printf "\0\1\1\0\0\1\0\0\0\0\0\0\6reddit\3com\0\0\1\0\1" |nc -vvuq1 220.127.116.11 53 |xxd
0x0001 means transaction ID. Invent one as you like
0x0100 Flag. Always this for all requests
0x0001 number of requests: always 1. because DNS RFC sucks
0x0000 Response: 0
0x0000 Authority Response: 0
0x0000 Additional Response: 0
\6 reddit The string reddit has length of 6
\3 com The string com has length of 3
0x0001 Record Type: A
0x0001: Class: IN. Always this.
then ping the last four bytes
$ ping 0x60.0x11.0xb4.0x89 PING 0x60.0x11.0xb4.0x89 (18.104.22.168) 56(84) bytes of data.
Why DNS Resource Record Name is always C0 0C?
C00C = 11000000 00001100
First two bits means it's a pointer, b1100 = 12 bytes offset.