DNS, Domain Name System

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: TCP/IP.
Protocol type:Application layer name space translation protocol.
Port:53 (TCP, UDP) server.
MIME subtypes:application/dns.
SNMP MIBs: iso.org.dod.internet.mgmt.mib-2.dns (
Working groups: dns, Domain Name System.
dnsext, DNS Extensions.
dnsind, DNS IXFR, Notification, and Dynamic Update.
dnsop, Domain Name Server Operations.
IANA: DNS parameters.
DNS security algorithm numbers.
DNS SSHFP Resource Record Parameters.
wiki: DNS.

MAC header IP header TCP | UDP header DNS header Data :::

DNS header:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Identification QR Opcode AA TC RD RA Z AD CD Rcode
Total Questions Total Answer RRs
Total Authority RRs Total Additional RRs
Questions [] :::
Answer RRs [] :::
Authority RRs [] :::
Additional RRs [] :::

Identification. 16 bits.
Used to match request/reply packets.

QR, Query/Response. 1 bit.


Opcode. 4 bits.

0QUERY, Standard query. RFC 1035
1IQUERY, Inverse query. RFC 1035, RFC 3425
2STATUS, Server status request. RFC 1035
4Notify. RFC 1996
5Update. RFC 2136

AA, Authoritative Answer. 1 bit.
Specifies that the responding name server is an authority for the domain name in question section. Note that the contents of the answer section may have multiple owner names because of aliases. This bit corresponds to the name which matches the query name, or the first owner name in the answer section.

0Not authoritative.
1Is authoritative.

TC, Truncated. 1 bit.
Indicates that only the first 512 bytes of the reply was returned.

0Not truncated.
1Message truncated.

RD, Recursion Desired. 1 bit.
May be set in a query and is copied into the response. If set, the name server is directed to pursue the query recursively. Recursive query support is optional.

0Recursion not desired.
1Recursion desired.

RA, Recursion Available. 1 bit.
Indicates if recursive query support is available in the name server.

0Recursive query support not available.
1Recursive query support available.

Z. 1 bit.

AD, Authenticated data. 1 bit.
Indicates in a response that all data included in the answer and authority sections of the response have been authenticated by the server according to the policies of that server. It should be set only if all data in the response has been cryptographically verified or otherwise meets the server's local security policy.

CD, Checking Disabled. 1 bit.

Rcode, Return code. 4 bits.

0No error. The request completed successfully. RFC 1035
1Format error. The name server was unable to interpret the query. RFC 1035
2Server failure. The name server was unable to process this query due to a problem with the name server. RFC 1035
3Name Error. Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist. RFC 1035
4Not Implemented. The name server does not support the requested kind of query. RFC 1035
5Refused. The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data. RFC 1035
6YXDomain. Name Exists when it should not. RFC 2136
7YXRRSet. RR Set Exists when it should not. RFC 2136
8NXRRSet. RR Set that should exist does not. RFC 2136
9NotAuth. Server Not Authoritative for zone. RFC 2136
10NotZone. Name not contained in zone. RFC 2136
16BADVERS.Bad OPT Version.
BADSIG.TSIG Signature Failure.
RFC 2671
RFC 2845
17BADKEY. Key not recognized. RFC 2845
18BADTIME. Signature out of time window. RFC 2845
19BADMODE. Bad TKEY Mode. RFC 2930
20BADNAME. Duplicate key name. RFC 2930
21BADALG. Algorithm not supported. RFC 2930
22BADTRUNC. Bad truncation.RFC 4635
Private use.RFC 6195
65535 RFC 6195

Total Questions. 16 bits, unsigned.
Number of entries in the question list that were returned.

Total Answer RRs. 16 bits, unsigned.
Number of entries in the answer resource record list that were returned.

Total Authority RRs. 16 bits, unsigned.
Number of entries in the authority resource record list that were returned.

Total Additional RRs. 16 bits, unsigned.
Number of entries in the additional resource record list that were returned.

Questions[]. Variable length.
A list of zero or more Query structures.

Answer RRs[]. Variable length.
A list of zero or more Answer Resource Record structures.

Authority RRs[]. Variable length.
A list of zero or more Authority Resource Record structures.

Additional RRs[]. Variable length.
A list of zero or more Additional Resource Record structures.

Query. Variable length.

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Query Name :::
Type Class

Resource Record. Variable length.

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Name :::
Type Class
Rdata Length Rdata :::

Type. 16 bits, unsigned.

1A, IPv4 address. RFC 1035
2NS, Authoritative name server. RFC 1035
3MD, Mail destination. Obsolete use MX instead. RFC 1035
4MF, Mail forwarder. Obsolete use MX instead. RFC 1035
5CNAME, Canonical name for an alias. RFC 1035
6SOA, Marks the start of a zone of authority. RFC 1035
7MB, Mailbox domain name. RFC 1035
8MG, Mail group member. RFC 1035
9MR, Mail rename domain name. RFC 1035
10NULL, Null resource record. RFC 1035
11WKS, Well known service description. RFC 1035
12PTR, Domain name pointer. RFC 1035
13HINFO, Host information. RFC 1035
14MINFO, Mailbox or mail list information. RFC 1035
15MX, Mail exchange. RFC 1035
16TXT, Text strings. RFC 1035
17RP, Responsible Person. RFC 1183
18AFSDB, AFS Data Base location. RFC 1183, RFC 5864
19X25, X.25 PSDN address. RFC 1183
20ISDN, ISDN address. RFC 1183
21RT, Route Through. RFC 1183
22NSAP, NSAP address. NSAP style A record. RFC 1706
24SIG, Security signature. RFC 2931, RFC 4034
25KEY, Security key. RFC 3445, RFC 4034
26PX, X.400 mail mapping information. RFC 2163
27GPOS, Geographical Position. RFC 1712
28AAAA, IPv6 Address. RFC 3596
29LOC, Location Information. RFC 1876
30NXT, Next Domain (obsolete). RFC 2535
31EID, Endpoint Identifier. 
32NIMLOC, Nimrod Locator.
NB, NetBIOS general Name Service.

RFC 1002
33SRV, Server Selection.
RFC 2052, RFC 2782
RFC 1002
34ATMA, ATM Address. 
35NAPTR, Naming Authority Pointer. RFC 3403
36KX, Key Exchanger. RFC 2230
37CERT. RFC 2538, RFC 4398
38A6. RFC 2874, RFC 3226, RFC 6563
39DNAME. RFC 2672
41OPT. RFC 2671
42APL. RFC 3123
43DS, Delegation Signer. RFC 3658
44SSHFP, SSH Key Fingerprint. RFC 4255
46RRSIG. RFC 3755
47NSEC, NextSECure. RFC 3755, RFC 3845
48DNSKEY. RFC 3755
49DHCID, DHCP identifier. RFC 4701
50NSEC3.RFC 5155
55HIP, Host Identity Protocol. RFC 5205
58TALINK, Trust Anchor LINK. 
59Child DS. 
99SPF, Sender Policy Framework. RFC 4408
249TKEY. RFC 2930
250TSIG, Transaction Signature. RFC 2845, RFC 3645
251IXFR, Incremental transfer. RFC 1995
252AXFR, A request for a transfer of an entire zone. RFC 1035
253MAILB, A request for mailbox-related records (MB, MG or MR). RFC 1035
254MAILA, A request for mail agent RRs. Obsolete. RFC 1035
255*. A request for all records. RFC 1035
257CAA, Certification Authority Authorization. 
32768DNSSEC Trust Authorities. 
32769DNSSEC Lookaside Validation. RFC 4431, RFC 5074

Class. 16 bits, unsigned.

0Reserved.RFC 5395
1IN, Internet. RFC 1035.
3CH, Chaos. RFC 1035.
4HS, Hesiod. RFC 1035.
254None. RFC 2136.
255Any (QCLASS only). RFC 1035.
Private use.RFC 5395
65535 RFC 5395


Authoritative Server.
(RFC 2182) A server that knows the content of a DNS zone from local knowledge, and thus can answer queries about that zone without needing to query other servers.

DNSSEC, Domain Name System Security Extensions.
An extension to DNS that uses digital signatures over DNS data to provide source authentication and integrity protection.

