By Qasim
Posted on December 11, 2025 | 5 min read
The DNS protocol is essential for navigating the internet. It converts domain names into IP addresses, allowing browsers to find and load websites. Without DNS, we’d need to remember complex numerical addresses.
The Domain Name System (DNS) operates as a straightforward request-and-response protocol. A protocol refers to a defined set of rules for formatting and handling data. A DNS message is structured into five sections: Header, Question, Answer, Authority, and Additional. Let's explore each of these sections in detail.
Header sections of the DNS message contain metadata and always 12 bytes long. It contains fields shown in the figure below. These headers are created by DNS client. When a DNS server responds, it will copy all the data in the response and update some of the fields. DNS is served over UDP protocol which is stateless.
| Fields | Size (bits) | Description |
|---|---|---|
| ID | 16 | Identifier used to match responses with requests as DNS uses UDP which is stateless |
| QR | 1 | Request is a query (0) or response (1) |
| Opcode | 4 | Six opcodes exist; the standard Query (Opcode 0) is the most commonly used |
| AA | 1 | Authoritative Answer — set if the response is from an authoritative server |
| TC | 1 | Truncation — set if the message is too large for UDP; client should retry via TCP |
| RD | 1 | Recursion Desired — requests the DNS server to perform a recursive query |
| RA | 1 | Recursion Available — set in responses if the server supports recursion |
| XX | 1 | Reserved for future use |
| AD | 1 | Authentic Data — set by DNSSEC-aware servers when authenticity is validated |
| CD | 1 | Checking Disabled — disables DNSSEC validation on the server |
| Rcode | 4 | Response code indicating DNS response status |
| QDCount | 16 | Number of queries in the DNS message |
| ANCount | 16 | Number of resource records in the Answer section |
| NSCount | 16 | Number of name server records in the Authority section |
| ARCount | 16 | Number of resource records in the Additional section |
Question section contains the actual query. It is the query the client wants DNS server to answer. Question section contains only single query. It contains 3 fields.
The remaining three sections follow the same format. The Answer section contains the records queried by the client. The Authority section includes the nameserver records, while the Additional section provides extra information, such as glue records, that are not part of the Answer or Authority sections.
A glue record is an A (IPv4) or AAAA (IPv6) record stored at the parent zone (like .com) that provides the IP address of the domain’s nameservers.
| Fields | Description |
|---|---|
| Domain name | Name of Domain |
| Record type | Record types such as CNAME, A, NS, and others |
| Record class | Same as the query class in the question section |
| Time to Live | TTL in seconds, indicating how long resolvers should cache a DNS record |
| Record data length | Number of bytes of the record data |
| Record data | Contains the DNS record itself; format depends on record type (e.g., IP address for A record) |
Following image shows the request and response of DNS protocol for whoisfreaks.com domain captured via Wireshark.
EDNS (Extension Mechanisms for DNS) extends the original DNS protocol to support additional features. Initially defined in 1999 and updated in 2013 (RFC 6891), EDNS addresses limitations in the standard protocol, such as the fixed length of the RCODE field by adding 8 extra bits for extended status codes. It also modifies the structure of the DNS Additional section by introducing a new pseudo-record type called OPT. This OPT record is included in queries sent to DNS servers that support EDNS. If the server recognizes EDNS, it responds with its own OPT record. If not, it simply ignores the OPT record. This design ensures backward compatibility with non-EDNS servers. Let's look at the updated structure of additional section with values.
| Fields | Value |
|---|---|
| Domain name | Empty Field |
| Record type | OPT Record Type |
| Record class | Maximum UDP payload size that the client can handle |
| Time to Live | 4 bytes in length |
| Extended Rcode | 1-byte extension of the header Rcode; combined size becomes 12 bits |
| EDNS Version | 1 byte containing the EDNS version |
| DO & Reserved | 2 bytes for additional header flags; DO for DNSSEC, others reserved |
| Record data length | Number of bytes in the record data |
| Record data | List of EDNS options in key-value format |
EDNS is an extended version of the DNS protocol that enhances its capabilities. One key benefit is the ability to handle larger responses over UDP, reducing the need to fall back to TCP when responses are truncated. EDNS also introduces support for DNSSEC by allowing the transmission of cryptographic data using key-value pairs and enabling the inclusion of additional metadata through extended fields.
Dynamic DNS (DDNS) is an extension of the DNS protocol that allows A and AAAA records to be updated automatically in real time. It is especially useful when the IP address associated with a domain name change frequently, enabling network administrators or devices to update DNS records without manual intervention.
DNS records are critical pieces of information about domains stored in text-based files. They enable seamless information flow and efficient data communication across the internet. The Domain Name System functions by converting human-friendly domain names into numerical IP addresses used by computers, which is essential for facilitating user access to websites. The most commonly used DNS record types include A, AAAA, CNAME, MX, NS, and TXT records, each serving specific purposes in domain management.
Anyone managing a domain must understand these common DNS record types. Each type of record has a unique role, from mapping domain names to IP addresses to directing email traffic. Let us now explore each of these record types one by one in detail.
