seconds as a 32-bit unsigned field.

Resource Data Length

2-byte field indicating the length of the resource data.

Resource Data

Variable-length data corresponding to the resource record type.

The Resource Record Name field is encoded in the same way as the Question Name field unless the name is already present elsewhere in the DNS message, in which case a 2-byte field is used in place of a length-value encoded name and acts as a pointer to the name that is already present.

Name Query message format

A Name Query message format is the same as the DNS message format described above. In a typical Name Query message, the DNS message fields are set as follows:

DNS Name Query message fields

Field Name Description

Query Identifier (Transaction ID)

Set to a unique number to enable the DNS client resolver to match the response to the query. The query response transaction ID always matches the query request transaction ID.

Flags

Set to indicate a standard query with recursion enabled.

Question Count

Set to 1.

Question Entry

Set to the domain name queried and the resource record type to return.

Name Query Response message format

A Name Query Response message format is the same as the DNS message format described above. In a typical Name Query message, the DNS message fields would be set as follows:

DNS Name Query Response fields

Field Name Description

Query Identifier (Transaction ID)

Set to a unique number to enable the DNS client resolver to match the response to the query.

Flags

Set to indicate a standard query with recursion enabled.

Question Count

Set to 1.

Question Entry

Set to the domain name queried and the resource record type to return.

Reverse name query message format

Reverse name query messages use the common message format with the following differences:

  • The DNS client resolver constructs the domain name in the in-addr.arpa domain based on the IP address that is queried.

  • A Pointer (PTR) resource record is queried rather than a host (A) resource record.

DNS update message format

The DNS update message format uses a header defining the update operation to be performed and a resource record set that contains the update. The DNS update message format has the following fields:

  • Identification. A 16-bit identifier assigned by the DNS client requestor. This identifier is copied in the corresponding reply and can be used by the requestor to match replies to outstanding requests, or by the server to detect duplicated requests from some requestor.

  • Flags. A 16-bit DNS update message flags field. For a description of each flag, see “DNS Update Message Flags field” below.

  • Number of zone entries. The number of resource records in the Zone entry section.

  • Number of prerequisite resource records. The number of resource records in the Prerequisite resource records section.

  • Number of update resource records. The number of resource records in the Update resource records section.

  • Number of additional resource records. The number of resource records in the Additional resource records section.

  • Zone entry. Denotes the zone of the records being updated. All records to be updated must be in the same zone, and therefore the Zone Section is allowed to contain exactly one record. It has three values: ZNAME is the zone name, the ZTYPE must be SOA, and the ZCLASS is the zone’s class.

  • Prerequisite resource records. Contains a set of resource record prerequisites that must be satisfied at the time the update message is received by the master DNS server. There are five possible sets of values that can be expressed:

    • Resource record set exists (value independent). At least one resource record with a specified name and type (in the zone and class specified by the Zone Section) must exist.

    • Resource record set exists (value dependent). A set of resource records with a specified name and type exists and has the same members with the same data as the resource record set specified in this section.

    • Resource record set does not exist. No resource records with a specified name and type (in the zone and class denoted by the Zone section) exist.

    • Name is in use. At least one resource record with a specified name (in the zone and class specified by the Zone section) exists. This prerequisite is not satisfied by empty nonterminals.

    • Name is not in use. No resource record of any type is owned by a specified name. This prerequisite is satisfied by empty nonterminals.

  • Update resource records. Contains the resource records that are to be added or deleted from the zone. One of four operations is performed during the update:

    • Add resource records to an resource records set.

    • Delete a resource records set.

    • Delete all resource records sets from a name.

    • Delete a resource record from a resource records set.

  • Additional resource records. Contains resource records that are related to the update, or to new resource records being added by the update.

DNS update message flags field

The DNS update message flags field uses the following flags:

  • Request/response. 1-bit field set to 0 to represent an update request and 1 to represent an update response.

  • Operation code. 4-bit field set to 0x5 for DNS updates.

  • Reserved. 7-bit reserved field set to 0.

  • Return code. 4-bit field containing codes to represent the result of the update query. The codes are as follows:

    DNS update message flag field return code values

    Result Code Value Description

    0 (NOERROR)

    No error; successful update.

    1 (FORMERR)

    Format error; DNS server did not understand the update request.

    0x2 (SERVFAIL)

    DNS server encountered an internal error, such as a forwarding timeout.

    0x3 (NXDOMAIN)

    A name that should exist does not exist.

    0x4 (NOTIMP)

    DNS server does not support the specified Operation code.

    0x5 (REFUSED)

    DNS server refuses to perform the update.

    0x6 (YXDOMAIN)

    A name that should not exist does exist.

    0x7 (YXRRSET)

    A resource record set that should not exist does exist.

    0x8 (NXRRSET)

    A resource record set that should exist does not exist.

    0x9 (NOTAUTH)

    DNS server is not authoritative for the zone named in the Zone section.

    0xA (NOTZONE)

    A name used in the Prerequisite or Update sections is not within the zone specified by the Zone section.

Dynamic update response message format

The dynamic update response message follows the same format as the DNS update message, with the exception of the DNS flags. The dynamic update response message header flags indicate whether the update is successful by including the successful response code or one of the error codes described in DNS update message flags.