Query to DNS server and response that NNS client receives are not so user friendly as for SMTP or FTP.
DNS query and response formats presented in RFC-1035.
For example A type query to DNS sever to get IP addresses of cnn.com domain in byte-by-byte hex dump looks like:
000000 02 01 00 00 01 00 00 00 00 00 00 03 63 6E 6E ………….cnn 001003 63 6F 6D 00 00 01 00 01 .com….. |
The response which DNS client receives is:
0000 00 02 81 80 00 01 00 04 00 00 00 00 03 63 6E 6E ………….cnn 0010 03 63 6F 6D 00 00 01 00 01 C0 0C 00 01 00 01 00 .com………… 0020 00 00 0E 00 04 97 65 C1 43 C0 0C 00 01 00 01 00 ……e.C……. 0030 00 00 0E 00 04 97 65 81 43 C0 0C 00 01 00 01 00 ……e.C……. 0040 00 00 0E 00 04 97 65 01 43 C0 0C 00 01 00 01 00 ……e.C……. 0050 00 00 0E 00 04 97 65 41 43 ……eAC |
After appropriate parsing the list of IP addresses should be:
151.101.193.67
151.101.129.67
151.101.1.67
151.101.65.67
The MX type query for yahoo.ca is:
0000 00 02 01 00 00 01 00 00 00 00 00 00 05 79 61 68 ………….yah 0010 6F 6F 02 63 61 00 00 0F 00 01 oo.ca….. |
Response:
0000 00 02 81 80 00 01 00 03 00 00 00 00 05 79 61 68 ………….yah 0010 6F 6F 02 63 61 00 00 0F 00 01 C0 0C 00 0F 00 01 oo.ca……….. 0020 00 00 02 8A 00 19 00 0A 04 6D 74 61 36 03 61 6D ………mta6.am 0030 30 08 79 61 68 6F 6F 64 6E 73 03 6E 65 74 00 C0 0.yahoodns.net.. 0040 0C 00 0F 00 01 00 00 02 8A 00 09 00 0A 04 6D 74 …………..mt 0050 61 37 C0 2D C0 0C 00 0F 00 01 00 00 02 8A 00 09 a7.-………… 0060 00 0A 04 6D 74 61 35 C0 2D …mta5.- |
After processing the list of mail servers is:
mta6.am0.yahoodns.net
mta7.am0.yahoodns.net
mta5.am0.yahoodns.net
Here is link to download C++ source code of DNS client with parser (Windows console application). The client can parse the results of the following queries: A, MX, NS, PTR, AAAA, TXT.
Screenshots of this application for NS, PTR and AAAA queries:
