Geek Answers Handbook

DNS client in C

I am currently working on a school project that asks me to implement a DNS client without using any library features.

I have a point at which I send a DNS request and get a response. I'm stuck parsing an answer. I get the answer in a char * array, and I want to convert it to some meaningful structure from which I can parse the answer. I went through the RFC and I read about the structure of packages, but implementing it in C gives me problems.

Can someone give me some examples in C or possibly in any other language that explains how this is done. Or any link to the book is also beautiful.

Additional Information:

So, the following structures that I use.

struct result{ int type; struct res_ip_cname ip_cname; struct res_error error; struct res_mx_ns mx_ns; }; struct res_ip_cname{ char* lst; int sec; char* auth_flag; }; struct res_error{ char * info; }; struct res_mx_ns{ char * name; unsigned short pref; int sec; char* auth_flag; };

I have a char * [] buffer, where im stores the response that I get from the server. And I need to extract information from this buffer and populate the result of the structure.

Thanks Chander

+4
source share
4 answers

Your structures are not like everything I learn from the RFC (yes, I wrote a lot of software to decode DNS packets).

Take a look at RFC 1035 , in particular, most of the structures you need can be displayed directly from the layouts of the fields in it.

For example, you need a header (see s4.1.1):

 struct dns_header { uint16_t query_id; uint16_t flags; uint16_t qdcount; uint16_t ancount; uint16_t nscount; uint16_t arcount; };

Remember to use ntohs() to convert the wire format of these fields to the native byte order of your computer. The order of the network is large, and most machines today are not very similar.

You will need a “question” structure (see s4.1.2) and a general “resource record" structure (see s4.1.3).

Please note, however, that the wire format of both of them starts with a variable-length label label, which may also contain pointers to compression (see s4.1.4). This means that in these cases you cannot trivially map the entire block of wires to structure C.

Hope this helps ...

+5
source

If I were you, I would use wireshark (in combination with RFC) to check the structure of the package. Wireshark captures and displays network packets flowing through your computer. It allows you to see both the source data that you will receive and the decoded packet structure.

For example, in the screenshot below, you can see the IP address chat.meta.stackoverflow.com returned in the Response Response package, displayed in three different ways. First, you can see the human-readable version in the middle panel of the screen. Secondly, the highlighted text in the lower left pane shows the raw DNS packet as a sequence of hexadecimal bytes. Thirdly, in the selected text in the lower left pane you can see the package displayed as ASCII text (in this case, basically, but not completely, gobbledigook). a wireshark trace of a DNS response packet

0
source

My advice is do not eat this. Extract QDCOUNT and ANCOUNT from the header, then skip the header, skip the QDCOUNT questions and start parsing the answers. Skipping a shortcut is easy (just find the first byte that is 0 or has a set of high bits), but decoding one is a little more work (you need to follow and check the “pointers” and make sure that you don't get stuck in the loop). If you are only looking for addresses (not PTR records), you really don't need to decode labels at all.

0
source

the request format and the response format are very similar - both contain variable-length fields, which I think you’re stuck with, but if you were able to correctly form the request, you should not understand the answer too much. If you can post some details, such as where exactly you are stuck, we could help better.

0
source

More articles:


All Articles