Wireshark数据包分析之DNS协议包解读

DNS协议包格式

DNS资源记录类型

DNS数据包分析(查询)

Domain Name System (query)
[Response In: 16]
Transaction ID: 0x0002 #DNS ID号#
Flags: 0x0100 Standard query #标志#
0... .... .... .... = Response: Message is a query ##响应信息,该值为0,表示一个DNS查询
.000 0... .... .... = Opcode: Standard query (0) #操作代码#
.... ..0. .... .... = Truncated: Message is not truncated #截断#
.... ...1 .... .... = Recursion desired: Do query recursively #期望递归#
.... .... .0.. .... = Z: reserved (0) #保留#
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1 #问题计数#
Answer RRs: 0 #回答计数#
Authority RRs: 0 #域名服务器计数#
Additional RRs: 0 #额外计数#
Queries
www.baidu.com: type A, class IN
Name: www.baidu.com #请求的域名#
Type: A (Host Address) (1) #域名类型#
Class: IN (0x0001) #地址类型#

DNS数据包分析(响应)

Domain Name System (response)
[Request In: 15]
[Time: 0.003787000 seconds] #响应时间#
Transaction ID: 0x0002 #DNS ID号#
Flags: 0x8180 Standard query response, No error #标志#
1... .... .... .... = Response: Message is a response #响应信息,该值为1,所以这是DNS响应#
.000 0... .... .... = Opcode: Standard query (0) #操作码#
.... .0.. .... .... = Authoritative: Server is not an authority for domain #权威应答#
.... ..0. .... .... = Truncated: Message is not truncated #截断#
.... ...1 .... .... = Recursion desired: Do query recursively #期望递归#
.... .... 1... .... = Recursion available: Server can do recursive queries #可用递归#
.... .... .0.. .... = Z: reserved (0) #保留#
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0) #响应代码#
Questions: 1 #问题计数#
Answer RRs: 3 #回答计数#
Authority RRs: 5 #域名服务器计数#
Additional RRs: 5 #额外记录计数#
Queries #问题#
www.baidu.com: type A, class IN
Name: www.baidu.com #请求的域名#
Type: A (Host Address) (1) #域名类型#
Class: IN (0x0001) #请求类型#
Answers #回答#
www.baidu.com: type CNAME, class IN, cname www.a.shifen.com
www.a.shifen.com: type A, class IN, addr 119.75.217.109
www.a.shifen.com: type A, class IN, addr 119.75.218.70
Authoritative nameservers #权威名称服务器#
a.shifen.com: type NS, class IN, ns ns2.a.shifen.com
a.shifen.com: type NS, class IN, ns ns4.a.shifen.com
a.shifen.com: type NS, class IN, ns ns1.a.shifen.com
a.shifen.com: type NS, class IN, ns ns3.a.shifen.com
a.shifen.com: type NS, class IN, ns ns5.a.shifen.com
Additional records #附加记录#
ns4.a.shifen.com: type A, class IN, addr 115.239.210.176
ns1.a.shifen.com: type A, class IN, addr 61.135.165.224
ns3.a.shifen.com: type A, class IN, addr 61.135.162.215
ns5.a.shifen.com: type A, class IN, addr 119.75.222.17
ns2.a.shifen.com: type A, class IN, addr 180.149.133.241