The example consists of the following setup with four hosts, two of which are Primary DNS servers.
The Windows NT 4.0-based client does the following PING. The arrows represent a packet and the numbers associate the frame number with the trace below.
The trace is of the following query:
Ping rattlesnake.glennwo.scottsu.com
That is the Host is rattlesnake and the domain is glennwo.scottsu.com
The client first has to query its DNS server for the names.
Note that the query is recursive.
1 SCOTTSU-7 SCOTTSU_NT40 DNS 0x1:Std Qry for rattlesnake.glennwo.scottsu.com IP: ID = 0x9608; Proto = UDP; Len: 77 IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Total Length = 77 (0x4D) IP: Identification = 38408 (0x9608) IP: Flags Summary = 0 (0x0) IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 128 (0x80) IP: Protocol = UDP—User Datagram IP: CheckSum = 0x9F28 IP: Source Address = 157.55.102.52 IP: Destination Address = 157.55.100.204 IP: Data: Number of data bytes remaining = 57 (0x0039) UDP: Src Port: Unknown, (1066); Dst Port: DNS (53); Length = 57 (0x39) UDP: Source Port = 0x042A UDP: Destination Port = DNS UDP: Total length = 57 (0x39) bytes UDP: CheckSum = 0xB2D7 UDP: Data: Number of data bytes remaining = 49 (0x0031) DNS: 0x1:Std Qry for rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Query Identifier = 1 (0x1) DNS: DNS Flags = Query, OpCode—Std Qry, RD Bits Set, RCode—No error DNS: 0............... = Query DNS: .0000........... = Standard Query DNS: .....0.......... = Server not authority for domain DNS: ......0......... = Message complete DNS: .......1........ = Recursive query desired DNS: ........0....... = Recursive queries supported by server DNS: .........000.... = Reserved DNS: ............0000 = No error DNS: Question Entry Count = 1 (0x1) DNS: Answer Entry Count = 0 (0x0) DNS: Name Server Count = 0 (0x0) DNS: Additional Records Count = 0 (0x0) DNS: Question Section: rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Question Name: rattlesnake.glennwo.scottsu.com DNS: Question Type = Host Address DNS: Question Class = Internet address class
The scottsu_40NT.scottsu.com is not authoritative for the domain glennwo.scottsu.com, so the scottsu_40NT.scottsu.com Host forwards the request to the subdomain DNS server copperhead.glennwo.scottsu.com.
Note that the query is iterative.
2 SCOTTSU_NT40 COPPERHEAD DNS 0x5:Std Qry for rattlesnake.glennwo.scottsu.com IP: ID = 0x9C1C; Proto = UDP; Len: 77 IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Total Length = 77 (0x4D) IP: Identification = 39964 (0x9C1C) IP: Flags Summary = 0 (0x0) IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 128 (0x80) IP: Protocol = UDP—User Datagram IP: CheckSum = 0x9487 IP: Source Address = 157.55.100.204 IP: Destination Address = 157.55.106.193 IP: Data: Number of data bytes remaining = 57 (0x0039) UDP: Src Port: DNS, (53); Dst Port: DNS (53); Length = 57 (0x39) UDP: Source Port = DNS UDP: Destination Port = DNS UDP: Total length = 57 (0x39) bytes UDP: CheckSum = 0xB33B UDP: Data: Number of data bytes remaining = 49 (0x0031) DNS: 0x5:Std Qry for rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Query Identifier = 5 (0x5) DNS: DNS Flags = Query, OpCode—Std Qry, RCode—No error DNS: 0............... = Query DNS: .0000........... = Standard Query DNS: .....0.......... = Server not authority for domain DNS: ......0......... = Message complete DNS: .......0........ = Iterative query desired DNS: ........0....... = Recursive queries supported by server DNS: .........000.... = Reserved DNS: ............0000 = No error DNS: Question Entry Count = 1 (0x1) DNS: Answer Entry Count = 0 (0x0) DNS: Name Server Count = 0 (0x0) DNS: Additional Records Count = 0 (0x0) DNS: Question Section: rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Question Name: rattlesnake.glennwo.scottsu.com DNS: Question Type = Host Address DNS: Question Class = Internet address class
The Copperhead.glennwo.scottsu.com Host replies back to the Scottsu_40NT DNS server with the data.
