draft-ietf-dnsop-dns-capture-format-03.txt   draft-ietf-dnsop-dns-capture-format-04.txt 
dnsop J. Dickinson dnsop J. Dickinson
Internet-Draft J. Hague Internet-Draft J. Hague
Intended status: Standards Track S. Dickinson Intended status: Standards Track S. Dickinson
Expires: January 4, 2018 Sinodun IT Expires: July 7, 2018 Sinodun IT
T. Manderson T. Manderson
J. Bond J. Bond
ICANN ICANN
July 3, 2017 January 3, 2018
C-DNS: A DNS Packet Capture Format C-DNS: A DNS Packet Capture Format
draft-ietf-dnsop-dns-capture-format-03 draft-ietf-dnsop-dns-capture-format-04
Abstract Abstract
This document describes a data representation for collections of DNS This document describes a data representation for collections of DNS
messages. The format is designed for efficient storage and messages. The format is designed for efficient storage and
transmission of large packet captures of DNS traffic; it attempts to transmission of large packet captures of DNS traffic; it attempts to
minimize the size of such packet capture files but retain the full minimize the size of such packet capture files but retain the full
DNS message contents along with the most useful transport metadata. DNS message contents along with the most useful transport metadata.
It is intended to assist with the development of DNS traffic It is intended to assist with the development of DNS traffic
monitoring applications. monitoring applications.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2018. This Internet-Draft will expire on July 7, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 15 skipping to change at page 3, line 15
10.8. Post Processing . . . . . . . . . . . . . . . . . . . . 29 10.8. Post Processing . . . . . . . . . . . . . . . . . . . . 29
11. Implementation Status . . . . . . . . . . . . . . . . . . . . 29 11. Implementation Status . . . . . . . . . . . . . . . . . . . . 29
11.1. DNS-STATS Compactor . . . . . . . . . . . . . . . . . . 30 11.1. DNS-STATS Compactor . . . . . . . . . . . . . . . . . . 30
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
13. Security Considerations . . . . . . . . . . . . . . . . . . . 30 13. Security Considerations . . . . . . . . . . . . . . . . . . . 30
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30
15. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 31 15. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 31
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 32
16.1. Normative References . . . . . . . . . . . . . . . . . . 32 16.1. Normative References . . . . . . . . . . . . . . . . . . 32
16.2. Informative References . . . . . . . . . . . . . . . . . 32 16.2. Informative References . . . . . . . . . . . . . . . . . 32
16.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 33 16.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Appendix A. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 34 Appendix A. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 35
Appendix B. DNS Name compression example . . . . . . . . . . . . 41 Appendix B. DNS Name compression example . . . . . . . . . . . . 41
B.1. NSD compression algorithm . . . . . . . . . . . . . . . . 42 B.1. NSD compression algorithm . . . . . . . . . . . . . . . . 42
B.2. Knot Authoritative compression algorithm . . . . . . . . 42 B.2. Knot Authoritative compression algorithm . . . . . . . . 43
B.3. Observed differences . . . . . . . . . . . . . . . . . . 43 B.3. Observed differences . . . . . . . . . . . . . . . . . . 43
Appendix C. Comparison of Binary Formats . . . . . . . . . . . . 43 Appendix C. Comparison of Binary Formats . . . . . . . . . . . . 43
C.1. Comparison with full PCAP files . . . . . . . . . . . . . 46 C.1. Comparison with full PCAP files . . . . . . . . . . . . . 46
C.2. Simple versus block coding . . . . . . . . . . . . . . . 46 C.2. Simple versus block coding . . . . . . . . . . . . . . . 47
C.3. Binary versus text formats . . . . . . . . . . . . . . . 47 C.3. Binary versus text formats . . . . . . . . . . . . . . . 47
C.4. Performance . . . . . . . . . . . . . . . . . . . . . . . 47 C.4. Performance . . . . . . . . . . . . . . . . . . . . . . . 47
C.5. Conclusions . . . . . . . . . . . . . . . . . . . . . . . 47 C.5. Conclusions . . . . . . . . . . . . . . . . . . . . . . . 48
C.6. Block size choice . . . . . . . . . . . . . . . . . . . . 48 C.6. Block size choice . . . . . . . . . . . . . . . . . . . . 48
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 49 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 49
1. Introduction 1. Introduction
There has long been a need to collect DNS queries and responses on There has long been a need to collect DNS queries and responses on
authoritative and recursive name servers for monitoring and analysis. authoritative and recursive name servers for monitoring and analysis.
