
using namespace Indented.IO
using namespace Indented.Net.Dns
using namespace System.Collections
using namespace System.Collections.Generic
using namespace System.Diagnostics
using namespace System.IO
using namespace System.Management.Automation
using namespace System.Net
using namespace System.Net.NetworkInformation
using namespace System.Net.Sockets
using namespace System.Text

enum AFSDBSubType {
    AFSv3Loc   = 1    # Andrews File Service v3.0 Location Service [RFC1183]
    DCENCARoot = 2    # DCE/NCA root cell directory node [RFC1183]

enum AMTRelayType {

enum ATMAFormat {
    AESA = 0    # ATM End System Address
    E164 = 1    # E.164 address format
    NSAP = 2    # Network Service Access Protocol (NSAP) address model

enum CAAFlag {
    IssuerCritical = 128

enum CacheResourceType {
    Hint = 1

enum CertificateType {
    PKIX         = 1      # X.509 as per PKIX
    SPKI         = 2      # SPKI certificate
    PGP          = 3      # OpenPGP packet
    IPKIX        = 4      # The URL of an X.509 data object
    ISPKI        = 5      # The URL of an SPKI certificate
    IPGP         = 6      # The fingerprint and URL of an OpenPGP packet
    ACPKIX       = 7      # Attribute Certificate
    IACPKIX      = 8      # The URL of an Attribute Certificate
    URI          = 253    # URI private
    OID          = 254    # OID private
    Experimental = 65534
    Reserved     = 65535

enum CertificateUsage {

enum CSYNCFlags {

enum DigestType {
    SHA1   = 1    # MANDATORY [RFC3658]
    SHA256 = 2    # MANDATORY [RFC4059]
    GOST   = 3    # OPTIONAL [RFC5933]
    SHA384 = 4    # OPTIONAL [RFC6605]

enum DistanceType {
    Latitude = 1

enum DOALocation {

enum DOAType {
    PublicKey        = 100

    NONE = 0
    DO   = 32768    # DNSSEC answer OK [RFC4035][RFC3225]

enum EDnsOptionCode {
    LLQ                  = 1    # On-hold []
    UL                   = 2    # On-hold []
    NSID                 = 3    # Standard [RFC5001]
    DAU                  = 5    # Standard [RFC6975]
    DHU                  = 6    # Standard [RFC6975]
    N3U                  = 7    # Standard [RFC6975]
    EDNSClientSubnet     = 8    # Optional [draft-vandergaast-edns-client-subnet][Wilmer_van_der_Gaast]

enum EncryptionAlgorithm {
    RSAMD5               = 1       # RSA/MD5 (deprecated see 5) [RFC3110][RFC4034]
    DH                   = 2       # Diffie-Hellman [RFC2539]
    DSA                  = 3       # DSA/SHA1 [RFC3755]
    RSASHA1              = 5       # RSA/SHA-1 [RFC3110][RFC4034]
    DSANSEC3SHA1         = 6       # DSA-NSEC3-SHA1 [RFC5155]
    RSASHA1NSEC3SHA1     = 7       # RSASHA1-NSEC3-SHA1 [RFC5155]
    RSASHA256            = 8       # RSA/SHA-256 [RFC5702]
    RSASHA512            = 10      # RSA/SHA-512 [RFC5702]
    ECCGOST              = 12      # GOST R 34.10-2001 [RFC5933]
    ECDSAP256SHA256      = 13      # ECDSA Curve P-256 with SHA-256 [RFC6605]
    ECDSAP384SHA384      = 14      # ECDSA Curve P-384 with SHA-384 [RFC6605]
    INDIRECT             = 252     # Reserved for indirect keys [RFC4034]
    PRIVATEDNS           = 253     # Private algorithm [RFC4034]
    PRIVATEOID           = 254     # Private algorithm OID [RFC4034]

enum HeaderFlags {
    None = 0
    AA   = 1024    # Authoritative Answer [RFC1035]
    TC   = 512     # Truncated Response [RFC1035]
    RD   = 256     # Recursion Desired [RFC1035]
    RA   = 128     # Recursion Allowed [RFC1035]
    AD   = 32      # Authenticated Data [RFC4035]
    CD   = 16      # Checking Disabled [RFC4035]

