[RESOLVED] Am I misunderstanding the DNS specs?
I've been using RFC 1035.4.1.3 as a reference for DNS RR format:
http://www.freesoft.org/CIE/RFC/1035/42.htm
I'm trying to write a function that gets the resource records from a response datagram, but I'm running into a bizzare problem. The specs say that RDLENGTH is "an unsigned 16 bit integer that specifies the length in octets of the RDATA field" but in the datagrams I'm getting the RDLENGTH is sometimes lower than it should be. I've checked with wireshark to ensure that I'm getting the datagram correctly, and I am. Here's a CNAME record I got while looking up google:
Code:
C0 0C 00 05 00 01 00 03 95 FC 00 10 03 77 77 77
01 6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00
So that's the name
C0 0C (a pointer to www.google.com earlier in the dgram)
Then the type
00 05 (CNAME)
Then the class
00 01 (IN)
Then the TTL
00 03 95 FC (whatever)
Then RDLENGTH
00 10 (that's 16 bytes, yes?)
Then RDATA
03 77 77 77 01 6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00 (www.l.google.com - format is correct)
As you can see, the RDATA is 18 bytes in length. 18 bytes is 0x12, not 0x10.
The type A records that come after that correctly report RLENGTH 4 for the address data, but I can't see what's going on here with the CNAME record. Am I missing something here? I'd dismiss it as an error, but I'm getting this with every response, either from my program or from nslookup.
I guess really what I need to know is whether I should expect this kind of behavior and if so what rules should I follow to adapt to it so I can parse these records.
Thank you to anyone who gives advice. :)
Re: Am I misunderstanding the DNS specs?
Erk...
Despite the fact that last night I was getting this error consistently I am now suddenly unable to recreate it. :s
I have no idea what was causing it. All I can think is that maybe my router was mangling packets for some reason.
Sorry to anyone who wasted time messing with it.