sntflyv 的技术博客

Appearance

DNS 协议

  • 发起 DNS 查询 dig blog.sourcedev.cc
  • WireShark 抓包,过滤关键词 dns 即可
  • DNS 服务器默认端口 53

查询

数据包二进制 dump 

0000   4c f0 01 20 00 01 00 00 00 00 00 01 03 77 77 77   L.. .........www
0010   09 73 6f 75 72 63 65 64 65 76 02 63 63 00 00 01   .sourcedev.cc...
0020   00 01 00 00 29 10 00 00 00 00 00 00 00            ....)........

可视化数据结构 

Domain Name System (query)
    Transaction ID: 0x4cf0
    Flags: 0x0120 Standard query
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 1
    Queries
        www.sourcedev.cc: type A, class IN
            Name: www.sourcedev.cc
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Additional records
        <Root>: type OPT
    [Response In: 17]

应答

数据包二进制 dump 

0000   4c f0 81 80 00 01 00 01 00 00 00 00 03 77 77 77   L............www
0010   09 73 6f 75 72 63 65 64 65 76 02 63 63 00 00 01   .sourcedev.cc...
0020   00 01 c0 0c 00 01 00 01 00 00 02 58 00 04 2a c0   ...........X..*.
0030   4e 39                                             N9

可视化数据结构

  • 权威服务器名称只是存了一个数值(数据包 data 所在位置 offset 开始位置),这个操作可以减少数据包的大小
Domain Name System (response)
    Transaction ID: 0x4cf0
    Flags: 0x8180 Standard query response, No error
    Questions: 1
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 0
    Queries
        www.sourcedev.cc: type A, class IN
            Name: www.sourcedev.cc
            [Name Length: 16]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        www.sourcedev.cc: type A, class IN, addr 42.192.78.57
    [Request In: 15]
    [Time: 0.058614000 seconds]

分析 Answers 部分的数据结构 

    Queries
        blog.sourcedev.cc: type A, class IN
            Name: blog.sourcedev.cc
            [Name Length: 17]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        blog.sourcedev.cc: type CNAME, class IN, cname deliangyang.github.io
            Name: blog.sourcedev.cc
            Type: CNAME (Canonical NAME for an alias) (5)
            Class: IN (0x0001)
            Time to live: 509
            Data length: 23
            CNAME: deliangyang.github.io
        deliangyang.github.io: type A, class IN, addr 185.199.108.153
            Name: deliangyang.github.io
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 509
            Data length: 4
            Address: 185.199.108.153
    [Request In: 39]
    [Time: 0.062407000 seconds]
  • 一行是 16 个字节
  • 0xc0 为分隔符
  • Name: deliangyang.github.io0xc0 0x2f 表示,offset 为 47,即第二行倒数第一个位置(16 * 3 - 1 0x0b 0x65 0x65 ...),所以反查到的前一个 name 的位置
0000   a7 28 81 80 00 01 00 05 00 00 00 00 04 62 6c 6f   .(...........blo
0010   67 09 73 6f 75 72 63 65 64 65 76 02 63 63 00 00   g.sourcedev.cc..
0020   01 00 01 c0 0c 00 05 00 01 00 00 01 fd 00 17 0b   ................
0030   64 65 6c 69 61 6e 67 79 61 6e 67 06 67 69 74 68   deliangyang.gith
0040   75 62 02 69 6f 00 c0 2f 00 01 00 01 00 00 01 fd   ub.io../........
0050   00 04 b9 c7 6c 99 c0 2f 00 01 00 01 00 00 01 fd   ....l../........
0060   00 04 b9 c7 6e 99 c0 2f 00 01 00 01 00 00 01 fd   ....n../........
0070   00 04 b9 c7 6f 99 c0 2f 00 01 00 01 00 00 01 fd   ....o../........
0080   00 04 b9 c7 6d 99                                 ....m.