This data is used in a number of ways including traffic monitoring, This data is used in a number of ways including traffic monitoring,
analyzing network attacks and "day in the life" (DITL) [ditl] analyzing network attacks and "day in the life" (DITL) [ditl]
analysis. analysis.
skipping to change at page 10, line 12 skipping to change at page 10, line 12
sizes up to 10,000 Q/R data items give good results. See sizes up to 10,000 Q/R data items give good results. See
Appendix C.6 for more details. Appendix C.6 for more details.
If no field type is specified, then the field is unsigned. If no field type is specified, then the field is unsigned.
In all quantities that contain bit flags, bit 0 indicates the least In all quantities that contain bit flags, bit 0 indicates the least
significant bit. An item described as an index is the index of the significant bit. An item described as an index is the index of the
Q/R data item in the referenced table. Indexes are 1-based. An Q/R data item in the referenced table. Indexes are 1-based. An
index value of 0 is reserved to mean "not present". index value of 0 is reserved to mean "not present".
All map keys are unsigned integers with values specified in the CDDL
(string keys would significantly bloat the file size).
7.3. File header contents 7.3. File header contents
The file header contains the following: The file header contains the following:
+---------------+---------------+-----------------------------------+ +---------------+---------------+-----------------------------------+
| Field | Type | Description | | Field | Type | Description |
+---------------+---------------+-----------------------------------+ +---------------+---------------+-----------------------------------+
| file-type-id | Text string | String "C-DNS" identifying the | | file-type-id | Text string | String "C-DNS" identifying the |
| | | file type. | | | | file type. |
| | | | | | | |
skipping to change at page 16, line 5 skipping to change at page 16, line 5
| ip-address | Byte | The IP address, in network byte order. The | | ip-address | Byte | The IP address, in network byte order. The |
| | string | string is 4 bytes long for an IPv4 address, | | | string | string is 4 bytes long for an IPv4 address, |
| | | 16 bytes long for an IPv6 address. | | | | 16 bytes long for an IPv6 address. |
+------------+--------+---------------------------------------------+ +------------+--------+---------------------------------------------+
7.11. Class/Type table 7.11. Class/Type table
The table "classtype" holds pairs of RR CLASS and TYPE values. Each The table "classtype" holds pairs of RR CLASS and TYPE values. Each
item in the table is a CBOR map. item in the table is a CBOR map.
+-------+--------------+ +-------+----------+--------------+
| Field | Description | | Field | Type | Description |
+-------+--------------+ +-------+----------+--------------+
| type | TYPE value. | | type | Unsigned | TYPE value. |
| | | | | | |
| class | CLASS value. | | class | Unsigned | CLASS value. |
+-------+--------------+ +-------+----------+--------------+
7.12. Name/RDATA table 7.12. Name/RDATA table
The table "name-rdata" holds the contents of all NAME or RDATA items The table "name-rdata" holds the contents of all NAME or RDATA items
in the block. Each item in the table is the content of a single NAME in the block. Each item in the table is the content of a single NAME
or RDATA. or RDATA.
+------------+--------+---------------------------------------------+ Note that NAMEs, and labels within RDATA contents, are full domain
| Field | Type | Description | names or labels; no DNS style name compression is used on the
+------------+--------+---------------------------------------------+ individual names/labels within the format.
| name-rdata | Byte | The NAME or RDATA contents. NAMEs, and |
| | string | labels within RDATA contents, are in | +------------+-------------+----------------------------------------+
| | | uncompressed label format. | | Field | Type | Description |
+------------+--------+---------------------------------------------+ +------------+-------------+----------------------------------------+
| name-rdata | Byte string | The NAME or RDATA contents |
| | | (uncompressed). |
+------------+-------------+----------------------------------------+
7.13. Query Signature table 7.13. Query Signature table
The table "query-sig" holds elements of the Q/R data item that are The table "query-sig" holds elements of the Q/R data item that are
often common between multiple individual Q/R data items. Each item often common between multiple individual Q/R data items. Each item
in the table is a CBOR map. Each item in the map has an unsigned in the table is a CBOR map. Each item in the map has an unsigned
value and an unsigned key. value and an unsigned integer key.
