Metadata for the Message
struct.
RFC 1035, DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION, November 1987
4.1.1. Header section format
The header contains the following fields
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| Opcode |AA|TC|RD|RA|ZZ|AD|CD| RCODE | /// AD and CD from RFC4035
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT / ZCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT / PRCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT / UPCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT / ADCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where
Z Reserved for future use. Must be zero in all queries
and responses.
A default Header, not very useful.
Length of the header, always 12 bytes
Sets the id of the message, for queries this shoudl be random.
Sets the message type, Queries and Updates both use Query.
Set the operation code for the message
From the server is specifies that it is an authoritative reqponse.
Specifies that the records were too large for the payload.
See EDNS or TCP for resolutions to truncation.
Specify that the resolver should recursiviley request data from upstream DNS nodes
Specifies that recursion is available from this or the remote resolver
Specifies that the data is authnetic, i.e. the resolver believes all data to be valid through DNSSec
Used during recursive resolution to specified if a resolver should or should not validate DNSSec signatures
The low responsed code (original response codes before EDNS extensions)
Number or query records in the message
Number of answer records in the message
Number of name server records in the message
Number of additional records in the message
ID A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied
the corresponding reply and can be used by the requester
to match up replies to outstanding queries.
QR A one bit field that specifies whether this message is a
query (0), or a response (1).
OPCODE A four bit field that specifies kind of query in this
message. This value is set by the originator of a query
and copied into the response. The values are: <see super::op_code>
AA Authoritative Answer - this bit is valid in responses,
and specifies that the responding name server is an
authority for the domain name in question section.
Note that the contents of the answer section may have
multiple owner names because of aliases. The AA bit
corresponds to the name which matches the query name, or
the first owner name in the answer section.
TC TrunCation - specifies that this message was truncated
due to length greater than that permitted on the
transmission channel.
RD Recursion Desired - this bit may be set in a query and
is copied into the response. If RD is set, it directs
the name server to pursue the query recursively.
Recursive query support is optional.
RA Recursion Available - this be is set or cleared in a
response, and denotes whether recursive query support is
available in the name server.
RFC 4035, DNSSEC Resource Records, March 2005
3.1.6. The AD and CD Bits in an Authoritative Response
The CD and AD bits are designed for use in communication between
security-aware resolvers and security-aware recursive name servers.
These bits are for the most part not relevant to query processing by
security-aware authoritative name servers.
A security-aware name server does not perform signature validation
for authoritative data during query processing, even when the CD bit
is clear. A security-aware name server SHOULD clear the CD bit when
composing an authoritative response.
A security-aware name server MUST NOT set the AD bit in a response
unless the name server considers all RRsets in the Answer and
Authority sections of the response to be authentic. A security-aware
name server's local policy MAY consider data from an authoritative
zone to be authentic without further validation. However, the name
server MUST NOT do so unless the name server obtained the
authoritative zone via secure means (such as a secure zone transfer
mechanism) and MUST NOT do so unless this behavior has been
configured explicitly.
A security-aware name server that supports recursion MUST follow the
rules for the CD and AD bits given in Section 3.2 when generating a
response that involves data obtained via recursion.
RCODE Response code - this 4 bit field is set as part of
responses. The values have the following
interpretation: <see super::response_code>
QDCOUNT an unsigned 16 bit integer specifying the number of
entries in the question section.
If this is a query, this will return the number of queries in the query section of the
ANCOUNT an unsigned 16 bit integer specifying the number of
resource records in the answer section.
For query responses this is the number of records in the answer section, should be 0 for
requests, for updates this is the count of prerequisite records.
for queries this is the nameservers which are authorities for the SOA of the Record
for updates this is the update record count
NSCOUNT an unsigned 16 bit integer specifying the number of name
server resource records in the authority records
section.
For query responses this is the number of authorities, or nameservers, in the name server
section, for updates this is the number of update records being sent.
ARCOUNT an unsigned 16 bit integer specifying the number of
resource records in the additional records section.
This is the additional record section count, this section may include EDNS options.