Begin by careful consultation of domain.h. What makes this experiment interesting is the putting together of the request and the parsing of the response which is definitely non-trivial.

Be sure to consult the RFC's listed in the experiment.

We think of a domain name as being broken up by dots, ie, www.calvin.edu, but to form a DNS request for that domain you would actually want the following mysterious looking entity: 0x3 'w' 'w' 'w' 0x6 'c' 'a' 'l' 'v' 'i' 'n' 0x3 'e' 'd' 'u'. This compact notation is telling you that you have 3 letters, they are w, w, and w; then 6 letters, they are c, a, l, v, i, n; then three letters, they are e, d, and u.

The response is also quite interesting. For example, if you try dig, or nslookup, www.cnn.com, you will notice that the answer section includes alias information so you see not only www.cnn.com but also cnn.com. To save space in the response packets the use of pointers is allowed. So suppose you wanted to list cs.calvin.edu and also www.cs.calvin.edu. You could replace the second cs.calvin.edu with a pointer to its first occurence. Suppose the first occurred at 0x07 in the packet. You could use 0x3 'w' 'w' 'w' 0xc0 0x07 . The last two bytes are a pointer. The way it works is that if the size byte begins with two ones, it is a pointer, and if it begins with two zeros, it is a size. A pointer is 16 bits long, the last 14 bits designating the byte to which it points.

Note that section 6.4.1 of RFC 1035 states that "Inverse queries are NOT an acceptable method of mapping host addresses to host names; use the IN-ADDR.ARPA domain instead. Therefore, formulate a packet as before, but change the name in the question field. To do a reverse lookup for 153.106.4.23 do a request for 23.4.106.153.in-addr.arpa and the name will be contained in the answer field.

MX queries are similar except that the query type is DN_QTMX instead of DN_QTPR and the RDATA section contains an extra 16 bit number which is the priority of the server whose name follows.

David Vos, to whom I owe a great debt in providing these notes, reports that he learned how to do this in three ways: first, by reading HON and Computer Networks and Internets; second, by reading RFC's; and third, by sniffing packets. This suggests that we ought to have some DNS packets for your inspection, and that will soon be attended to.

---

This site is maintained by by W. David Laverell of the Computer Science Department at Calvin College.
For assistance or corrections, please contact him at lave@calvin.edu.