enum IanaAddressFamily {
    IPv4                   = 1        # IP version 4
    IPv6                   = 2        # IP version 6
    NSAP                   = 3        # NSAP
    HDLC                   = 4        # HDLC (8-bit multidrop)
    BBN                    = 5        # BBN 1822
    IEEE802                = 6        # 802 (includes all 802 media plus Ethernet "canonical format")
    E163                   = 7        # E.163
    E164                   = 8        # E.164 (SMDS Frame Relay ATM)
    F69                    = 9        # F.69 (Telex)
    X121                   = 10       # X.121 (X.25 Frame Relay)
    IPX                    = 11       # IPX
    Appletalk              = 12       # Appletalk
    DecNetIV               = 13       # DecNet IV
    BanyanVines            = 14       # Banyan Vines
    E164NSAP               = 15       # E.164 with NSAP format subaddress [ATM Forum UNI 3.1. October 1995.][Andy_Malis]
    DNS                    = 16       # DNS (Domain Name System)
    DistinguishedName      = 17       # Distinguished Name [Charles_Lynn]
    ASNumber               = 18       # AS Number [Charles_Lynn]
    XTPOverIpv4            = 19       # XTP over IP version 4 [Mike_Saul]
    XTPOverIPv6            = 20       # XTP over IP version 6 [Mike_Saul]
    XTPNativeMode          = 21       # XTP native mode XTP [Mike_Saul]
    FibreChannelWWPortName = 22       # Fibre Channel World-Wide Port Name [Mark_Bakke]
    FibreChannelWWNodeName = 23       # Fibre Channel World-Wide Node Name [Mark_Bakke]
    GWID                   = 24       # GWID [Subra_Hegde]
    AFIForL2VPN            = 25       # AFI for L2VPN information [RFC4761][RFC6074]
    MPLSTPSectionID        = 26       # MPLS-TP Section Endpoint Identifier [RFC-ietf-mpls-gach-adv-08]
    MPLSTPLSPID            = 27       # MPLS-TP LSP Endpoint Identifier [RFC-ietf-mpls-gach-adv-08]
    MPLSTPPseudowireID     = 28       # MPLS-TP Pseudowire Endpoint Identifier [RFC-ietf-mpls-gach-adv-08]
    EIGRPCommon            = 16384    # EIGRP Common Service Family [Donnie_Savage]
    EIGRPIPv4              = 16385    # EIGRP IPv4 Service Family [Donnie_Savage]
    EIGRPIPv6              = 16386    # EIGRP IPv6 Service Family [Donnie_Savage]
    LCAF                   = 16387    # LISP Canonical Address Format (LCAF) [David_Meyer]
    BGPLS                  = 16388    # BGP-LS [draft-ietf-idr-ls-distribution]
    MAC48bit               = 16389    # 48-bit MAC [RFC-eastlake-rfc5342bis-05]
    MAC64bit               = 16390    # 64-bit MAC [RFC-eastlake-rfc5342bis-05]
    OUI                    = 16391    # OUI [draft-eastlake-trill-ia-appsubtlv]
    MAC24                  = 16392    # MAC/24 [draft-eastlake-trill-ia-appsubtlv]
    MAC40                  = 16393    # MAC/40 [draft-eastlake-trill-ia-appsubtlv]
    IPv664                 = 16394    # IPv6/64 [draft-eastlake-trill-ia-appsubtlv]
    RBridgePortID          = 16395    # RBridge Port ID [draft-eastlake-trill-ia-appsubtlv]

enum IPSECAlgorithm {
    DSA = 1    # [RFC4025]
    RSA = 2    # [RFC4025]

enum IPSECGatewayType {
    NoGateway  = 0    # No gateway is present [RFC4025]
    IPv4       = 1    # A 4-byte IPv4 address is present [RFC4025]
    IPv6       = 2    # A 16-byte IPv6 address is present [RFC4025]
    DomainName = 3    # A wire-encoded domain name is present [RFC4025]

enum KEYAC {
    AuthAndConfPermitted = 0    # Use of the key for authentication and/or confidentiality is permitted.
    AuthProhibited       = 2    # Use of the key is prohibited for authentication.
    ConfProhibited       = 1    # Use of the key is prohibited for confidentiality.
    NoKey                = 3    # No key information

enum KEYNameType {
    UserKey  = 0    # Indicates that this is a key associated with a "user" or "account" at an end entity usually a host.
    ZoneKey  = 1    # Indicates that this is a zone key for the zone whose name is the KEY RR owner name.
    NonZone  = 2    # Indicates that this is a key associated with the non-zone "entity" whose name is the RR owner name.
    Reserved = 3    # Reserved

