Take a look at this cpu profile: https://drive.google.com/open?id=16MlEZ39teT2EGYdwe4vhZ5_1PtaPAlrn

Currently, the header flags are decoded as:
flags: flags & 32767

I understand the Q/R flag is pulled out as 'type' but it is technically part of the flags and probably should be included in the flags field. Currently, this breaks a test where I encode a packet and decode it and compare the fields.

Thoughts?

Would it break backward compatibility to change it now? Maybe it's better to leave it alone and mask out the flags comparison in the test.

Starting with commit f6db3d3, I can no longer send TXT records with an empty payload using multicast-dns:

{name, type: "TXT", ttl, data: ""}

I have identified the problem to be the coalescing of data and options on line 1241 of dns-packet:

Would it be possible to change that into a comparison with null and/or undefined instead to allow empty TXT records again? Sending empty TXT records may seem pointless, but I found it to be required for interoperability with certain mDNS clients.

The list of available flags in the README

is missing the packet.DNSSEC_OK flag

Here's the wire format https://www.rfc-editor.org/rfc/rfc6698#section-2.1

While name.encode('.') returns a single byte '\x00', name.encode('') returns '\x00\x00'.

This is a wonderful library. I am curious how to structure query responses in cases where you want to authoritatively answer that this domain cannot be found.

I found the following article: Know thy DNS: Understanding the four most common DNS response codes

Unless I missed something, would it be worthwhile to document how to formulate (and return) the NXDOMAIN response?

Please update the README to mention that the OPT record must be in the response.additionals array and not the response.answers array.

I get this whenever I attempt to use Google's DoH endpoint. I don't get it from cloudflare. Any ideas?

internal/buffer.js:77
  throw new ERR_OUT_OF_RANGE(type || 'offset',
  ^

RangeError [ERR_OUT_OF_RANGE]: The value of "offset" is out of range. It must be >= 0 and <= 785. Received 858
    at boundsError (internal/buffer.js:77:9)
    at Buffer.readUInt16BE (internal/buffer.js:323:5)
    at Object.question.decode (C:\Users\Cam\projects\playground\base64url\node_modules\dns-packet\index.js:1417:31)
    at decodeList (C:\Users\Cam\projects\playground\base64url\node_modules\dns-packet\index.js:1537:19)
    at Object.exports.decode (C:\Users\Cam\projects\playground\base64url\node_modules\dns-packet\index.js:1477:12)
    at IncomingMessage.<anonymous> (C:\Users\Cam\projects\playground\base64url\node_modules\@sagi.io\dns-over-https\index.js:78:31)
    at IncomingMessage.emit (events.js:321:20)
    at IncomingMessage.Readable.read (_stream_readable.js:508:10)
    at flow (_stream_readable.js:979:34)
    at resume_ (_stream_readable.js:960:3) {
  code: 'ERR_OUT_OF_RANGE'
}

Installing this package drops an 11MB (!) file called "node010" in the module dir: what is this file? Is this, as the name might seem to suggest, a single-file compiled node 0.10? What is it used for? Can the README.md be extend to explain what this file is and what its security implications are (because this is a DNS package, there are always security implications)

There is a two byte length field that proceeds the message when sent over stream protocols like TCP as defined in RFC 1035. I have a patch for this I will submit as a pull request.

Caused by this change:
25f15dd

I'm seeing requests with a type of UNKNOWN_64 and UNKNOWN_65.

https://en.wikipedia.org/wiki/NAPTR_record

Currently,dns-packet does not support this query type.Please help add this.Thanks.

I would like to proceed with DNS Query by applying DNSSEC. However, there is no example to query DNSSEC. Can you give me an example of DNS query by applying DNSSEC?

The lack of it was noticed in #4. From https://tools.ietf.org/html/rfc6762:

Multicast DNS defines the top bit in the class field of a DNS question as the unicast-response bit.

Suggestion was to add a boolean property on questions that maps to the top bit in the class bits.

name.encode encodes the root domain incorrectly:
'' as 00 00 and '.' as 00 00 00 instead of 00
According to RFC1035 3.1 the first 00 length byte terminates a name.

