<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Tridge,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This e-mail is a response to your questions regarding dnsRecord’s Flags and dwReserved fields. I was already following up on a big/little endian issue with TtlSeconds for your team. In my research of that issue, I observed several issues
with [MS-DNSP] 2.3.1.2 dnsRecord, including the questions you just raised. We are in the process of updating [MS-DNSP] 2.3.1.2 dnsRecord. With the changes, I believe your issues will be resolved.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The new format will be as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">DataLength (2 bytes): An unsigned binary integer containing the length, in bytes, of the Data field.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Type (2 bytes): The resource record's type. See DNS_RECORD_TYPE (section 2.2.2.1.1).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Version (1 byte): The version number associated with the resource record attribute. The value MUST be 0x00000005.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Rank (1 byte): The least-significant byte of one of the RANK* flag values. See dwFlags (section 2.2.2.2.5).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Flags (2 bytes): Not used. The value MUST be 0x0000.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Serial (4 bytes): The serial number of the SOA record of the zone containing this resource record. See DNS_RPC_RECORD_SOA (section 2.2.2.2.4.3).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">TtlSeconds (4 bytes): See dwTtlSeconds (section 2.2.2.2.5). This field uses big-endian byte order.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Reserved (4 bytes): This field is reserved for future use. The value MUST be 0x00000000.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">TimeStamp (4 bytes): See dwTimeStamp (section 2.2.2.2.5).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Data (variable): The resource record’s data. See DNS_RPC_RECORD_DATA (section 2.2.2.2.4).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When using the above as a template, I expect that you will now see dwReserved as zero. I suspect that what you were seeing as non-NULL dwReserved fields are actually TimeStamp fields. That was my experience.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regarding the dwFlags examples you provided:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> dwFlags : 0x00000005 (5)<o:p></o:p></p>
<p class="MsoNormal"> dwFlags : 0x00000805 (2053)<o:p></o:p></p>
<p class="MsoNormal"> dwFlags : 0x00008005 (32773)<o:p></o:p></p>
<p class="MsoNormal"> dwFlags : 0x00008205 (33285)<o:p></o:p></p>
<p class="MsoNormal"> dwFlags : 0x0000f005 (61445)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">after byte-flipping and breaking dwFlags into Version (1 byte), Rank (1 byte) and Flags (2 bytes) fields:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Version: : 0x05 (5) in all cases<o:p></o:p></p>
<p class="MsoNormal"> Rank: : 0x00<o:p></o:p></p>
<p class="MsoNormal"> : 0x08 RANK_ROOT_HINT<o:p></o:p></p>
<p class="MsoNormal"> : 0x80 RANK_GLUE<o:p></o:p></p>
<p class="MsoNormal"> : 0x82 RANK_NS_GLUE<o:p></o:p></p>
<p class="MsoNormal"> : 0xf0 RANK_ZONE<o:p></o:p></p>
<p class="MsoNormal"> Flags: : 0x0000 (0) in all cases<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I snapped a packet that contains three such records and show them below:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">(1) DNS_TYPE_A:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Header: 04 00 01 00 05 F0 00 00 04 00 00 00 00 00 02 58 00 00 00 00 4F CD 36 00<o:p></o:p></p>
<p class="MsoNormal">Value: (DNS_TYPE_A) 0A 00 00 01 (10.0.0.1)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">(2) DNS_TYPE_NS:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Header: 14 00 02 00 05 F0 00 00 04 00 00 00 00 00 0E 10 00 00 00 00 00 00 00 00<o:p></o:p></p>
<p class="MsoNormal">Value:12 03 02 64 63 07 63 6F 6E 74 6F 73 6F 05 6C 6F 63 61 6C 00 ("dc contoso local")<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">(3) DNS_TYPE_SOA:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Header: 44 00 06 00 05 F0 00 00 04 00 00 00 00 00 0E 10 00 00 00 00 00 00 00 00<o:p></o:p></p>
<p class="MsoNormal">Value: 00 00 00 03 00 00 03 84 00 00 02 58 00 01 51 80 00 00 0E 10 12 03 02 64 63 07 63 6F 6E 74 6F 73 6F 05 6C 6F 63 61 6C 00 (proper SOA Record)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Taking the three DNS_RPC_HEADERS (adding "|" breaks between fields):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">(1) 04 00 | 01 00 | 05 | F0 | 00 00 | 04 00 00 00 | 00 00 02 58 | 00 00 00 00 | 4F CD 36 00<o:p></o:p></p>
<p class="MsoNormal">(2) 14 00 | 02 00 | 05 | F0 | 00 00 | 04 00 00 00 | 00 00 0E 10 | 00 00 00 00 | 00 00 00 00<o:p></o:p></p>
<p class="MsoNormal">(3) 44 00 | 06 00 | 05 | F0 | 00 00 | 04 00 00 00 | 00 00 0E 10 | 00 00 00 00 | 00 00 00 00<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Bryan<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>