Forward Zone.
(RFC 2182) A zone containing data mapping names to host addresses, mail exchange targets, etc.

Listed Server.
(RFC 2182) An Authoritative Server for which there is an "NS" resource record (RR) in the zone.

(RFC 1996) Any authoritative server configured to be the source of zone transfer for one or more slave servers.

Notify Set.
(RFC 1996) A set of servers to be notified of changes to some zone. The default is all servers named in the NS RRset, except for any server also named in the SOA MNAME. Some implementations will permit the name server administrator to override this set or add elements to it (such as, for example, stealth servers).

Primary Master.
(RFC 1996) Master server at the root of the zone transfer dependency graph. The primary master is named in the zone's SOA MNAME field and optionally by an NS RR. There is by definition only one primary master server per zone.

Primary Server.
(RFC 2182) An authoritative server for which the zone information is locally configured. Sometimes known as a Master server.

A DNS client which seeks information contained in a zone using the DNS protocols.

Reverse Zone.
(RFC 2182) A zone containing data used to map addresses to names.

Secondary Server.
(RFC 2182) An authoritative server that obtains information about a zone from a Primary Server via a zone transfer mechanism. Sometimes known as a Slave Server.

(RFC 1996) An authoritative server which uses zone transfer to retrieve the zone. All slave servers are named in the NS RRs for the zone.

(RFC 1996) Similar to a slave server except it is not listed in an NS RR for the zone. A stealth server, unless explicitly configured to do otherwise, will set the AA bit in responses and be capable of acting as a master. A stealth server will only be known by other servers if they are given static configuration data indicating its existence.

Stealth Server.
(RFC 2182) An authoritative server, usually secondary, which is not a Listed Server.

TLD, Top level domain name.

WKS, Well Known Services.

(RFC 2182) A part of the DNS tree, that is treated as a unit.


[RFC 830] A Distributed System for Internet Name Service.

[RFC 881] The Domain Names Plan and Schedule.

[RFC 897] Domain Name System Implementation Schedule.

[RFC 920] Domain Requirements.

[RFC 921] Domain Name System Implementation Schedule - Revised.








[RFC 1101] DNS Encoding of Network Names and Other Types.

[RFC 1123] Requirements for Internet Hosts -- Application and Support.

[RFC 1183] New DNS RR Definitions.

[RFC 1279] X.500 and Domains.

[RFC 1296] Internet Growth (1981-1991).

[RFC 1383] An Experiment in DNS Based IP Routing.

[RFC 1401] Correspondence between the IAB and DISA on the use of DNS throughout the Internet.

[RFC 1464] Using the Domain Name System To Store Arbitrary String Attributes.

[RFC 1480] The US Domain.

[RFC 1535] A Security Problem and Proposed Correction With Widely Deployed DNS Software.

[RFC 1536] Common DNS Implementation Errors and Suggested Fixes.

[RFC 1591] Domain Name System Structure and Delegation.

[RFC 1611] DNS Server MIB Extensions.

[RFC 1612] DNS Resolver MIB Extensions.

[RFC 1706] DNS NSAP Resource Records.

[RFC 1712] DNS Encoding of Geographical Location.

[RFC 1713] Tools for DNS debugging.

[RFC 1794] DNS Support for Load Balancing.

[RFC 1876] A Means for Expressing Location Information in the Domain Name System.

[RFC 1912] Common DNS Operational and Configuration Errors.

[RFC 1982] Serial Number Arithmetic.

[RFC 1995] Incremental Zone Transfer in DNS.

[RFC 1996] A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY).

[RFC 2053] The AM (Armenia) Domain.

[RFC 2136] Dynamic Updates in the Domain Name System (DNS UPDATE).


[RFC 2146] U.S. Government Internet Domain Names.

[RFC 2163] Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM).

[RFC 2181] Clarifications to the DNS Specification.

[RFC 2182] Selection and Operation of Secondary DNS Servers.

[RFC 2219] Use of DNS Aliases for Network Services.

[RFC 2230] Key Exchange Delegation Record for the DNS.

[RFC 2308] Negative Caching of DNS Queries (DNS NCACHE).