When a question's name field has a trailing dot (e.g. 1.0.0.127.in-addr.arpa.), the length is computed before the trailing dot is dropped. This results in a buffer that's one byte longer than necessary, and which has a trailing byte that goes unfilled. For example,

        var reversed = '151.1.168.192.in-addr.arpa.';
        resolver.query({
            flags: 1 << 8 | 1 << 5,
            id: getRandomInt(1, 65534),
            questions: [
                {
                    name: reversed,
                    type: 'PTR',
                    class: 'IN'
                },
            ],
            additionals: [
                {
                    name: '.',
                    type: 'OPT',
                    udpPayloadSize: 0x1000,
                },
            ],
        });

results in a buffer len of 56, but only 55 bytes are written.

The relevant code is here:

name.encode = function (str, buf, offset) {
  if (!buf) buf = Buffer.allocUnsafe(name.encodingLength(str)) // <-- allocate based on str len
  if (!offset) offset = 0
  const oldOffset = offset

  // strip leading and trailing .
  const n = str.replace(/^\.|\.$/gm, '') // <-- mutate str
  if (n.length) {
    const list = n.split('.') // <-- loses the last byte

This was discovered while diagnosing #52 (also trying to diagnose mafintosh/multicast-dns#13).

As a workaround, manually dropping the trailing dot in constructing the address seems to work (but not to fix my issue, oh well.)

We currently have these header flag booleans:

flag_auth
flag_trunc
flag_rd
flag_ra
flag_z
flag_ad
flag_cd

I notices that there is a registered list of 2-character flag names here and I think we should use flag_{xx} naming scheme. Note that this is a breaking change on flag_auth, flag_trunc and flag_z (which is reserved and should likely be removed, unless there's a use case for it).

cc: @pusateri

Currently, this library cannot directly be used in non-Node environments (without Buffer polyfills). Are there any issues with switching to ArrayBuffer instead? Just wondering if such a contribution would be accepted.

Hey 👋 Just writing to express thanks for making dns-packet – it made creating 🍊 Tangerine npm install tangerine possible. We shared thanks in our README too! Just passing this note along in case you also wanted to mention in dns-packet's README this project. It uses dns-packet under the hood!

doh client example using dns-packet here
I can add this to examples.

Based on this internet-draft

RFC 1035 4.1.4. Message compression seems not supported.

https://stackoverflow.com/questions/57713226/understanding-how-the-pointers-of-mdns-response-records-works

Would be a nice to have feature.

These are currently encoded as a Buffer, but I think it would be more useful to have them as a text string. If we decode them as text, should ASCII or UTF8 be used? I'd wager the spec only supports ASCII but I see no harm if we do UTF8 as it is a superset of ASCII.

This packet cannot be decoded:

000084000000000600000000045f686170045f746370056c6f63616c00000c000100001194001411496e646f6f7243616d20324b2d30413143c00c09496e646f6f7263616dc016002f8001000000780005c0a5000140c027002f8001000011940009c02700050000800040c03b00018001000000780004c0a801f3c0270021800100000078000800000000b6f8c03bc0270010800100001194004c0463233d310466663d321469643d34413a34413a33373a37383a34443a3030086d643d54383430300670763d312e310573233d31340473663d300563693d31370b73683d4a6b6e5466773d3d

This is the error:

…/node_modules/dns-packet/index.js:83
        throw new Error('Cannot decode name (bad pointer)')
        ^

Error: Cannot decode name (bad pointer)
    at name.decode (…/node_modules/dns-packet/index.js:83:15)
    at rnsec.decode (…/node_modules/dns-packet/index.js:1147:28)
    at answer.decode (…/node_modules/dns-packet/index.js:1451:18)
    at decodeList (…/node_modules/dns-packet/index.js:1625:19)
    at exports.decode (…/node_modules/dns-packet/index.js:1566:12)
    at Object.<anonymous> (…/dns.js:3:11)
    at Module._compile (node:internal/modules/cjs/loader:1159:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1213:10)
    at Module.load (node:internal/modules/cjs/loader:1037:32)
    at Module._load (node:internal/modules/cjs/loader:878:12)

