Asterisc(*) signal on DNS Responses with tcpdump

134 views Asked by At

I created a dns server with dnsmasq, to do some tests trying to redirect the awnsers to other sites, and i'm using tcpdump on client and server to capture the requests and responses.

According with tcpdump manual the output format to UDP Name Server Responses is:

src > dst: id op rcode flags a/n/au type class data (len)

Looking on client side and analyzing the tcpdump output i got:

00:00:00.012374 IP 192.168.2.106.domain > 192.168.2.117.55997: 23473* 1/0/0 A 186.237.194.225 (45)

What is the meaning of the (*) located right before 1/0/0

1

There are 1 answers

0
Alnitak On BEST ANSWER

From the tcpdump man page (tcpdump-4.7.4-3.fc23):

The '*' indicates that the authoritative answer bit was set

See also the ns_print() function in https://github.com/the-tcpdump-group/tcpdump/blob/master/print-domain.c