DNS analysis (on)
DNS (Domain Name Server) is a domain name server that is worked in the network to convert a domain name to an IP address. This technology is used in many programming, which is to use domain name resolution. This article will explain this technology.
With the DNS server, you can query a lot of addresses, such as Mail server addresses, FTP servers, etc., I am here as an example, and implement in Java.
---------------------
| Header |
---------------------
Question |
---------------------
| Answer |
---------------------
| Authority |
---------------------
| Additional |
---------------------
This table is copied from the RFC1035 document, and the format of the DNS package is rendered.
HEADER
0 1 2 3 4 5 6 7 8 9 A b C D e f
- - - - - - -
| ID |
- - - - - - -
| Qr | opcode | AA | TC | RD | RA | Z | RCODE |
- - - - - - -
| QDCOUNT |
- - - - - - -
| Ancount |
- - - - - - -
| Nscount |
- - - - - - -
| Arcount |
- - - - - - - this It is also copied from the RFC document, but I changed its head number to 16.
ID: 16 bits of a flag to verify the matching of requests and reply messages. A 16-bit random number is generated on the utility.
QR: 1 bit data indicates that this is a request, or a reply (0 is requested, 1 is recovered).
OpCode: 4 digits represent the type of query.
0 basic look
1 reverse lookup
2 query server situation
3-15 reserved
RD: (Recursion Desired) is in a recursive method, RD = 1 is recursive. RA: (Recursion Available) Indicates whether the server supports recursive mode, which is only valid in the reply. QDCount: 16-bit data indicates the number of questions to query. Ancount: 16-bit data indicates the number of responses, which is only valid in the reply. See the RFC documentation, here we use these and set other parameters to 0.
Question
0 1 2 3 4 5 6 7 8 9 A b C D e f - - - - - - - - - - | | / QNAME / / / - - - - - - - | Qtype | - - - - - - - - - - - - - - | QCLASS | - - - - - - - - - - - -
QNAME: Requires the domain name address of the query. For example, there is such an email address xxx@163.net, we extract it out of the address behind, 163.net. Then change it into such a sequence, 31633NET0, that is, in the field, and with respective character numbers as a prefix, and finally end QTYPE: 2 digits in 0 indicates the query type. A 1 a host addressNS 2 an authoritative name serverMD 3 a mail destination (Obsolete - use MX) MF 4 a mail forwarder (Obsolete - use MX) CNAME 5 the canonical name for an aliasSOA 6 marks the start of a zone of authorityMB 7 a mailbox domain name (EXPERIMENTALMG 8 a mail group member (EXPERIMENTAL) MR 9 a mail rename domain name (EXPERIMENTAL) nULL 10 a null RR (EXPERIMENTAL) WKS 11 a well known service descriptionPTR 12 a domain name pointerHINFO 13 host informationMINFO 14 mailbox or mail List InformationMX 15 Mail ExchangeTxt 16 Text Strings This is a variety of types listed in the RFC document, we use MX here, qtype = 15.qClass: 2 data represents query mode. in 1 the Internet CSNET Class Obsolete - Used Only for Examples in Some Obsolete RFCS) CH 3 The Chaos Class HS 4 Hesiod [DYER 87] This is a variety of classes listed in the RFC document, we are here with IN, ie qclass = 15.
The original code implemented by Java is used below:
Note: DNSTOOL.INTTOBYTES (int, int) is a combination of integers to several 8-digit combinations. DNSTOOL.STRINGTOBYTES (STRING) is the format that converts a string to qname needs and returns in the format of byte [].
Class DNSHeader {
Private int id; private int flags = 0; private bote [] Head = new byte [] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; / ** Creates New DNSHEADER * / PUBLIC DNSHEADER () {setId (); setFlags (Flags); setanswer (false); // does not an affining setRecurseDesired (TRUE);}
Private void setid () {byte [] TMP = new byte [2]; id = new random (). nextint (10); tmp = dnstool.inttobytes (ID, 2); head [0] = TMP [0]; Head [1] = TMP [1];} public int getId () {return this.id;} private void setflags (int flag) {byte [] tmp = new byte [2]; tmp = dnstool.inttobytes (id, 2); Head [2] = TMP [0]; Head [3] = TMP [1];} public void setanswer {head [2] = Isanswer? (Byte) (Head [2] | 0x80) : (Byte) (Head [2] & 0x7f); PUBLIC VOID SETRECURSIONDESIRED (Boolean IsrecursiionDesired) {head [2] = isrecursionDesired? ((byte) (Head [2] | 0x1)): (Byte) (Head [2 ] & 0xfe));} public void setqdcount (int Num) // set the number of questions {byte [] TMP = new byte [2]; tmp = dnstool.inttobytes (Num, 2); head [4] = TMP [0]; Head [5] = TMP [1];
Public Byte [] getBytes () {return head;}}
Class Question {
private byte [] question; private int QuestionLength; / ** Creates new Question * / public Question (String questionLabel, int questionType, int questionClass) {byte [] transName = DnsTool.StringToBytes (questionLabel); byte [] ty = DnsTool. IntToBytes (questionType, 2); byte [] cl = DnsTool.IntToBytes (questionClass, 2); QuestionLength = 0; // transfer the QuestionLabel to the bytes question = new byte [transName.length 4]; System.arraycopy (transName , 0, question, QuestionLength, transName.length); QuestionLength = transName.length; // transfer the type to the bytes System.arraycopy (ty, 0, question, QuestionLength, ty.length); QuestionLength = ty.length; / / Transfer the Class to the bytes System.Arraycopy (Cl, 0, Question, QuestionLength, Cl.length); QuestionLength = Cl.length;} public byte [] getBytes () {Return Question;}} And the Question's data to query, then you will become D as long as you combine them together. The NS package, then just send it out, the following program implements this feature. Description: DNSSERVER: is the address of the DNS server. DNSPORT: The port of the DNS server, that is, 53. DNSQUERY: This is the data of Header and Question.
DatagramPacket ID_Packet; DatagramSocket ID_Socket; byte [] query = DnsQuery.getBytes (); int i; try {ID_Packet = new DatagramPacket (query, query.length, InetAddress.getByName (DNSSERVER), Constant.DNSPORT); ID_Socket = new DatagramSocket ( ); // send query id_socket.send (id_packet); // close socket ID_socket.close ();} catch (ion (ion (ion (}Exception e) {system.out.println (e); return null;}} Only DNS Query packages, the next article will tell the return package of DNS. The article is inevitable, please do more guidance craks@263.net