-1

I got a DNS internal query log file and I would like to do analysis on it, so onw record looks like this:

18-Jun-2017 04:00:10.139 client @XXXXXXXXXXXX ip-address#number (ip-address): view internal: query: ip-address IN AAAA + (ip-address in the format of ipv4)

I am really new to this so I tried to search on line but I couldn't find what does the "+" mean in the record, and as far as I understand, AAAA should represent the ipv6 ip format, why I got a following ipv4 address following it ?

Can some one explain it to me what does this record means or some links I could read myself ?

Many thanks !!

starry1990
  • 121
  • 1
  • 6

1 Answers1

0

You're right AAAA (or the quad record) is for IPV6 addresses. The IPV6 addressing scheme allows for trailing or leading zeros to be omitted, so an IPV4 address of 192.169.1.1 may be represented as 00:00:00:00:C0:A8:01:01 which without the leading zeros is C0:A8:01:01 or 192.168.1.1 if your text editor converts Hex to Decimal.

arsh chauhan
  • 57
  • 5
  • Hi Arsh, so you are saying that actually the "IPv4 address" following the + sign is actually a formatted Ipv6 address ? and what does the "+" sign mean ? I couldn't find it anywhere online – starry1990 Jun 20 '17 at 14:43
  • Yes, the address following the + is an IPV4 address that is formatted as as IPV6 address with leading zeros. I guess the reason that is happening is because the domain owner set an AAAA record which is actually an IPV4 address. I don't have a solid answer for the + sign but I would guess it's just a formatting thing for the log file – arsh chauhan Jun 20 '17 at 14:47