doc: update explanation of DNS output#1421
doc: update explanation of DNS output#1421jvns wants to merge 1 commit intothe-tcpdump-group:masterfrom
Conversation
|
|
||
| DNS requests are formatted as: | ||
|
|
||
| > src > dst: id op? flags qtype qclass name (len) |
There was a problem hiding this comment.
I copied this from the current version of the man page, but I'm not sure if it's accurate: I think the ? is intended to mean that op? may not be printed, but qclass and flags also may not be printed and don't have a question mark.
And there's also an option "additional records" section, like [1au]
So maybe this should be:
id op? flags? addl_records? qtype qclass? name (len)
| .sp -1 | ||
| .if t \ | ||
| .sp -0.25v | ||
| .IP "\(bu" 3 |
There was a problem hiding this comment.
These 5 lines are generated by lowdown and I'm not sure whether it's the "right" way to structure a bulleted list in the context of this man page.
pandoc generates a list more like this, which leaves a blank line in between every list item, which takes up a lot of space.
.IP \(bu 2
1
.IP \(bu 2
2
.RS 2
.IP \(bu 2
2.1
| * \`\[*n*au\]' means "*n* additional records" | ||
| * **Class**: The query class was the normal one, *C_IN*, so it was omitted. | ||
| Any other query class would have been printed immediately after the \`A' | ||
| * **Other anomalies**: If any of the response bits are set (AA, RA, TC or response code) |
There was a problem hiding this comment.
The previous explanation didn't include TC here, I haven't tested whether TC being set is printed in this way or not yet so this might be wrong. Will check.
|
"This branch is 1 commit ahead of and 13 commits behind the-tcpdump-group/tcpdump:master." |
Structure the output explanation into a bulleted list, to make it easier for users to find the field they're interested in. - Rename the section titles to "DNS Requests" and "DNS Responses" because it was hard for me to tell that "TCP and UDP Name Server" were meant to refer to DNS. - Remove the "written in Greek" disclaimer and instead just make it more clear for folks who may not have read RFC 1035 - Use IP addresses instead of hostnames in the output examples, since that's the recommended way to use tcpdump Query section: - In "Other Anomalies", say that tcpdump will also print the hex value if "TC" is set in the query Response section: - Add a more complete description of how the flags are represented (including AA and AD, not just TC and RA). Verified by running some test DNS queries.
|
Oops, should be fixed now. |
2 participants
The goal here is to structure the output explanation into a bulleted list, to make it easier for users to find the field they're interested in instead of having to search through paragraphs of text. I'm especially interested in making this explanation more accessible to users who are DNS users but haven't read RFC 1035.
There are more details in the commit message. Some things that I'm considering changing, as a kind of self-review:
8.8.8.8but it is a short IP address that is a DNS server. I used192.0.2.1from the example IP range as a source IP.On the roff formatting:
dns.mdfile isn't actually intended to be merged, I just had some inline things in there I wanted to point out by commenting on it during review and I felt like it was impossible to read the roff diff so I'm including it for now. I'll deletedns.mdand force push before this is merged. I generated the roff fromdns.mdwithlowdown -t man.