i cannot seem to encode the query string properly, i have read somewhere that the string must begin with a new line, end in a null byte and use 0x3 for dots and found this
'\nhackaholic\x03org\x00\x00\x01\x00\x01'
in a scapy paper online, and this seems to work in my code when i check it with wireshark, howver something like
'\slashdot\x03org\x00\x00\x01\x00\x01'
will not work and often comes up as an invalid query in wireshark
so what im asking is, can anyone tell me the correct way to encode a dns query like this?
edit:
So i found out how it works, mostly thanks to this article here:
hxxp://www.packetstormsecurity.org/programming-tutorials/coding-with-the-dns-protocol.txt
basicly when encoding the domain before each term you must put in hex the length of the word so
google.com becomes:
\x06google\x03com\x00\x00\x01\x00\x01where x06 is the length of google
x03 is the length of com
