[Dshield] DNS Query and Update Data Packet Formats

Jon R. Kibler Jon.Kibler at aset.com
Sun Mar 21 21:12:32 GMT 2004

Does anyone know of a good single reference that defines all the data packets (layout as seen from sniffers, such as tcpdump) used by DNS -- for both query and update?

We have a name server that is being repeatedly attacked by several different types of DNS packets and I would like some reference that gave more details about the specifics of each packet captured. I am trying to avoid having to dig through a bunch of RFCs to find what we need -- any good summary that is complete and current? Hoping to find something like the Appendix in O'Reilly's DNS and BIND -- but more comprehensive and detailed.