3 COPPERHEAD SCOTTSU_NT40 DNS 0x5:Std Qry Resp. for rattlesnake.glennwo.scottsu.com IP: ID = 0x5F04; Proto = UDP; Len: 93 IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Total Length = 93 (0x5D) IP: Identification = 24324 (0x5F04) IP: Flags Summary = 0 (0x0) IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 128 (0x80) IP: Protocol = UDP—User Datagram IP: CheckSum = 0xD18F IP: Source Address = 157.55.106.193 IP: Destination Address = 157.55.100.204 IP: Data: Number of data bytes remaining = 73 (0x0049) UDP: Src Port: DNS, (53); Dst Port: DNS (53); Length = 73 (0x49) UDP: Source Port = DNS UDP: Destination Port = DNS UDP: Total length = 73 (0x49) bytes UDP: CheckSum = 0x8BD1 UDP: Data: Number of data bytes remaining = 65 (0x0041) DNS: 0x5:Std Qry Resp. for rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Query Identifier = 5 (0x5) DNS: DNS Flags = Response, OpCode—Std Qry, AA RA Bits Set, RCode—No error DNS: 1............... = Response DNS: .0000........... = Standard Query DNS: .....1.......... = Server authority for domain DNS: ......0......... = Message complete DNS: .......0........ = Iterative query desired DNS: ........1....... = No recursive queries DNS: .........000.... = Reserved DNS: ............0000 = No error DNS: Question Entry Count = 1 (0x1) DNS: Answer Entry Count = 1 (0x1) DNS: Name Server Count = 0 (0x0) DNS: Additional Records Count = 0 (0x0) DNS: Question Section: rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Question Name: rattlesnake.glennwo.scottsu.com DNS: Question Type = Host Address DNS: Question Class = Internet address class DNS: Answer section: rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Resource Name: rattlesnake.glennwo.scottsu.com DNS: Resource Type = Host Address DNS: Resource Class = Internet address class DNS: Time To Live = 0 (0x0) DNS: Resource Data Length = 4 (0x4) DNS: IP address = 157.55.107.88
The data is returned back to the client.
4 SCOTTSU_NT40 SCOTTSU-7 DNS 0x1:Std Qry Resp. for rattlesnake.glennwo.scottsu.com
IP: ID = 0x9D1C; Proto = UDP; Len: 93 IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Total Length = 93 (0x5D) IP: Identification = 40220 (0x9D1C) IP: Flags Summary = 0 (0x0) IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 128 (0x80) IP: Protocol = UDP—User Datagram IP: CheckSum = 0x9804 IP: Source Address = 157.55.100.204 IP: Destination Address = 157.55.102.52 IP: Data: Number of data bytes remaining = 73 (0x0049) UDP: Src Port: DNS, (53); Dst Port: Unknown (1066); Length = 73 (0x49) UDP: Source Port = DNS UDP: Destination Port = 0x042A UDP: Total length = 73 (0x49) bytes UDP: CheckSum = 0x8F6D UDP: Data: Number of data bytes remaining = 65 (0x0041) DNS: 0x1:Std Qry Resp. for rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Query Identifier = 1 (0x1) DNS: DNS Flags = Response, OpCode—Std Qry, RD RA Bits Set, RCode—No error DNS: 1............... = Response DNS: .0000........... = Standard Query DNS: .....0.......... = Server not authority for domain DNS: ......0......... = Message complete DNS: .......1........ = Recursive query desired DNS: ........1....... = No recursive queries DNS: .........000.... = Reserved DNS: ............0000 = No error DNS: Question Entry Count = 1 (0x1) DNS: Answer Entry Count = 1 (0x1) DNS: Name Server Count = 0 (0x0) DNS: Additional Records Count = 0 (0x0) DNS: Question Section: rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Question Name: rattlesnake.glennwo.scottsu.com DNS: Question Type = Host Address DNS: Question Class = Internet address class DNS: Answer section: rattlesnake.glennwo.scottsu.com of type Host Addr on class INET addr. DNS: Resource Name: rattlesnake.glennwo.scottsu.com DNS: Resource Type = Host Address DNS: Resource Class = Internet address class DNS: Time To Live = 0 (0x0) DNS: Resource Data Length = 4 (0x4) DNS: IP address = 157.55.107.88
The client can then PING the server.
5 SCOTTSU-7 RATTLESNAKE ICMP Echo, From 157.55.102.52 To 157.55.107.88 6 RATTLESNAKE SCOTTSU-7 ICMP Echo Reply, To 157.55.102.52 From 157.55.107.88