The following abbreviations are used in the Present (P) column The following abbreviations are used in the Present (P) column
o Q = QUERY o Q = QUERY
o A = Always o A = Always
o QT = QUESTION o QT = QUESTION
o QO = QUERY, OPT o QO = QUERY, OPT
skipping to change at page 19, line 10 skipping to change at page 19, line 10
| | | contains OPT, this value | | | | contains OPT, this value |
| | | incorporates any | | | | incorporates any |
| | | EXTENDED_RCODE_VALUE. Optional. | | | | EXTENDED_RCODE_VALUE. Optional. |
+-----------------------+----+--------------------------------------+ +-----------------------+----+--------------------------------------+
7.14. Question table 7.14. Question table
The table "qrr" holds details on individual Questions in a Question The table "qrr" holds details on individual Questions in a Question
section. Each item in the table is a CBOR map containing a single section. Each item in the table is a CBOR map containing a single
Question. Each item in the map has an unsigned value and an unsigned Question. Each item in the map has an unsigned value and an unsigned
key. This data is optionally collected. integer key. This data is optionally collected.
+-----------------+-------------------------------------------------+ +-----------------+-------------------------------------------------+
| Field | Description | | Field | Description |
+-----------------+-------------------------------------------------+ +-----------------+-------------------------------------------------+
| name-index | The index in the NAME/RDATA table of the QNAME. | | name-index | The index in the NAME/RDATA table of the QNAME. |
| | | | | |
| classtype-index | The index in the Class/Type table of the CLASS | | classtype-index | The index in the Class/Type table of the CLASS |
| | and TYPE of the Question. | | | and TYPE of the Question. |
+-----------------+-------------------------------------------------+ +-----------------+-------------------------------------------------+
skipping to change at page 20, line 42 skipping to change at page 20, line 42
o QT = QUESTION o QT = QUESTION
o QO = QUERY, OPT o QO = QUERY, OPT
o QR = QUERY & RESPONSE o QR = QUERY & RESPONSE
o R = RESPONSE o R = RESPONSE
Each item in the map has an unsigned value (with the exception of Each item in the map has an unsigned value (with the exception of
those listed below) and an unsigned key. those listed below) and an unsigned integer key.
o query-extended and response-extended which are of type Extended o query-extended and response-extended which are of type Extended
Information. Information.
o delay-useconds and delay-pseconds which are integers (The delay o delay-useconds and delay-pseconds which are integers (The delay
can be negative if the network stack/capture library returns them can be negative if the network stack/capture library returns them
out of order.) out of order.)
+-----------------------+----+--------------------------------------+ +-----------------------+----+--------------------------------------+
| Field | P | Description | | Field | P | Description |
skipping to change at page 22, line 30 skipping to change at page 22, line 30
For UDP this is the size of the UDP payload that contained the DNS For UDP this is the size of the UDP payload that contained the DNS
message and will therefore include any trailing bytes if present. message and will therefore include any trailing bytes if present.
Trailing bytes with queries are routinely observed in traffic to Trailing bytes with queries are routinely observed in traffic to
authoritative servers and this value allows a calculation of how many authoritative servers and this value allows a calculation of how many
trailing bytes were present. For TCP it is the size of the DNS trailing bytes were present. For TCP it is the size of the DNS
message as specified in the two-byte message length header. message as specified in the two-byte message length header.
The Extended information is a CBOR map as follows. Each item in the The Extended information is a CBOR map as follows. Each item in the
map is present only if collection of the relevant details is map is present only if collection of the relevant details is
configured. Each item in the map has an unsigned value and an configured. Each item in the map has an unsigned value and an
unsigned key. unsigned integer key.
+------------------+------------------------------------------------+ +------------------+------------------------------------------------+
| Field | Description | | Field | Description |
+------------------+------------------------------------------------+ +------------------+------------------------------------------------+
| question-index | The index in the Questions list table of the | | question-index | The index in the Questions list table of the |
| | entry listing any second and subsequent | | | entry listing any second and subsequent |
| | Questions in the Question section for the | | | Questions in the Question section for the |
| | Query or Response. | | | Query or Response. |
| | | | | |
| answer-index | The index in the RR list table of the entry | | answer-index | The index in the RR list table of the entry |
skipping to change at page 31, line 9 skipping to change at page 31, line 9
matching. Also Jan Vcelak and Wouter Wijngaards for discussions on matching. Also Jan Vcelak and Wouter Wijngaards for discussions on
name compression and Paul Hoffman for a detailed review of the name compression and Paul Hoffman for a detailed review of the
document and the C-DNS CDDL. document and the C-DNS CDDL.