Node.js v18.12.1

This is the reproduction case:

const dnsPacket = require('dns-packet');

dnsPacket.decode(
	Buffer.from('000084000000000600000000045f686170045f746370056c6f63616c00000c000100001194001411496e646f6f7243616d20324b2d30413143c00c09496e646f6f7263616dc016002f8001000000780005c0a5000140c027002f8001000011940009c02700050000800040c03b00018001000000780004c0a801f3c0270021800100000078000800000000b6f8c03bc0270010800100001194004c0463233d310466663d321469643d34413a34413a33373a37383a34443a3030086d643d54383430300670763d312e310573233d31340473663d300563693d31370b73683d4a6b6e5466773d3d', 'hex'),
);

Interestingly enough, https://pypi.org/project/dnslib/ cannot decode it either while https://github.com/mdns-js/node-dns-js handles it just fine.

const dns = require('dns-js');

const result = dns.DNSPacket.parse(
	Buffer.from('000084000000000600000000045f686170045f746370056c6f63616c00000c000100001194001411496e646f6f7243616d20324b2d30413143c00c09496e646f6f7263616dc016002f8001000000780005c0a5000140c027002f8001000011940009c02700050000800040c03b00018001000000780004c0a801f3c0270021800100000078000800000000b6f8c03bc0270010800100001194004c0463233d310466663d321469643d34413a34413a33373a37383a34443a3030086d643d54383430300670763d312e310573233d31340473663d300563693d31370b73683d4a6b6e5466773d3d', 'hex'),
);

console.log(result);

Not sure what is going on here.

The encoded TXT RDATA response (see RFC 1035 section 3.3.14) is malformed. The TXT-DATA should be an array of <character-string>, NOT just a string. Each <character-string> has a length prefixed byte followed by the UTF-8 string. The array is terminated with a NUL byte.

https://github.com/mafintosh/dns-packet/blob/master/index.js#L294 needs a fix.

I have seen specific DNS request for google is failing with this error
RangeError [ERR_OUT_OF_RANGE]: The value of "offset" is out of range. It must be >= 0 and <= 49. Received 73
at Object.answer.decode (/home/pi/bin/nodejs/dns/node_modules/dns-packet/index.js:1353:31)

DNS request was : 000e0100000100000000000106676f6f676c6503636f6d0000010001010029100000000000000c000a0008121badeb9ce77e55

Could you use this to detect certain ad hosts and return 0.0.0.0 and act like an ad blocker on dns level?

Currently, the RR type encoding length is set to the length of the RR type data plus 2. RR type A has length 6, RR Type AAAA has length 18, etc. I think this includes the RDATA LEN short but it seems like it shouldn't.

After installation via NPM, there is an 11MB file in the dns-packet folder.

I can't find a reference to it.
Is there a reason for it being there?

By example, when create a query using nsztm1.digi.ninja server as UDP4 protocol and zonetransfer.me as hostname in AXFR method return a empty array response:

const dnsPacket = require('dns-packet')
const dgram = require('dgram')

const socket = dgram.createSocket('udp4')

const buf = dnsPacket.encode({
  type: 'query',
  id: 1,
  flags: dnsPacket.RECURSION_DESIRED,
  questions: [{
    type: 'AXFR',
    name: 'zonetransfer.me'
  }]
})

socket.on('message', message => {
  console.log(dnsPacket.decode(message))
})

socket.send(buf, 0, buf.length, 53, 'nsztm1.digi.ninja')

Results:

{
  id: 1,
  type: 'response',
  flags: 257,
  flag_qr: true,
  opcode: 'QUERY',
  flag_aa: false,
  flag_tc: false,
  flag_rd: true,
  flag_ra: false,
  flag_z: false,
  flag_ad: false,
  flag_cd: false,
  rcode: 'FORMERR',
  questions: [ { name: 'zonetransfer.me', type: 'AXFR', class: 'IN' } ],
  answers: [],
  authorities: [],
  additionals: []
}

I was expecting it to respond with the known and unknown records as a objects and buffer.

