DNS CNAME 类型记录的 RDLENGTH 字段不正确?
我一直使用 RFC 1035.4.1.3 作为 DNS RR 格式的参考: http://www.freesoft.org/CIE/RFC/1035/42。 htm
RFC 说 RDLENGTH 是“一个无符号 16 位整数,指定 RDATA 字段的八位字节长度”,但在数据报中,我得到的 RDLENGTH 有时比应有的值小 2。我已经使用wireshark进行了检查,以确保我正确地获取了数据报。这是我在查找 google 时获得的 CNAME 记录:
C0 0C 00 05 00 01 00 03 95 FC 00 10 03 77 77 77
01 6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00
这就是名称:C0 0C(dgram 中前面指向 www.google.com 的指针)
然后输入:00 05 (CNAME)
然后班级:00 01 (IN)
然后 TTL:00 03 95 FC(随便)
然后 RDLENGTH:00 10(这是 16 个字节,是吗?)
然后 RDATA:
03 77 77 77 01 6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00 (www.l.google.com - 格式正确)
如您所见,RDATA 的长度为 18 个字节。 18字节是0x12,而不是0x10。
之后的 A 类型记录正确报告地址数据的 RDLENGTH 4。我在这里错过了什么吗?我认为这是一个错误,但我对每个 DNS 服务器和每个域都得到了这个。
我想我真正要问的是为什么 RDATA 比 RDLENGTH 长,以及我应该遵循什么规则来适应它,以便我可以解析任何类型的记录。 (具体来说,我可以期待其他 RR 类型的这种事情吗?)
提前感谢任何提供建议的人。 :)
I've been using RFC 1035.4.1.3 as a reference for DNS RR format:
http://www.freesoft.org/CIE/RFC/1035/42.htm
The RFC says that RDLENGTH is "an unsigned 16 bit integer that specifies the length in octets of the RDATA field" but in the datagrams I'm getting RDLENGTH is sometimes 2 less than it should be. I've checked with wireshark to ensure that I'm getting the datagram correctly. Here's a CNAME record I got while looking up google:
C0 0C 00 05 00 01 00 03 95 FC 00 10 03 77 77 77
01 6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00
So that's the name: C0 0C (a pointer to www.google.com earlier in the dgram)
Then the type: 00 05 (CNAME)
Then the class: 00 01 (IN)
Then the TTL: 00 03 95 FC (whatever)
Then RDLENGTH: 00 10 (that's 16 bytes, yes?)
Then RDATA:
03 77 77 77 01 6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00 (www.l.google.com - format is correct)
As you can see, the RDATA is 18 bytes in length. 18 bytes is 0x12, not 0x10.
The type A records that come after that correctly report RDLENGTH 4 for the address data. Am I missing something here? I'd dismiss it as an error, but I get this for every DNS servers and every domain.
I guess really what I'm asking is why the RDATA is longer than RDLENGTH and what rules should I follow to adapt to it so I can parse any type of record. (Specifically, can I expect this kind of thing from other RR types?)
Thank you in advance to anyone who gives advice. :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
响应数据似乎很混乱 - RDLENGTH 应该是 18 (0x00 0x12),或者 RDATA 应该不同。
我刚刚从这里运行了一些谷歌查找,但我没有看到这个问题。
我得到 RDLENGHT 为 7 且 RDATA 匹配(压缩名称)。
你的数据包数据有问题吗?
The response data appears to be messed up - either RDLENGTH should be 18 (0x00 0x12), or RDATA should be different.
I just ran a few google lookups from here, and I do not see that problem.
I get RDLENGHT of 7 and RDATA to match (a compressed name).
Is something messing with your packet data?