Thanks also to Robert Edmonds and Jerry Lundstroem for review. Thanks also to Robert Edmonds and Jerry Lundstroem for review.
Also, Miek Gieben for mmark [11] Also, Miek Gieben for mmark [11]
15. Changelog 15. Changelog
draft-ietf-dnsop-dns-capture-format-04
o Correct query-d0 to query-do in CDDL
o Clarify that map keys are unsigned integers
o Add Type to Class/type table
o Clarify storage format in section 7.12
draft-ietf-dnsop-dns-capture-format-03 draft-ietf-dnsop-dns-capture-format-03
o Added an Implementation Status section o Added an Implementation Status section
draft-ietf-dnsop-dns-capture-format-02 draft-ietf-dnsop-dns-capture-format-02
o Update qr_data_format.png to match CDDL o Update qr_data_format.png to match CDDL
o Editorial clarifications and improvements o Editorial clarifications and improvements
skipping to change at page 32, line 25 skipping to change at page 32, line 35
draft-dickinson-dnsop-dns-capture-format-00 draft-dickinson-dnsop-dns-capture-format-00
o Initial commit o Initial commit
16. References 16. References
16.1. Normative References 16.1. Normative References
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <http://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
<http://www.rfc-editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
October 2013, <http://www.rfc-editor.org/info/rfc7049>. October 2013, <https://www.rfc-editor.org/info/rfc7049>.
16.2. Informative References 16.2. Informative References
[ditl] DNS-OARC, "DITL", 2016, <https://www.dns- [ditl] DNS-OARC, "DITL", 2016, <https://www.dns-
oarc.net/oarc/data/ditl>. oarc.net/oarc/data/ditl>.
[dnscap] DNS-OARC, "DNSCAP", 2016, <https://www.dns-oarc.net/tools/ [dnscap] DNS-OARC, "DNSCAP", 2016, <https://www.dns-oarc.net/tools/
dnscap>. dnscap>.
[dnstap] dnstap.info, "dnstap", 2016, <http://dnstap.info/>. [dnstap] dnstap.info, "dnstap", 2016, <http://dnstap.info/>.
[dsc] Wessels, D. and J. Lundstrom, "DSC", 2016, [dsc] Wessels, D. and J. Lundstrom, "DSC", 2016,
<https://www.dns-oarc.net/tools/dsc>. <https://www.dns-oarc.net/tools/dsc>.
[I-D.daley-dnsxml] [I-D.daley-dnsxml]
Daley, J., Morris, S., and J. Dickinson, "dnsxml - A Daley, J., Morris, S., and J. Dickinson, "dnsxml - A
standard XML representation of DNS data", draft-daley- standard XML representation of DNS data", draft-daley-
dnsxml-00 (work in progress), July 2013. dnsxml-00 (work in progress), July 2013.
[I-D.greevenbosch-appsawg-cbor-cddl] [I-D.greevenbosch-appsawg-cbor-cddl]
Birkholz, H., Vigano, C., and C. Bormann, "CBOR data Birkholz, H., Vigano, C., and C. Bormann, "Concise data
definition language (CDDL): a notational convention to definition language (CDDL): a notational convention to
express CBOR data structures", draft-greevenbosch-appsawg- express CBOR data structures", draft-greevenbosch-appsawg-
cbor-cddl-10 (work in progress), March 2017. cbor-cddl-11 (work in progress), July 2017.
[I-D.hoffman-dns-in-json] [I-D.hoffman-dns-in-json]
Hoffman, P., "Representing DNS Messages in JSON", draft- Hoffman, P., "Representing DNS Messages in JSON", draft-
hoffman-dns-in-json-12 (work in progress), May 2017. hoffman-dns-in-json-13 (work in progress), October 2017.
[packetq] .SE - The Internet Infrastructure Foundation, "PacketQ", [packetq] .SE - The Internet Infrastructure Foundation, "PacketQ",
2014, <https://github.com/dotse/PacketQ>. 2014, <https://github.com/dotse/PacketQ>.