[RFC 2517] Building Directories from DNS: Experiences from WWWSeeker.

[RFC 2536] DSA KEYs and SIGs in the Domain Name System (DNS).

[RFC 2539] Storage of Diffie-Hellman Keys in the Domain Name System (DNS).

[RFC 2540] Detached Domain Name System (DNS) Information.

[RFC 2541] DNS Security Operational Considerations.

[RFC 2606] Reserved Top Level DNS Names.

[RFC 2671] Extension Mechanisms for DNS (EDNS0).

[RFC 2672] Non-Terminal DNS Name Redirection.

[RFC 2673] Binary Labels in the Domain Name System.

[RFC 2694] DNS extensions to Network Address Translators (DNS_ALG).

[RFC 2782] A DNS RR for specifying the location of services (DNS SRV).

[RFC 2826] IAB Technical Comment on the Unique DNS Root.

[RFC 2845] Secret Key Transaction Authentication for DNS (TSIG).

[RFC 2870] Root Name Server Operational Requirements.

[RFC 2874] DNS Extensions to Support IPv6 Address Aggregation and Renumbering.

[RFC 2930] Secret Key Establishment for DNS (TKEY RR).

[RFC 2931] DNS Request and Transaction Signatures ( SIG(0)s ).

[RFC 3007] Secure Domain Name System (DNS) Dynamic Update.

[RFC 3027] Protocol Complications with the IP Network Address Translator.

[RFC 3071] Reflections on the DNS, RFC 1591, and Categories of Domains.

[RFC 3110] RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS).

[RFC 3123] A DNS RR Type for Lists of Address Prefixes (APL RR).

[RFC 3130] Notes from the State-Of-The-Technology: DNSSEC.

[RFC 3197] Applicability Statement for DNS MIB Extensions.

[RFC 3225] Indicating Resolver Support of DNSSEC.

[RFC 3226] DNSSEC and IPv6 A6 aware server/resolver message size requirements.

[RFC 3245] The History and Context of Telephone Number Mapping (ENUM) Operational Decisions: Informational Documents Contributed to ITU-T Study Group 2 (SG2).

[RFC 3258] Distributing Authoritative Name Servers via Shared Unicast Addresses.

[RFC 3363] Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS).

[RFC 3364] Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6).

[RFC 3403] Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database.

[RFC 3425] Obsoleting IQUERY.

[RFC 3467] Role of the Domain Name System (DNS).

[RFC 3568] Known Content Network (CN) Request-Routing Mechanisms.

[RFC 3596] DNS Extensions to Support IP Version 6.

[RFC 3597] Handling of Unknown DNS Resource Record (RR) Types.

[RFC 3645] Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG).

[RFC 3646] DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6).

[RFC 3675] .sex Considered Dangerous.

[RFC 3681] Delegation of E.F.F.3.IP6.ARPA.

[RFC 3696] Application Techniques for Checking and Transformation of Names.

[RFC 3761] The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM).

[RFC 3832] Remote Service Discovery in the Service Location Protocol (SLP) via DNS SRV.

[RFC 3833] Threat Analysis of the Domain Name System (DNS).

[RFC 3901] DNS IPv6 Transport Operational Guidelines.

[RFC 3958] Domain-Based Application Service Location Using SRV RRs and the Dynamic Delegation Discovery Service (DDDS).

[RFC 4025] A Method for Storing IPsec Keying Material in DNS.

[RFC 4027] Domain Name System Media Types.

[RFC 4033] DNS Security Introduction and Requirements.

[RFC 4034] Resource Records for the DNS Security Extensions.

[RFC 4035] Protocol Modifications for the DNS Security Extensions.

[RFC 4074] Common Misbehavior Against DNS Queries for IPv6 Addresses.

[RFC 4095] Attaching Meaning to Solicitation Class Keywords.

[RFC 4143] Facsimile Using Internet Mail (IFAX) Service of ENUM.

[RFC 4183] A Suggested Scheme for DNS Resolution of Networks and Gateways.

[RFC 4185] National and Local Characters for DNS Top Level Domain (TLD) Names.

[RFC 4213] Basic Transition Mechanisms for IPv6 Hosts and Routers.

