I am looking at this example of a captive portal built on a NodeMCU platform, and I am trying to understand how DNS requests work. (The relevant file is dns-liar.lua) I have more or less decoded what the response is, but have no idea what each part of it does, and I can't find any online resources that show a similar packet structure.
IP of NodeMCU:
a.b.c.d
Request:
|A|B| ... |(13th byte) \0 terminated string (str)| ...
Response: (bytes separated by "|")
|A|B|x80|x00|x00|x01|x00|x01|x00|x00|x00|x00|str|x00|x01|x00|x01|xC0|x0C|x00|x01|x00|x01|x00|x00|x03|x00|x00|x04|a|b|c|d|
I gather that the str is likely the domain to search for, and abcd is simply the NodeMCU responding to every request with its own IP address, but I'm not sure what any of the other bytes are doing.
Whew! It's always tricky when folks decide to preformat nearly a whole packet ahead of time, especially when it spans several subsections of the RFC.
Anyhow, I went ahead and forked CaptiveIntraweb and commented up the DNS code. I've also submitted a PR with my changes so it hopefully gets pulled upstream in a future release. You can read the whole thing there (it goes over every DNS field in detail), but here are the highlights of what the author is doing:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With