Flags: 0x0500这个DNS查询包的部分是什么意思?
Domain Name System (query)
Transaction ID: 0x4242
Flags: 0x0500 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
secure.net: type A, class IN
这个数据包看起来不正常,因为这个部分通常是这样的Flags: 0x0100。这个部分有什么相关性?
答案1
这些标志的描述如下RFC 10354.1.1 节。您设置的位,要获得 0x0500,是这样的
AA 权威答案 - 此位在响应中有效,并指定响应名称服务器是相关部分中域名的权威机构。
答案2
由于某种原因,Wireshark 未显示在您的示例中启用的 AA(权威答案)标志。
在我的 Wireshark 上显示该标志:
Flags: 0x8180 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)