DNS has two types of messages: query and response. Both types have the same format. The query message consists of a header and question records; the response message consists of a header, question records, answer records, authoritative records, and additional records (see Figure4).

Header:

Both query and response messages have the same header format with some fields set to zero for the query messages. The header is 12 bytes and its format is shown in Figure5.

The header fields are as follows:

Fig5: Header format

Identification: This is a 16-bit field used by the client to match the response with the query. The client uses a different identification number each time it sends a query. The server duplicates this number in the corresponding response.

Flags: This is a 16-bit field consisting of the subfields shown in Figure6.

A brief description of each flag subfield follows.

a. QR (query/response): This is a 1-bit subfield that defines the type of message. If it is 0, the message is a query. If it is 1, the message is a response.

b. OpCode: This is a 4-bit subfield that defines the type of query or response (0 if standard, 1 if inverse, and 2 if a server status request).

c. AA (authoritative answer): This is a 1-bit subfield. When it is set (value of 1)it means that the name server is an authoritative server. It is used only in a response message.

d. TC (truncated): This is a 1-bit subfield. When it is set (value of 1), it means that the response was more than 512 bytes and truncated to 512. It is used when DNS uses the services of UDP (see Section 19.8 on Encapsulation).

e. RD (recursion desired): This is a 1-bit subfield. When it is set (value of 1) it means the client desires a recursive answer. It is set in the query message and repeated in the response message.

f. RA (recursion available): This is a 1-bit subfield. When it is set in the response, it means that a recursive response is available. It is set only in the response message.

g. Reserved: This is a 3-bit subfield set to 000.

h. rCode: This is a 4-bit field that shows the status of the error in the response.

Question Section:

This is a section consisting of one or more question records. It is present on both query and response messages.

Answer Section:

This is a section consisting of one or more resource records. It is present only on response messages. This section includes the answer from the server to the client (resolver).

Authoritative Section:

This is a section consisting of one or more resource records. It is present only on response messages. This section gives information (domain name) about one or more authoritative servers for the query.

Additional Information Section:

This is a section consisting of one or more resource records. It is present only on response messages. This section provides additional information that may help the resolver.