DNS Records and Messages

DNS Records and Messages

The DNS servers that collectively implement the DNS distributed database store resource records (RRs), including RRs that provide hostname-to-IP address mappings. Each DNS reply message carries one or more resource records. In this and the following subsection, we provide a brief overview of DNS resource records and messages; more details can be found in [Abitz 1993] or in the DNS RFCs [RFC 1034; RFC 1035].

A resource record is a four-tuple that contain the following fields:

(Name, Value, Type, TTL)

TTL is the time to live of the resource record; it determines when a resource should be removed from a cache. In the example records given below, we ignore the TTL field. The meaning of Name and Value depend on Type:

●  If Type=A, then Name is a hostname and Value is the IP address for the hostname. Hence, a Type A record provides the standard hostname-to-IP address mapping. As an example, (relay1.bar.foo.com,, A) is a Type A record.

●  If Type=NS, then Name is a domain (such as foo.com) and Value is the hostname of an authoritative DNS server that knows how to get the IP address for hosts in the domain. This record is used to route DNS queries further along in the query chain. As an example, (foo.com,  dns.foo.com,  NS) is a Type NS record.

If Type=CNAME, then Value is a canonical hostname for the alias hostname Name. This record can provide querying hosts the canonical name for a hostname. As an example, (foo.com,  relay1.bar.foo.com,  CNAME) is a CNAME record.

●  If Type=MX, then Value is the canonical name of a mail server that has an alias hostname Name. As an example, (foo.com.  mail.bar.fooo.com,  MX) is an MX record. MX records allow the hostnames of mail servers to have simple aliases. Note that by using the MX record, a company can have the same aliased name for its mail server and for one of its other servers (such as its Web server). To get the canonical name for the mail server, a DNS client would query for an MX record; to get the canonical name for the other server, the DNS client would query for the CNAME record.

If a DNS server is authoritative for a specific hostname, then the DNS server will include a Type A record for the hostname. (Even if the DNS server is not authoritative, it may include a Type A record in its cache). lf a server is not authoritative for a hostname, then the server will contain a Type NS record for the domain that includes the hostname; it will also include a Type A record that provides the IP address of the DNS server in the Value field of the NS record. As an example, assume an edu TLD server is not authoritative for the host gaia.cs.umass.edu. Then this server will include a record for a domain that contains the host gaia.cs.umass.edu, for instance, (umass.edu, dns.umass.edu,  NS ). The edu TLD server would also include a Type A record, which maps the DNS server dns.umass.edu to an IP address, for instance, (dns.umass.edu,,  A).

DNS Messages

Earlier in this section we referred to DNS query and reply messages. These are the only two kinds of DNS messages. Moreover, both query and reply messages have the same format, as shown in Figure 1. The semantics of the several fields in a DNS message are as follows:

●  The first 12 bytes is the header section, which has a number of fields. The first field is a 16-bit number that identifies the query. This identifier is copied into the reply message to a query, allowing the client to match received replies with sent queries. There are many flags in the flag field. A 1-bit query/reply flag shows whether the message is a query (0) or a reply (1). A 1-bit authoritative flag is set in a reply message when a DNS server is an authoritative server for a queried name. A 1-bit recursion-desired flag is set when a client (host or DNS server) desires that the DNS server execute recursion when it doesn't have the record. A 1-bit recursion-available field is set in a reply if the DNS server supports recursion. In the header, there are also four number-of fields.

DNS message format

These fields show the number of occurrences of the four types of data sections that follow the header.

●  The question section includes information about the query that is being made. This section contains (1) a name field that includes the name that is being queried, and (2) a type field that shows the type of question being asked about the name - for instance, a host address associated with a name (Type A) or the mail server for a name (Type MX).

●  In a reply from a DNS server, the answer section includes the resource records for the name that was initially queried. Remember that in each resource record there is the Type (for instance, A, NS, CNAME, and MX), the Value, and the TTL. A reply can return multiple RRs in the answer, since a hostname can have multiple IP addresses (for example, for replicated Web servers, as discussed earlier in this section).

●  The authority section includes records of other authoritative servers.

●  The additional section includes other helpful records. For instance, the answer field in a reply to an MX query includes a resource record providing the canonical hostname of a mail server. The additional section includes a Type A record providing the IP address for the canonical hostname of the mail server.

How would you like to send a DNS query message directly from the host you're working on to some DNS server? This can easily be done with the nslookup program, which is available from most Windows and UNIX platforms. For instance, from a Windows host, open the Command Prompt and invoke the nslookup program by simply typing "nslookup". After invoking nslookup, you can send a DNS query to any DNS server (root, TLD, or authoritative). After receiving the reply message from the DNS server, nslookup will display the records contained in the reply (in a human-readable format). As an alternative to running nslookup from your own host, you can visit one of many Web sites that allow you to remotely utilize nslookup. (Just type "nslookup" into a search engine and youll be brought to one of these sites).


resource records, dns servers, hostname, dns messages, mail server, nslookup program

Copy Right

The contents available on this website are copyrighted by TechPlus unless otherwise indicated. All rights are reserved by TechPlus, and content may not be reproduced, published, or transferred in any form or by any means, except with the prior written permission of TechPlus.