Manually resolve any DNS A record
Posted | archive
printf "\0\1\1\0\0\1\0\0\0\0\0\0\6reddit\3com\0\0\1\0\1" |nc -vvuq1 8.8.8.8 53 |xxd
Explain:
0x0001 means transaction ID. Invent one as you like
0x0100 Flag. Always this for all requests
0x0001 number of requests: always 1. because DNS RFC sucks
0x0000 Response: 0
0x0000 Authority Response: 0
0x0000 Additional Response: 0
\6 reddit The string reddit has length of 6
\3 com The string com has length of 3
0x0001 Record Type: A
0x0001: Class: IN. Always this.
then ping the last four bytes
$ ping 0x60.0x11.0xb4.0x89
PING 0x60.0x11.0xb4.0x89 (96.17.180.137) 56(84) bytes of data.
Why DNS Resource Record Name is always C0 0C?
It's compression.
C00C = 11000000 00001100
First two bits means it's a pointer, b1100 = 12 bytes offset.
Reference:
http://www.ccs.neu.edu/home/amislove/teaching/cs4700/fall09/handouts/project1-primer.pdf
Comments