enum KEYProtocol {
    Reserved = 0
    TLS      = 1
    EMmail   = 2
    DNSSEC   = 3
    IPSEC    = 4
    All      = 255

enum LLQErrorCode {
    NoError    = 0
    ServFull   = 1
    Static     = 2
    FormatErr  = 3
    NoSuchLLQ  = 4
    BadVers    = 5
    UnknownErr = 6

enum LLQOpCode {
    LLQSetup   = 1
    LLQRefresh = 2
    LLQEvent   = 3

enum MatchingType {

enum MessageCompression {
    Enabled  = 192
    Disabled = 0

enum MSDNSOption {
    Query  = 0    # [RFC1035]
    IQuery = 1    # [RFC3425]
    Status = 2    # [RFC1035]
    Notify = 4    # [RFC1996]
    Update = 5    # [RFC2136]

enum NSEC3Flags {
    OptOut = 1    # [RFC5155]

enum NSEC3HashAlgorithm {
    SHA1 = 1    # [RFC5155]

enum OpCode {
    Query      = 0     # [RFC1035]
    IQuery     = 1     # [RFC3425]
    Status     = 2     # [RFC1035]
    Notify     = 4     # [RFC1996]
    Update     = 5     # [RFC2136]

enum QR {
    Query    = 0
    Response = 32768

enum RCode {
    NoError  = 0     # No Error [RFC1035]
    FormErr  = 1     # Format Error [RFC1035]
    ServFail = 2     # Server Failure [RFC1035]
    NXDomain = 3     # Non-Existent Domain [RFC1035]
    NotImp   = 4     # Not Implemented [RFC1035]
    Refused  = 5     # Query Refused [RFC1035]
    YXDomain = 6     # Name Exists when it should not [RFC2136]
    YXRRSet  = 7     # RR Set Exists when it should not [RFC2136]
    NXRRSet  = 8     # RR Set that should exist does not [RFC2136]
    NotAuth  = 9     # Server Not Authoritative for zone [RFC2136]
    NotZone  = 10    # Name not contained in zone [RFC2136]
    BadVers  = 16    # Bad OPT Version [RFC2671]
    BadSig   = 16    # TSIG Signature Failure [RFC2845]
    BadKey   = 17    # Key not recognized [RFC2845]
    BadTime  = 18    # Signature out of time window [RFC2845]
    BadMode  = 19    # Bad TKEY Mode [RFC2930]
    BadName  = 20    # Duplicate key name [RFC2930]
    BadAlg   = 21    # Algorithm not supported [RFC2930]
    BadTrunc = 22    # Bad Truncation [RFC4635]

enum RecordClass {
    IN   = 1      # [RFC1035]
    CH   = 3      # [Moon1981]
    HS   = 4      # [Dyer1987]
    NONE = 254    # [RFC2136]
    ANY  = 255    # [RFC1035]