But using dig command:

$ dig -t AXFR zonetransfer.me @nsztm1.digi.ninja

; <<>> DiG 9.16.1-Ubuntu <<>> -t AXFR zonetransfer.me @nsztm1.digi.ninja
;; global options: +cmd
zonetransfer.me.	7200	IN	SOA	nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me.	300	IN	HINFO	"Casio fx-700G" "Windows XP"
zonetransfer.me.	301	IN	TXT	"google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA"
zonetransfer.me.	7200	IN	MX	0 ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	A	5.196.105.14
zonetransfer.me.	7200	IN	NS	nsztm1.digi.ninja.
zonetransfer.me.	7200	IN	NS	nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me. 301 IN	TXT	"6Oa05hbUJ9xSsvYy7pApQvwCUSSGgxvrbdizjePEsZI"
_sip._tcp.zonetransfer.me. 14000 IN	SRV	0 0 5060 www.zonetransfer.me.
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200	IN PTR www.zonetransfer.me.
asfdbauthdns.zonetransfer.me. 7900 IN	AFSDB	1 asfdbbox.zonetransfer.me.
asfdbbox.zonetransfer.me. 7200	IN	A	127.0.0.1
asfdbvolume.zonetransfer.me. 7800 IN	AFSDB	1 asfdbbox.zonetransfer.me.
canberra-office.zonetransfer.me. 7200 IN A	202.14.81.230
cmdexec.zonetransfer.me. 300	IN	TXT	"; ls"
contact.zonetransfer.me. 2592000 IN	TXT	"Remember to call or email Pippa on +44 123 4567890 or [email protected] when making DNS changes"
dc-office.zonetransfer.me. 7200	IN	A	143.228.181.132
deadbeef.zonetransfer.me. 7201	IN	AAAA	dead:beaf::
dr.zonetransfer.me.	300	IN	LOC	53 20 56.558 N 1 38 33.526 W 0.00m 1m 10000m 10m
DZC.zonetransfer.me.	7200	IN	TXT	"AbCdEfG"
email.zonetransfer.me.	2222	IN	NAPTR	1 1 "P" "E2U+email" "" email.zonetransfer.me.zonetransfer.me.
email.zonetransfer.me.	7200	IN	A	74.125.206.26
Hello.zonetransfer.me.	7200	IN	TXT	"Hi to Josh and all his class"
home.zonetransfer.me.	7200	IN	A	127.0.0.1
Info.zonetransfer.me.	7200	IN	TXT	"ZoneTransfer.me service provided by Robin Wood - [email protected]. See http://digi.ninja/projects/zonetransferme.php for more information."
internal.zonetransfer.me. 300	IN	NS	intns1.zonetransfer.me.
internal.zonetransfer.me. 300	IN	NS	intns2.zonetransfer.me.
intns1.zonetransfer.me.	300	IN	A	81.4.108.41
intns2.zonetransfer.me.	300	IN	A	167.88.42.94
office.zonetransfer.me.	7200	IN	A	4.23.39.254
ipv6actnow.org.zonetransfer.me.	7200 IN	AAAA	2001:67c:2e8:11::c100:1332
owa.zonetransfer.me.	7200	IN	A	207.46.197.32
robinwood.zonetransfer.me. 302	IN	TXT	"Robin Wood"
rp.zonetransfer.me.	321	IN	RP	robin.zonetransfer.me. robinwood.zonetransfer.me.
sip.zonetransfer.me.	3333	IN	NAPTR	2 3 "P" "E2U+sip" "!^.*$!sip:[email protected]!" .
sqli.zonetransfer.me.	300	IN	TXT	"' or 1=1 --"
sshock.zonetransfer.me.	7200	IN	TXT	"() { :]}; echo ShellShocked"
staging.zonetransfer.me. 7200	IN	CNAME	www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A	127.0.0.1
testing.zonetransfer.me. 301	IN	CNAME	www.zonetransfer.me.
vpn.zonetransfer.me.	4000	IN	A	174.36.59.154
www.zonetransfer.me.	7200	IN	A	5.196.105.14
xss.zonetransfer.me.	300	IN	TXT	"'><script>alert('Boo')</script>"
zonetransfer.me.	7200	IN	SOA	nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
;; Query time: 228 msec
;; SERVER: 81.4.108.41#53(81.4.108.41)
;; WHEN: mar mar 29 10:59:39 -03 2022
;; XFR size: 50 records (messages 1, bytes 1994)

