bedreaming.cublog.cn
原创。
在抓包过程中发现,wireshark问题把z字段解释成为1bit,这与我们书上及RFC 1035中所说的的3bits的z字段不太相符,查了一下相关资料,z字段其实被细分为1bit z,1bit AD,1bit CD,如下(摘自RFC 2929):
F**K,上图用文本画出来时,编辑器中看着格式正确,写完文章传上去格式就歪了,只有上图片了。。可恶的CUBLOG..
但RFC2929中貌似没有提到AD和CD的用处,从另外一篇文章中看到如下信息:
The original DNS reserves the Z field for future use, and it must be zero (000) in all queries and responses. Two bits (authentic data (AD) and checking disabled (CD)) are allocated from this Z field to be used by the DNSSEC. AD is used in a response message to state that the name resolution has been verified by the source. CD is a client option to indicate that verified data is notrequired.
看来是用在DNSSEC中的,没仔细看过DNSSEC的东西,所以也不太了解这些。
在对普通的DNS响应和请求的测试中发现,如果请求中CD置位,则回应中CD也会置位;请求中AD及z的置位会被忽略。
阅读(2280) | 评论(1) | 转发(0) |