Protocol Tutorial

DNS Header Format

Detailed guide to DNS message structure: header, question section, answer section, authority section, and additional section. Learn how DNS queries and responses are encoded.

Protocol Overview

Domain Name System (RFC 1035)

Header Size: 12 bytes (96 bits)

Fields: 6

Endianness: big

Spec: RFC 1035

Header Fields

Field	Offset	Size	Type	Description
Transaction ID transaction_id	0 bits	16 bits	uint16hex	Identifier for matching queries and responses
Flags flags	16 bits	16 bits	uint16binary	Query/Response flags and codes
Questions questions	32 bits	16 bits	uint16	Number of questions
Answer RRs answer_rrs	48 bits	16 bits	uint16	Number of answer resource records
Authority RRs authority_rrs	64 bits	16 bits	uint16	Number of authority resource records
Additional RRs additional_rrs	80 bits	16 bits	uint16	Number of additional resource records

Common DNS Mistakes

1Misreading the flags field: QR bit (bit 15) determines query (0) vs response (1)
2Forgetting that domain names are encoded with length-prefixed labels, not null-terminated strings
3Not accounting for pointer compression (0xC0 offset) in repeated domain names
4Confusing the counts: Questions, Answer RRs, Authority RRs, Additional RRs
5Assuming all DNS uses UDP port 53 (large responses use TCP)

Try It Yourself

Parse real DNS packets in the interactive visualizer

Open Visualizer

Related Resources

DNS Protocol Visualizer - Parse & Analyze DNS Messages DNS Query Packet Example - ByteLens

Quick Facts

ProtocolDNS

Header Size12 bytes

Fields6

Endiannessbig

SpecificationRFC 1035