According to RFC 8484 section 4.1, the id should always be 0 to optimize caching:

In order to maximize HTTP cache friendliness, DoH clients using media formats that include the ID field from the DNS message header, such as "application/dns-message", SHOULD use a DNS ID of 0 in every DNS request. HTTP correlates the request and response, thus eliminating the need for the ID in a media type such as "application/dns-message". The use of a varying DNS ID can cause semantically equivalent DNS queries to be cached separately.

Feature Request:
Support encoding RFC 2671 OPT RRs. I'm working up a PR.

RCODE is the lower 4 bits of the flags (`flags & 0xF), and only 10 of the 16 codes are allocated.

See https://tools.ietf.org/html/rfc6895#page-4

I want to check all query records , like A, AAAA, SOA, CNAME, MX at once. How can I do that?
Thanks

Experimenting a bit with creating packages using the encode method. The below package returns an error:
RangeError [ERR_OUT_OF_RANGE]: The value of "offset" is out of range. It must be >= 0 and <= 971. Received 1013

const dnsPacket = require('dns-packet')
const buf = dnsPacket.encode({
type: 'query',
id: 23751,
flags: 256,
questions: [ { type: 'A', name: 'google.com' } ]
})

Perhaps this is related to the issue here: #60

Stacktrace:
at Object.question.decode (C:\sources\lab\node_modules\dns-packet\index.js:1417:31)
at decodeList (C:\sources\lab\node_modules\dns-packet\index.js:1537:19)
at Object.exports.decode (C:\sources\lab\node_modules\dns-packet\index.js:1477:12)
at IncomingMessage. (C:\sources\lab\buildpacket.js:30:35)

For the rname in a SOA record it's possible to escape a dot.

So john\.doe.example.com should become [email protected]. See here.

But the result is just john.doe.example.com and therefore it's not possible to finde the right . to replace it with an @.

Proposal:

• add nyc as a dev dependency
• Add a coverage script to package.json that generates HTML
• Add coverage outputs to .gitignore

Optional, if desired (trivial for me to do, but more controversial):

• Install coveralls in .travis.yml
• On successful run, send output to coveralls.io
• Add support for auto-refresh of the coverage HTML (makes writing coverage tests fun)

To do version queries, like:

var socket = require("dns-socket")();

socket.query({
  questions: [{
    type: "TXT",
    class: "CH",
    name: "version.bind"
  }]
}, 53, "4.2.2.2", function(err, res) {
  console.log(err, res);
});

I'd imagine support for these classes could be useful:

This new RFC describes a JSON format for dns packets. This issue is a placeholder to look at the differences between what we're doing and the RFC to determine if we want to make any adjustments.

https://tools.ietf.org/html/rfc8427

Better support for "popular" EDNS0 options from the IANA list. I've the start of a patch for ECS that allows this:

    options: [ {
      code: 8,
      ip: 'fe80::/64'
    } ]

on parse, you get this:

       options:
        [ { code: 8,
            data: <Buffer 00 02 40 00 fe 80 00 00 00 00 00 00>,
            family: 2,
            sourcePrefixLength: 64,
            scopePrefixLength: 0,
            ip: 'fe80::' } ] } ] }

note that the data field is retained for backward compatibility.

If this approach makes sense and is interesting to the maintainers, I'll send a PR eventually with support for all of the options in the IANA list that have RFCs that are clear enough to make sense to me, including tests.

The dependency can safely be dropped in Node.js 6 or higher (the used methods were introduced in 5.12), just adding this here so we don't forget.

Hi there,
I'm trying to use the dns-packet for some dns-over-https things...
I'm wondering if it's possible to encode/decode the type with IANA dna parameter?
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
like getting type:28 instead of type:'AAAA' while encode/decode?
Thanks!

Now they are treated as runknown

Anyone interested in supporting typescript in this project?