{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.xiaopingtou.cn//data/attach/topic/topicKPo7gB.jpg', '推荐 阿布格 的文章《DNS数据包模拟与分析》','https://www.xiaopingtou.net/article-56045.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
目录
一、 域名的命名规则
二、 域名请求数据包分析
1、通过网络调试助手发送构建的DNS数据包到DNS服务器
2、wireshark抓包分析
可以参考如下分析:https://blog.csdn.net/zjli321/article/details/74068393
三、www.hao123.com 发送DNS数据测试
DNS(Domain Name System,域名系统),通过主机名, 得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。DNS运行在UDP协议之上,使用端口号53。在RFC文档中RFC 2181对DNS有规范说明,RFC 2136对DNS的动态更新进行说明,RFC 2308对DNS查询的反向缓存进行说明。
26个英文字母
“0,1,2,3,4,5,6,7,8,9”十个数字
“.”(英文中的连词号)
2、 字符组合规则
在域名中,不区分英文字母的大小写
对于一个域名的长度是有一定限制的 域名例子:www.baidu.com
gd.122.gov.cn
www.chinaedu.edu.cn
www.zephyrproject.org
a、 发送dns请求查询www.baidu.com的IP地址:14.215.177.39
Dns请求包的内容如下:
2f 1f 01 00 00 01 00 00 00 00 00 00
03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00
00 01 00 01
各个字段内容如下:
Transaction ID: 0x2f1f(2byte)
Flags: 0x0100 (2byte)
Questions: 1 (2byte)
Answer RRs: 0 (2byte)
Authority RRs: 0(2byte)
Additional RRs: 0(2byte)
Queries
Name: www.baidu.com (对应03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00)
Type: A (Host Address) (1) (2byte)
Class: IN (0x0001) (2byte) Dns信息中大部分项的长度都是确定的,唯一就是Queries中Name
的长度是不定的,
Name的编码如下:Name:www.baidu.com (对应03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00)
其中”.”作为分割符,如上面:www(对应03 77 77 77)表示这
一段长度为3,后面就是3个字符码,后面的各段都是一样方式,只
是在最后放置00表示结束。
b、收到的DNS回应包
Dns应答包的内容如下:
2f 1f 81 80 00 01 00 03 00 00 00 00
03 77 77 77 05 62 61 69 64 75 03 63 6f 6d 00 00 01 00 01
c0 0c 00 05 00 01 00 00 02 15 00 0f 03 77 77 77 01 61 06 73 68 69 66 65 6e c0 16
c0 2b 00 01 00 01 00 00 01 2c 00 04 0e d7 b1 27
c0 2b 00 01 00 01 00 00 01 2c 00 04 0e d7 b1 26
各个字段内容如下:
Domain Name System (response)
[Request In: 8]
[Time: 0.221612000 seconds]
Transaction ID: 0x2f1f
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 3
Authority RRs: 0
Additional RRs: 0
Queries
www.baidu.com: type A, class IN
Name: www.baidu.com (03 77 77 77 05 62 61 69 64 75 03 63 6f 6d 00 00 01 00 01 )
[Name Length: 13]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
www.baidu.com: type CNAME, class IN, cname www.a.shifen.com ( 03 77 77 77 01 61 06 73 68 69 66 65 6e c0 16 )
Name: www.baidu.com
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 533
Data length: 15
CNAME: www.a.shifen.com
www.a.shifen.com: type A, class IN, addr 14.215.177.39
Name: www.a.shifen.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 300
Data length: 4
Address: 14.215.177.39 (0e d7 b1 27)
www.a.shifen.com: type A, class IN, addr 14.215.177.38
Name: www.a.shifen.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 300
Data length: 4
Address: 14.215.177.38 上面数据包中各个字段对应关系都是比较明确的。可以参考如下分析:
Domain Name System (response)
[Request In: 411]
[Time: 0.152744000 seconds]
Transaction ID: 0x2f1f
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 0
Queries
www.hao123.com: type A, class IN
Name: www.hao123.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
www.hao123.com: type CNAME, class IN, cname hao123.n.shifen.com
Name: www.hao123.com
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 153
Data length: 18
CNAME: hao123.n.shifen.com
hao123.n.shifen.com: type A, class IN, addr 180.149.132.3
Name: hao123.n.shifen.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 285
Data length: 4
Address: 180.149.132.3
DNS(Domain Name System,域名系统),通过主机名, 得到该主机名对应的IP地址的过程叫做域名解析(或主机名解析)。DNS运行在UDP协议之上,使用端口号53。在RFC文档中RFC 2181对DNS有规范说明,RFC 2136对DNS的动态更新进行说明,RFC 2308对DNS查询的反向缓存进行说明。
