Manually resolve any DNS A record

  printf "\0\1\1\0\0\1\0\0\0\0\0\0\6reddit\3com\0\0\1\0\1" |nc -vvuq1 8.8.8.8  53 |xxd

Explain:

0x0001 means transaction ID. Invent one as you like
0x0100 Flag. Always this for all requests
0x0001 number of requests: always 1. because DNS RFC sucks
0x0000 Response: 0
0x0000 Authority Response: 0
0x0000 Additional Response: 0
\6 reddit The string reddit has length of 6
\3 com The string com has length of 3
0x0001 Record Type: A
0x0001: Class: IN. Always this.

then ping the last four bytes

  $ ping 0x60.0x11.0xb4.0x89
  PING 0x60.0x11.0xb4.0x89 (96.17.180.137) 56(84) bytes of data.

Why DNS Resource Record Name is always C0 0C?

It's compression.

C00C = 11000000 00001100

First two bits means it's a pointer, b1100 = 12 bytes offset.

Reference:

http://www.ccs.neu.edu/home/amislove/teaching/cs4700/fall09/handouts/project1-primer.pdf

Comments