AMW*_*MWJ 33 domain-name-system tcpip
我已经看到 HTTP 请求的文本表示是什么,但是 DNS 请求是什么样的?您试图定位的 URL 在数据中的哪个位置?另外,响应是如何格式化的?
ngo*_*eff 41
这是来自 Wireshark 的 DNS 查询的原始转储。
DNS 部分以 24 1a 开头:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 3c 51 e3 40 00 40 11 ea cb 7f 00 00 01 7f 00 .<Q.@.@. ........
0020 00 01 ec ed 00 35 00 28 fe 3b 24 1a 01 00 00 01 .....5.( .;$.....
0030 00 00 00 00 00 00 03 77 77 77 06 67 6f 6f 67 6c .......w ww.googl
0040 65 03 63 6f 6d 00 00 01 00 01 e.com... ..
这是细分:
Domain Name System (query)
[Response In: 1852]
Transaction ID: 0x241a
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
www.google.com: type A, class IN
Name: www.google.com
Type: A (Host address)
Class: IN (0x0001)
响应再次从 24 1a 开始:
0000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 ........ ......E.
0010 00 7a 00 00 40 00 40 11 3c 71 7f 00 00 01 7f 00 .z..@.@. <q......
0020 00 01 00 35 ec ed 00 66 fe 79 24 1a 81 80 00 01 ...5...f .y$.....
0030 00 03 00 00 00 00 03 77 77 77 06 67 6f 6f 67 6c .......w ww.googl
0040 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 e.com... ........
0050 00 05 28 39 00 12 03 77 77 77 01 6c 06 67 6f 6f ..(9...w ww.l.goo
0060 67 6c 65 03 63 6f 6d 00 c0 2c 00 01 00 01 00 00 gle.com. .,......
0070 00 e3 00 04 42 f9 59 63 c0 2c 00 01 00 01 00 00 ....B.Yc .,......
0080 00 e3 00 04 42 f9 59 68 ....B.Yh
分解:
Domain Name System (response)
[Request In: 1851]
[Time: 0.000125000 seconds]
Transaction ID: 0x241a
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 3
Authority RRs: 0
Additional RRs: 0
Queries
www.google.com: type A, class IN
Name: www.google.com
Type: A (Host address)
Class: IN (0x0001)
Answers
www.google.com: type CNAME, class IN, cname www.l.google.com
Name: www.google.com
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 3 days, 21 hours, 52 minutes, 57 seconds
Data length: 18
Primary name: www.l.google.com
www.l.google.com: type A, class IN, addr 66.249.89.99
Name: www.l.google.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 3 minutes, 47 seconds
Data length: 4
Addr: 66.249.89.99
www.l.google.com: type A, class IN, addr 66.249.89.104
Name: www.l.google.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 3 minutes, 47 seconds
Data length: 4
Addr: 66.249.89.104
编辑:
请注意,如果您真正的问题是“如何编写 DNS 服务器?”,那么有两个合适的答案:
编辑(2):
请求是host在 linux 机器上发送的:
host www.google.com
如果您使用的是 Windows,则可以使用 nslookup
nslookup www.google.com
最好使用协议分析器查看 DNS 查询和响应 - Wireshark是一个很好的跨平台工具,可以捕获请求和响应并将其解构为各个部分。Firewall.cx 中对 DNS 请求和响应的结构有一个很好的介绍。
DNS 请求包含指定名称(或可能有点任意的文本字段)和记录类型的问题 - 响应的内容将因类型而异。大多数请求是对服务器名称的简单直接查找,寻找响应中的 ip 地址(类型 A),但有些请求会寻找有关名称服务器本身(类型 NS)、邮件记录(类型 MX)和其他服务(类型)的更多信息将返回名称、端口、权重和优先级的 SRV)。DNS 响应包含这些问题的答案,如果请求需要,可能不止一个,而且并不总是只是 ip 地址。
另一个澄清 - DNS 不解析 URL - 在涉及 URL 的大多数场景中,DNS 仅用于使客户端系统能够找到 URL 的服务器部分的 ip 地址,其他一切都由其他协议处理。
| 归档时间: |
|
| 查看次数: |
76587 次 |
| 最近记录: |