DNS
DNS stands for Domain Name System. DNS is used by all machines to translate hostnames into IP addresses. This mechanism is used to translate names to attributes such as addresses (IPv4/IPv6) based on the query type.
DNS has three major components:
A name space
Servers making that name space available
Resolvers (clients) that query the servers about the name space
This topic will focus on the resolver perspective, where the client sends a query to the server and the server answers the query. There can be multiple answers to the same query.
DNS Wireshark filter
Wireshark's dns filter is used to display only DNS traffic, and UDP port 53 is used to capture DNS traffic.
Port
The default DNS port is 53, and it uses the UDP protocol. Some DNS systems use the TCP protocol also. TCP is used when the response data size exceeds 512 bytes, or for tasks such as zone transfers.
Resource records
The following format is used by the DNS system:
|
Field |
Description |
Length |
Wireshark filter |
|---|---|---|---|
|
NAME |
The owner name... |
