0

我想创建一个 DNS 响应以发送到我的浏览器。我在 rfc 中创建了一些结构:

//DNS header
struct DNS_HEADER
{
    unsigned short id; 
    unsigned char rd :1; 
    unsigned char tc :1; 
    unsigned char aa :1; 
    unsigned char opcode :4;
    unsigned char qr :1; 

    unsigned char rcode :4; 
    unsigned char cd :1;
    unsigned char ad :1; 
    unsigned char z :1;  
    unsigned char ra :1; 

    unsigned short q_count; 
    unsigned short ans_count; 
    unsigned short auth_count; 
    unsigned short add_count; 
};

#pragma pack(push, 1)
struct R_DATA
{
    unsigned short type;
    unsigned short _class;
    unsigned int ttl;
    unsigned short data_len;
};
#pragma pack(pop)

struct RES_RECORD
{
    unsigned char *name;
    struct R_DATA *resource;
    unsigned char *rdata;
};

现在我正在尝试填写这些结构,以便发送有效的 DNS 响应。我正在尝试使用 ipaddres 112.12.12.12 发送例如 www.google.com (只是为了好玩)。

这就是我所拥有的:

dns = (DNS_HEADER*)malloc(sizeof(DNS_HEADER));
dns->id = (unsigned short) htons(GetCurrentProcessId()); // ID 
dns->qr = 1; // We give a response, Volgens RFC: (= query (0), or a response (1).)
dns->opcode = 0; // default
dns->aa = 0; //Not Authoritative,RFC: (= Authoritative Answer - this bit is valid in responses, and specifies that the responding name server is an authority for the domain name in question section.)
dns->tc = 0; // Not truncated
dns->rd = 1; // Enable recursion
dns->ra = 0; // Nameserver supports recursion?
dns->z = 0; //  RFC: (= Reserved for future use.  Must be zero in all queries and responses.)
dns->rcode = 0; // No error condition
dns->q_count = 0; // No questions!
dns->ad = 0; // How man resource records?
dns->cd = 0; // !checking
dns->ans_count = 1; // We give 1 answer
dns->auth_count = 0; // How many authority entries?
dns->add_count = 0; // How many resource entries?

但是正如您所看到的,我对要填写的内容有一些疑问。此外,我无法通过 rfc 找到 R_Data 和 res_record 我所做的随机响应要填写什么...

有人可以帮我弄这个吗?

4

2 回答 2

0

一目了然的几点提示:id在您的响应中需要是您在查询中收到的 id。q_count应该是 1 并重复您收到的查询(在您的示例中,例如\x03www\x06google\x03com\x00\x00\x01\x00\x01for www.google.com IN A)。RFC1035 第 3.4.1 节中解释了需要输入的rdata内容(在您的示例中是\x70\x0c\x0c\x0c)。

于 2013-04-25T05:03:25.970 回答
0

你的方法从根本上是有缺陷的。你不能用结构体来表达DNS数据包,因为DNS数据包中的字符串是可变长度的,即字符串后面的字段在数据包中的偏移量取决于前面字符串的长度。

您的结构用字符指针代替每个字符串,每个指针通常是一个 32 位值,指向内存中的某个其他位置。因此,当您尝试发送内存中表示的结构时,您将发送或多或少的随机 32 位值来代替字符串。

这是一个关于 DNS 数据包应该是什么样子的相当说明性的指南:http ://www.tcpipguide.com/free/t_DNSMessageProcessingandGeneralMessageFormat.htm

于 2013-09-11T11:53:27.813 回答