DNS ID Hacking -part -3
resume here
1 bit
QR = If the QR bit = 0, it means that the packet is a question,
otherwise it's an answer.
opcode = If the value is 0 for a normal request, 1 for a reserve request,
and 2 for a status request (we don't need to know all these modes).
AA = If it's equal to 1, it says that the name server has an
authoritative answer.
TC = No matter
RD = If this flag is to 1, it means "Recursion Request", for example
when bla.bibi.com asks ns.bibi.com to resolve the name, the flag
tells the DNS to assume this request.
RA = If it's set to 1, it means that recursion is available.
This bit is set to 1 in the answer of the name server if it
supports recursion.
Zero = Here are three zeroes...
rcode = It contains the return error messages for DNS requests
if 0, it means "no error", 3 means "name error"
The 2 following flags don't have any importance for us.
DNS QUESTION:
Here is the format of a DNS question :
+-----------------------------------------------------------------------+
| name of the question |
+-----------------------------------------------------------------------+
| type of question | type of query |
+--------------------------------+--------------------------------------+
The structure of the question is like this.
example:
www.heike.com will be [3|w|w|w|5|h|e|i|k|e|3|c|o|m|0]
for an IP address it's the same thing :)
44.33.88.123.in-addr.arpa would be:
[2|4|4|2|3|3|2|8|8|3|1|2|3|7|i|n|-|a|d|d|r|4|a|r|p|a|0]
[note]: a compression format exists, but we won't use it.
type of question:
Here are the values that we will use most times:
[note]: There are more than 20 types of different values(!) and I'm fed
up with writing :))
name value
A | 1 | IP Address ( resolving a name to an IP )
PTR | 12 | Pointer ( resolving an IP to a name )
type of query:
The values are the same than the type of question
(i don't know if it's true, but the goal is not to learn you DNS protocol
from A to Z, for it you should look at the RFC from 1033 to 1035 and 1037,
here the goal is a global knowledge in order to put it in practice !!)
DNS ANSWER:
The answers have a format that we call RR.. but we don't mind :)
Here is the format of an answer (an RR)
+------------------------------------------------------------------------+
| name of the domain |
+------------------------------------------------------------------------+
| type | class |
+----------------------------------+-------------------------------------+
| TTL (time to live) |
+------------------------------------------------------------------------+
| resource data length | |
|----------------------------+ |
| resource data |
+-------------------------------------------------------------------------
name of the domain:
The name of the domain in reports to the following resource:
The domain name is stored in the same way that the part question for the
resolution request of www.heike.com, the flag "name of the domain" will
contain [3|w|w|w|5|h|e|i|k|e|3|c|o|m|0]
type:
The type flag is the same than "type of query" in the question part of the
packet.
class:
The class flag is equal to 1 for Internet data.
time to live:
This flag explains in seconds the time-life of the informations into the
name server cache.
resource data length:
The length of resource data, for example if resource data length is 4, it
means that the data in resources data are 4 bytes long.
resource data:
here we put the IP for example (at least in our case)
I will offer you a little example that explains this better:
Here is what's happening when ns.bibi.com asks ns.heike.com for
www.heike.com's address
ns.bibi.com:53 ---> [?www.heike.com] ----> ns.heike.com:53 (Phear Heike ;)
+---------------------------------+--------------------------------------+
| ID = 1999 | QR = 0 opcode = 0 RD = 1 |
+---------------------------------+--------------------------------------+
| numbers of questions = htons(1) | numbers of answers = 0 |
+---------------------------------+--------------------------------------+
| number of RR authoritative = 0 | number of supplementary RR = 0 |
+---------------------------------+--------------------------------------+
resume here
1 bit
QR = If the QR bit = 0, it means that the packet is a question,
otherwise it's an answer.
opcode = If the value is 0 for a normal request, 1 for a reserve request,
and 2 for a status request (we don't need to know all these modes).
AA = If it's equal to 1, it says that the name server has an
authoritative answer.
TC = No matter
RD = If this flag is to 1, it means "Recursion Request", for example
when bla.bibi.com asks ns.bibi.com to resolve the name, the flag
tells the DNS to assume this request.
RA = If it's set to 1, it means that recursion is available.
This bit is set to 1 in the answer of the name server if it
supports recursion.
Zero = Here are three zeroes...
rcode = It contains the return error messages for DNS requests
if 0, it means "no error", 3 means "name error"
The 2 following flags don't have any importance for us.
DNS QUESTION:
Here is the format of a DNS question :
+-----------------------------------------------------------------------+
| name of the question |
+-----------------------------------------------------------------------+
| type of question | type of query |
+--------------------------------+--------------------------------------+
The structure of the question is like this.
example:
www.heike.com will be [3|w|w|w|5|h|e|i|k|e|3|c|o|m|0]
for an IP address it's the same thing :)
44.33.88.123.in-addr.arpa would be:
[2|4|4|2|3|3|2|8|8|3|1|2|3|7|i|n|-|a|d|d|r|4|a|r|p|a|0]
[note]: a compression format exists, but we won't use it.
type of question:
Here are the values that we will use most times:
[note]: There are more than 20 types of different values(!) and I'm fed
up with writing :))
name value
A | 1 | IP Address ( resolving a name to an IP )
PTR | 12 | Pointer ( resolving an IP to a name )
type of query:
The values are the same than the type of question
(i don't know if it's true, but the goal is not to learn you DNS protocol
from A to Z, for it you should look at the RFC from 1033 to 1035 and 1037,
here the goal is a global knowledge in order to put it in practice !!)
DNS ANSWER:
The answers have a format that we call RR.. but we don't mind :)
Here is the format of an answer (an RR)
+------------------------------------------------------------------------+
| name of the domain |
+------------------------------------------------------------------------+
| type | class |
+----------------------------------+-------------------------------------+
| TTL (time to live) |
+------------------------------------------------------------------------+
| resource data length | |
|----------------------------+ |
| resource data |
+-------------------------------------------------------------------------
name of the domain:
The name of the domain in reports to the following resource:
The domain name is stored in the same way that the part question for the
resolution request of www.heike.com, the flag "name of the domain" will
contain [3|w|w|w|5|h|e|i|k|e|3|c|o|m|0]
type:
The type flag is the same than "type of query" in the question part of the
packet.
class:
The class flag is equal to 1 for Internet data.
time to live:
This flag explains in seconds the time-life of the informations into the
name server cache.
resource data length:
The length of resource data, for example if resource data length is 4, it
means that the data in resources data are 4 bytes long.
resource data:
here we put the IP for example (at least in our case)
I will offer you a little example that explains this better:
Here is what's happening when ns.bibi.com asks ns.heike.com for
www.heike.com's address
ns.bibi.com:53 ---> [?www.heike.com] ----> ns.heike.com:53 (Phear Heike ;)
+---------------------------------+--------------------------------------+
| ID = 1999 | QR = 0 opcode = 0 RD = 1 |
+---------------------------------+--------------------------------------+
| numbers of questions = htons(1) | numbers of answers = 0 |
+---------------------------------+--------------------------------------+
| number of RR authoritative = 0 | number of supplementary RR = 0 |
+---------------------------------+--------------------------------------+
0 comments:
Post a Comment
mobile here