[pcap] tcpdump.org, "PCAP", 2016, <http://www.tcpdump.org/>. [pcap] tcpdump.org, "PCAP", 2016, <http://www.tcpdump.org/>.
[pcapng] Tuexen, M., Risso, F., Bongertz, J., Combs, G., and G. [pcapng] Tuexen, M., Risso, F., Bongertz, J., Combs, G., and G.
Harris, "pcap-ng", 2016, <https://github.com/pcapng/ Harris, "pcap-ng", 2016, <https://github.com/pcapng/
pcapng>. pcapng>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014, <http://www.rfc-editor.org/info/rfc7159>. 2014, <https://www.rfc-editor.org/info/rfc7159>.
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205, Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016, RFC 7942, DOI 10.17487/RFC7942, July 2016,
<http://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[rrtypes] IANA, "RR types", 2016, <http://www.iana.org/assignments/ [rrtypes] IANA, "RR types", 2016, <http://www.iana.org/assignments/
dns-parameters/dns-parameters.xhtml#dns-parameters-4>. dns-parameters/dns-parameters.xhtml#dns-parameters-4>.
16.3. URIs 16.3. URIs
[1] https://github.com/dns-stats/draft-dns-capture- [1] https://github.com/dns-stats/draft-dns-capture-
format/blob/master/draft-03/cdns_format.png format/blob/master/draft-04/cdns_format.png
[2] https://github.com/dns-stats/draft-dns-capture- [2] https://github.com/dns-stats/draft-dns-capture-
format/blob/master/draft-03/cdns_format.svg format/blob/master/draft-04/cdns_format.svg
[3] https://github.com/dns-stats/draft-dns-capture- [3] https://github.com/dns-stats/draft-dns-capture-
format/blob/master/draft-03/qr_data_format.png format/blob/master/draft-04/qr_data_format.png
[4] https://github.com/dns-stats/draft-dns-capture- [4] https://github.com/dns-stats/draft-dns-capture-
format/blob/master/draft-03/qr_data_format.svg format/blob/master/draft-04/qr_data_format.svg
[5] https://github.com/dns-stats/draft-dns-capture- [5] https://github.com/dns-stats/draft-dns-capture-
format/blob/master/draft-03/packet_matching.png format/blob/master/draft-04/packet_matching.png
[6] https://github.com/dns-stats/draft-dns-capture- [6] https://github.com/dns-stats/draft-dns-capture-
format/blob/master/draft-03/packet_matching.svg format/blob/master/draft-04/packet_matching.svg
[7] https://github.com/dns-stats/compactor/wiki [7] https://github.com/dns-stats/compactor/wiki
[8] https://mm.dns-stats.org/mailman/listinfo/dns-stats-users [8] https://mm.dns-stats.org/mailman/listinfo/dns-stats-users
[9] https://www.sinodun.com/2017/06/compressing-pcap-files/ [9] https://www.sinodun.com/2017/06/compressing-pcap-files/
[10] https://www.sinodun.com/2017/06/more-on-debian-jessieubuntu- [10] https://www.sinodun.com/2017/06/more-on-debian-jessieubuntu-
trusty-packet-capture-woes/ trusty-packet-capture-woes/
skipping to change at page 38, line 32 skipping to change at page 38, line 48
class = 1 class = 1
DNSFlagValues = &( DNSFlagValues = &(
query-cd : 0, query-cd : 0,
query-ad : 1, query-ad : 1,
query-z : 2, query-z : 2,
query-ra : 3, query-ra : 3,
query-rd : 4, query-rd : 4,
query-tc : 5, query-tc : 5,
query-aa : 6, query-aa : 6,
query-d0 : 7, query-do : 7,
response-cd: 8, response-cd: 8,
response-ad: 9, response-ad: 9,
response-z : 10, response-z : 10,
response-ra: 11, response-ra: 11,
response-rd: 12, response-rd: 12,
response-tc: 13, response-tc: 13,
response-aa: 14, response-aa: 14,
) )
DNSFlags = uint .bits DNSFlagValues DNSFlags = uint .bits DNSFlagValues
 End of changes. 32 change blocks. 
44 lines changed or deleted 60 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/