I have seen what the text representation of an HTTP request is, but what does a DNS request look like? Where in the data is the location of the URL you are trying to locate? Also, how is the response formatted?
103 3 3 bronze badges asked Aug 22, 2010 at 6:24 393 1 1 gold badge 4 4 silver badges 6 6 bronze badgesYour best bet would be to download wireshark and capture the packets you that you can get a full picture of what happens when a DNS request is made.
Commented Aug 22, 2010 at 6:51 seems like a homework question Commented Aug 22, 2010 at 7:35@mydenny - no, the best bet would be to do that with a copy of RFC1035 to hand. Wireshark won't give you the "full" picture, it can only ever show you what the particular packets you've seen look like.
Commented Aug 23, 2010 at 9:00@Jim-It's not @mrdenny-I have used Wireshark and don't know how the raw request translates into what I am sending.
Commented Aug 31, 2010 at 20:58This is a raw dump from Wireshark of a DNS query.
The DNS part starts with 24 1a:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 . . E. 0010 00 3c 51 e3 40 00 40 11 ea cb 7f 00 00 01 7f 00 . And here is the breakdown:
Domain Name System (query) [Response In: 1852] Transaction ID: 0x241a Flags: 0x0100 (Standard query) 0. . . . = Response: Message is a query .000 0. . . = Opcode: Standard query (0) . ..0. . . = Truncated: Message is not truncated . . 1 . . = Recursion desired: Do query recursively . . .0.. . = Z: reserved (0) . . . 0 . = Non-authenticated data OK: Non-authenticated data is unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com Type: A (Host address) Class: IN (0x0001) And the response, again starting at 24 1a:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 . . E. 0010 00 7a 00 00 40 00 40 11 3c 71 7f 00 00 01 7f 00 .z..@.@. Domain Name System (response) [Request In: 1851] [Time: 0.000125000 seconds] Transaction ID: 0x241a Flags: 0x8180 (Standard query response, No error) 1. . . . = Response: Message is a response .000 0. . . = Opcode: Standard query (0) . .0.. . . = Authoritative: Server is not an authority for domain . ..0. . . = Truncated: Message is not truncated . . 1 . . = Recursion desired: Do query recursively . . 1. . = Recursion available: Server can do recursive queries . . .0.. . = Z: reserved (0) . . ..0. . = Answer authenticated: Answer/authority portion was not authenticated by the server . . . 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 3 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com Type: A (Host address) Class: IN (0x0001) Answers www.google.com: type CNAME, class IN, cname www.l.google.com Name: www.google.com Type: CNAME (Canonical name for an alias) Class: IN (0x0001) Time to live: 3 days, 21 hours, 52 minutes, 57 seconds Data length: 18 Primary name: www.l.google.com www.l.google.com: type A, class IN, addr 66.249.89.99 Name: www.l.google.com Type: A (Host address) Class: IN (0x0001) Time to live: 3 minutes, 47 seconds Data length: 4 Addr: 66.249.89.99 www.l.google.com: type A, class IN, addr 66.249.89.104 Name: www.l.google.com Type: A (Host address) Class: IN (0x0001) Time to live: 3 minutes, 47 seconds Data length: 4 Addr: 66.249.89.104 Note that if your real question is "how do I write a DNS server?", then there are two appropriate answers:
The request was sent using host on a linux box:
host www.google.com If you are on Windows, you can use nslookup
nslookup www.google.com