I created a dns server with dnsmasq, to do some tests trying to redirect the awnsers to other sites, and i'm using tcpdump on client and server to capture the requests and responses.
According with tcpdump manual the output format to UDP Name Server Responses is:
src > dst: id op rcode flags a/n/au type class data (len)
Looking on client side and analyzing the tcpdump output i got:
00:00:00.012374 IP 192.168.2.106.domain > 192.168.2.117.55997: 23473* 1/0/0 A 186.237.194.225 (45)
What is the meaning of the (*) located right before 1/0/0
From the
tcpdumpman page (tcpdump-4.7.4-3.fc23):See also the
ns_print()function in https://github.com/the-tcpdump-group/tcpdump/blob/master/print-domain.c