[RFC 4255] Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints.

[RFC 4310] Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP).

[RFC 4322] Opportunistic Encryption using the Internet Key Exchange (IKE).

[RFC 4339] IPv6 Host Configuration of DNS Server Information Approaches.

[RFC 4343] Domain Name System (DNS) Case Insensitivity Clarification.

[RFC 4367] What's in a Name: False Assumptions about DNS Names.

[RFC 4386] Internet X.509 Public Key Infrastructure Repository Locator Service.

[RFC 4398] Storing Certificates in the Domain Name System (DNS).

[RFC 4406] Sender ID: Authenticating E-Mail.

[RFC 4408] Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1.

[RFC 4431] The DNSSEC Lookaside Validation (DLV) DNS Resource Record.

[RFC 4470] Minimally Covering NSEC Records and DNSSEC On-line Signing.

[RFC 4471] Derivation of DNS Name Predecessor and Successor.

[RFC 4472] Operational Considerations and Issues with IPv6 DNS.

[RFC 4477] Dynamic Host Configuration Protocol (DHCP): IPv4 and IPv6 Dual-Stack Issues.

[RFC 4501] Domain Name System Uniform Resource Identifiers.

[RFC 4509] Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs).

[RFC 4697] Observed DNS Resolution Misbehavior.

[RFC 5358] Preventing Use of Recursive Nameservers in Reflector Attacks.

[RFC 5452] Measures for Making DNS More Resilient against Forged Answers.

[RFC 6014] Cryptographic Algorithm Identifier Allocation for DNSSEC.

[RFC 6186] Use of SRV Records for Locating Email Submission/Access Services.

[RFC 6195] Domain Name System (DNS) IANA Considerations.

[RFC 6589] Considerations for Transitioning Content to IPv6.

[RFC 6594] Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records.

[RFC 6604] xNAME RCODE and Status Bits Clarification.

[RFC 6605] Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC.

[RFC 6725] DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates.


Obsolete RFCs:



[RFC 973] Domain System Changes and Observations.

[RFC 1348] DNS NSAP RRs.

[RFC 1386] The US Domain.

[RFC 1537] Common DNS Data File Configuration Errors.

[RFC 1637] DNS NSAP Resource Records.

[RFC 1664] Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables.

[RFC 1811] U.S. Government Internet Domain Names.

[RFC 1816] U.S. Government Internet Domain Names.

[RFC 1886] DNS Extensions to support IP version 6.

[RFC 1933] Transition Mechanisms for IPv6 Hosts and Routers.

[RFC 2010] Operational Criteria for Root Name Servers.

[RFC 2052] A DNS RR for specifying the location of services (DNS SRV).

[RFC 2065] Domain Name System Security Extensions.

[RFC 2137] Secure Domain Name System Dynamic Update.

[RFC 2168] Resolution of Uniform Resource Identifiers using the Domain Name System.

[RFC 2535] Domain Name System Security Extensions.

[RFC 2537] RSA/MD5 KEYs and SIGs in the Domain Name System (DNS).

[RFC 2538] Storing Certificates in the Domain Name System (DNS).

[RFC 2893] Transition Mechanisms for IPv6 Hosts and Routers.

[RFC 2915] The Naming Authority Pointer (NAPTR) DNS Resource Record.

[RFC 2916] E.164 number and DNS.

[RFC 2929] Domain Name System (DNS) IANA Considerations.

[RFC 3008] Domain Name System Security (DNSSEC) Signing Authority.

[RFC 3090] DNS Security Extension Clarification on Zone Status.

[RFC 3152] Delegation of IP6.ARPA.

[RFC 3445] Limiting the Scope of the KEY Resource Record (RR).

[RFC 3655] Redefinition of DNS Authenticated Data (AD) bit.

[RFC 3658] Delegation Signer (DS) Resource Record (RR).

[RFC 3755] Legacy Resolver Compatibility for Delegation Signer (DS).

[RFC 3757] Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag.

[RFC 3845] DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format.

[RFC 5395] Domain Name System (DNS) IANA Considerations.

Description Glossary RFCs Publications Obsolete RFCs