一、 域名的命名规则
1、 只能包含的字符26个英文字母
“0,1,2,3,4,5,6,7,8,9”十个数字
“.”(英文中的连词号)
2、 字符组合规则
在域名中,不区分英文字母的大小写
对于一个域名的长度是有一定限制的 域名例子:www.baidu.com
gd.122.gov.cn
www.chinaedu.edu.cn
www.zephyrproject.org
二、 域名请求数据包分析
1、通过网络调试助手发送构建的DNS数据包到DNS服务器
2f 1f 01 00 00 01 00 00 00 00 00 00 03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00 00 01 00 01
2、wireshark抓包分析
a、 发送dns请求查询www.baidu.com的IP地址:14.215.177.39
Dns请求包的内容如下:
2f 1f 01 00 00 01 00 00 00 00 00 00
03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00
00 01 00 01
各个字段内容如下: Transaction ID: 0x2f1f(2byte)
Flags: 0x0100 (2byte)
Questions: 1 (2byte)
Answer RRs: 0 (2byte)
Authority RRs: 0(2byte)
Additional RRs: 0(2byte)
Queries
Name: www.baidu.com (对应03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00)
Type: A (Host Address) (1) (2byte)
Class: IN (0x0001) (2byte) Dns信息中大部分项的长度都是确定的,唯一就是Queries中Name
的长度是不定的,
Name的编码如下:Name:www.baidu.com (对应03 77 77 77 05 62 61 69 64 75 03 63 6F 6D 00)
其中”.”作为分割符,如上面:www(对应03 77 77 77)表示这
一段长度为3,后面就是3个字符码,后面的各段都是一样方式,只
是在最后放置00表示结束。
b、收到的DNS回应包
Dns应答包的内容如下:
2f 1f 81 80 00 01 00 03 00 00 00 00
03 77 77 77 05 62 61 69 64 75 03 63 6f 6d 00 00 01 00 01
c0 0c 00 05 00 01 00 00 02 15 00 0f 03 77 77 77 01 61 06 73 68 69 66 65 6e c0 16
c0 2b 00 01 00 01 00 00 01 2c 00 04 0e d7 b1 27
c0 2b 00 01 00 01 00 00 01 2c 00 04 0e d7 b1 26
各个字段内容如下:
Domain Name System (response)[Request In: 8]
[Time: 0.221612000 seconds]
Transaction ID: 0x2f1f
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 3
Authority RRs: 0
Additional RRs: 0
Queries
www.baidu.com: type A, class IN
Name: www.baidu.com (03 77 77 77 05 62 61 69 64 75 03 63 6f 6d 00 00 01 00 01 )
[Name Length: 13]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
www.baidu.com: type CNAME, class IN, cname www.a.shifen.com ( 03 77 77 77 01 61 06 73 68 69 66 65 6e c0 16 )
Name: www.baidu.com
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 533
Data length: 15
CNAME: www.a.shifen.com
www.a.shifen.com: type A, class IN, addr 14.215.177.39
Name: www.a.shifen.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 300
Data length: 4
Address: 14.215.177.39 (0e d7 b1 27)
www.a.shifen.com: type A, class IN, addr 14.215.177.38
Name: www.a.shifen.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 300
Data length: 4
Address: 14.215.177.38 上面数据包中各个字段对应关系都是比较明确的。
可以参考如下分析:
https://blog.csdn.net/zjli321/article/details/74068393
三、www.hao123.com 发送DNS数据测试
发包:2f 1f 01 00 00 01 00 00 00 00 00 00 03 77 77 77 06 68 61 6F 31 32 33 03 63 6F 6D 00 00 01 00 01 回应包:2f 1f 81 80 00 01 00 02 00 00 00 00 03 77 77 77 06 68 61 6f 31 32 33 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 00 99 00 12 06 68 61 6f 31 32 33 01 6e 06 73 68 69 66 65 6e c0 17 c0 2c 00 01 00 01 00 00 01 1d 00 04 b4 95 84 03
Domain Name System (response)[Request In: 411]
[Time: 0.152744000 seconds]
Transaction ID: 0x2f1f
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 0
Queries
www.hao123.com: type A, class IN
Name: www.hao123.com
[Name Length: 14]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Answers
www.hao123.com: type CNAME, class IN, cname hao123.n.shifen.com
Name: www.hao123.com
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 153
Data length: 18
CNAME: hao123.n.shifen.com
hao123.n.shifen.com: type A, class IN, addr 180.149.132.3
Name: hao123.n.shifen.com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 285
Data length: 4
Address: 180.149.132.3