DNS Name Notation and Message Compression Technique
(Page 2 of 3)
DNS Message Compression
A single DNS message may contain many domain names. Now, consider that when a particular name server sends a response containing multiple domain names, they are all usually in the same zone, or are related to the zone. Most of these names will have common elements to their names.
Consider our previous mail example of a client asking for an MX record for xyzindustries.com. The response to this client will contain, among other things, these two records:
This is just one small example of name duplication; it can be much more extreme with other types of DNS messages, with certain string patterns being repeated many times. Normally this would require that each name be spelled out fully using the encoding method described above. But this would be wasteful, since a large portion of these names is common.
To cut down on duplication, a special technique called message compression is used. Instead of a DNS name encoded as above using the combination of labels and label-lengths, a two-byte subfield is used to represent a pointer to another location in the message where the name can be found. The first two bits of this subfield are set to one (the value 11 in binary), and the remaining 14 bits contain an offset that species where in the message the name can be found, counting the first byte of the message (the first byte of the ID field) as 0.
Let's go back to our example. Suppose that in the DNS message above, the RData field of the MX record, containing mail.xyzindustries.com, begins at byte 47. In this first instance, we would find the name encoded in full as:
 m a i l  x y z i n d u s t r i e s  c o m .
However, the second instance, where mail.xyzindustries.com shows up in the Name field of the A record, we would instead put two 1 bits, followed by the number 47 encoded in binary. So, this would be the 16-bit binary pattern 11000000 00101111, or two numeric byte values 192 and 47. This second instance now takes 2 bytes instead of duplicating the 24 bytes needed for the first instance of the name.
How does a device reading a name field differentiate a pointer from a real name? This is the reason that 11 is used at the start of the field. Doing this guarantees that the first byte of the pointer will always have a value of 192 or larger. Since labels are restricted to a length of 63 or less, when the host reads the first byte of a name, if it sees a value of 63 or less in a byte, it knows this is a real name; a value of 192 or more means it is a pointer.
Home - Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.