What is the format of the NAME field in the DNS answer section?

Question

The NAME field is not detailed completely in RFC 1035 section 4.1.3.

I want to understand this field (programmatically) for the ANSWER message type and I searched these resources (datasheet) for that.

I have followed:

IETF RFC 2181
www.ccs.neu.edu

Have I missed something?

pseudo code:

QUESTION:

byte[]{
    0x00,0x00,
    0x01,0x00,
    0x00,0x02,
    0x00,0x00,
    0x00,0x00,
    0x00,0x00,
    0x03,0x77,0x77,0x77,
    0x12,0x74,0x68,0x65,0x5f,0x70,0x61,0x63,0x6b,0x65,0x74,0x67,0x65,0x65,0x6b,
    0x03,0x63,0x6f,0x6d,
    0x00,
    0x00,0x01,
    0x00,0x01,
    0x13,0x74,0x74,0x68,0x65,0x5f,0x70,0x61,0x63,0x6b,0x65,0x74,0x67,0x65,0x65,0x6b,
    0x03,0x63,0x6f,0x6d,
    0x00,
    0x00,0x01,
    0x00,0x01
}

ANSWER:

byte[]{
    0x00,0x00,
    0x81,0x80,
    0x00,0x02,
    0x00,0x01,
    0x00,0x00,
    0x00,0x00,
    0x03,0x77,0x77,0x77,
    0x12,0x74,0x68,0x65,0x5f,0x70,0x61,0x63,0x6b,0x65,0x74,0x67,0x65,0x65,0x6b,
    0x03,0x63,0x6f,0x6d,
    0x00,
    0x00,0x01,
    0x00,0x01,
    0x13,0x74,0x74,0x68,0x65,0x5f,0x70,0x61,0x63,0x6b,0x65,0x74,0x67,0x65,0x65,0x6b,
    0x03,0x63,0x6f,0x6d,
    0x00,
    0x00,0x01,
    0x00,0x01,
    0xC0,0x0C, <----- answer start here , i want to understand this value
    0x00,0x00,
    0x00,0x00,0x06,0xcf,
    0x00,0x04,
    0x07,0x00,0x00,0x01

Michael Hampton · Answer 1 · 2016-08-06T22:36:20.847

The NAME part in a DNS answer section is formatted exactly the same as the QNAME part of the DNS question section.

a domain name represented as a sequence of labels, where each label consists of a length octet followed by that number of octets. The domain name terminates with the zero length octet for the null label of the root. Note that this field may be an odd number of octets; no padding is used.

It is also subject to the compression scheme in section 4.1.4, so in a typical DNS response you're most likely to see the full name in the question section, and a pointer to it in the answer section.

The part you explicitly point out in your question is one of these compressed values from section 4.1.4. The high two bits are both set to 1, and the remainder of the value points to the byte in the response which is referred to. In this case byte 12 (0x00c), which appears to be "www.the_nacketgeek.com" (which was the QNAME in the question section).

ho ? it will teach me to read through next time, thank you again I'll have a look at the spécidiée section. — Ephemeral, Aug 06 '16 at 22:33
Thank you very much for your clear and precise explanations and thank you for your time. — Ephemeral, Aug 06 '16 at 22:40

What is the format of the NAME field in the DNS answer section?

1 Answers1