DNS Tunnel Introduction
Introduction to DNS protocol
Domain Name System (DNS) is a service of the Internet. As a distributed database that maps domain names and IP addresses to each other, it can make people access the Internet more conveniently. DNS uses TCP and UDP port 53. Currently, the limit on the length of each level of domain name is 63 characters, and the total length of the domain name cannot exceed 253 characters. The DNS protocol is used to convert domain names into IP addresses. In addition to providing host name to IP address conversion, DNS also provides the following services: host aliases, mail server aliases, load distribution, etc.
DNS message format
DNS defines two types of messages, one is the query message; the other is the response to the query message, called the response message. Whether it is a query message or a response message
ID: A 16-bit identifier assigned by the program that generates the DNS query. This identifier is also used in subsequent response messages. The applicant uses this identifier to match the response with the original request.
Flags: flag bits, mark query/response, query type, truncation, recursive query, etc.
type: DNS record type, commonly used ones are:
- A: A record, pointing to an alias or IP address
- NS: Parse server records
- MX: Mail exchange record
- CNAME: alias
- AAAA: IPv6 address resolution
- txt: Description set for a certain host name or domain name
- PTR: Pointer record, PTR record is the reverse record of A record