enum RecordType {
    EMPTY      = 0        # an empty record [RFC1034] [MS DNS]
    A          = 1        # a host address [RFC1035]
    NS         = 2        # an authoritative name server [RFC1035]
    MD         = 3        # a mail destination (Obsolete - use MX) [RFC1035]
    MF         = 4        # a mail forwarder (Obsolete - use MX) [RFC1035]
    CNAME      = 5        # the canonical name for an alias [RFC1035]
    SOA        = 6        # marks the start of a zone of authority [RFC1035]
    MB         = 7        # a mailbox domain name (EXPERIMENTAL) [RFC1035]
    MG         = 8        # a mail group member (EXPERIMENTAL) [RFC1035]
    MR         = 9        # a mail rename domain name (EXPERIMENTAL) [RFC1035]
    NULL       = 10       # a null RR (EXPERIMENTAL) [RFC1035]
    WKS        = 11       # a well known service description [RFC1035]
    PTR        = 12       # a domain name pointer [RFC1035]
    HINFO      = 13       # host information [RFC1035]
    MINFO      = 14       # mailbox or mail list information [RFC1035]
    MX         = 15       # mail exchange [RFC1035]
    TXT        = 16       # text strings [RFC1035]
    RP         = 17       # for Responsible Person [RFC1183]
    AFSDB      = 18       # for AFS Data Base location [RFC1183]
    X25        = 19       # for X.25 PSDN address [RFC1183]
    ISDN       = 20       # for ISDN address [RFC1183]
    RT         = 21       # for Route Through [RFC1183]
    NSAP       = 22       # for NSAP address NSAP style A record [RFC1706]
    NSAPPTR    = 23       # for domain name pointer NSAP style [RFC1348]
    SIG        = 24       # for security signature [RFC4034][RFC3755][RFC2535]
    KEY        = 25       # for security key [RFC4034][RFC3755][RFC2535]
    PX         = 26       # X.400 mail mapping information [RFC2163]
    GPOS       = 27       # Geographical Position [RFC1712]
    AAAA       = 28       # IP6 Address [RFC3596]
    LOC        = 29       # Location Information [RFC1876]
    NXT        = 30       # Next Domain - OBSOLETE [RFC3755][RFC2535]
    EID        = 31       # Endpoint Identifier [Patton]
    NIMLOC     = 32       # Nimrod Locator [Patton]
    SRV        = 33       # Server Selection [RFC2782]
    ATMA       = 34       # ATM Address [ATMDOC]
    NAPTR      = 35       # Naming Authority Pointer [RFC2915][RFC2168]
    KX         = 36       # Key Exchanger [RFC2230]
    CERT       = 37       # CERT [RFC4398]
    A6         = 38       # A6 (Experimental) [RFC3226][RFC2874]
    DNAME      = 39       # DNAME [RFC2672]
    SINK       = 40       # SINK [Eastlake]
    OPT        = 41       # OPT [RFC2671]
    APL        = 42       # APL [RFC3123]
    DS         = 43       # Delegation Signer [RFC4034][RFC3658]
    SSHFP      = 44       # SSH Key Fingerprint [RFC4255]
    IPSECKEY   = 45       # IPSECKEY [RFC4025]
    RRSIG      = 46       # RRSIG [RFC4034][RFC3755]
    NSEC       = 47       # NSEC [RFC4034][RFC3755]
    DNSKEY     = 48       # DNSKEY [RFC4034][RFC3755]
    DHCID      = 49       # DHCID [RFC4701]
    NSEC3      = 50       # NSEC3 [RFC5155]
    NSEC3PARAM = 51       # NSEC3PARAM [RFC5155]
    TLSA       = 52       # Transport Layer Security [RFC6698]
    SMIMEA     = 53       # S/MIME Certificate [RFC8162]
    HIP        = 55       # Host Identity Protocol [RFC5205]
    NINFO      = 56       # NINFO [Reid]
    RKEY       = 57       # RKEY [Reid]
    TALINK     = 58       # [Wouter_Wijngaards]
    CDS        = 59       # Child DS [RFC7344]
    CDNSKEY    = 60       # DNS key to reflect in DS [RFC7344]
    OPENPGPKEY = 61       # OpenPGP Key [RFC7929]
    CSYNC      = 62       # Child-to-Parent Synchronization [RFC7477]
    ZONEMD     = 63       # Synchronization message digest [draft-wessels-dns-zone-digest]
    SPF        = 99       # [RFC4408]
    UINFO      = 100      # [IANA-Reserved]
    UID        = 101      # [IANA-Reserved]
    GID        = 102      # [IANA-Reserved]
    UNSPEC     = 103      # [IANA-Reserved]
    NID        = 104      # [RFC6742]
    L32        = 105      # [RFC6742]
    L64        = 106      # [RFC6742]
    LP         = 107      # [RFC6742]
    EUI48      = 108      # EUI-48 address [RFC7043]
    EUI64      = 109      # EUI-64 address [RFC7043]
    TKEY       = 249      # Transaction Key [RFC2930]
    TSIG       = 250      # Transaction Signature [RFC2845]
    IXFR       = 251      # incremental transfer [RFC1995]
    AXFR       = 252      # transfer of an entire zone [RFC1035]
    MAILB      = 253      # mailbox-related RRs (MB MG or MR) [RFC1035]
    MAILA      = 254      # mail agent RRs (Obsolete - see MX) [RFC1035]
    ANY        = 255      # A request for all records (*) [RFC1035]
    URI        = 256      # URI [RFC7553]
    CAA        = 257      # Certification Authority Restriction [RFC6844]
    AVC        = 258      # Visibility and Control [AVC/avc-completed-template]
    DOA        = 259      # Digital Object Architecture [DOA/doa-completed-template]
    AMTRELAY   = 260      # Multicast Tunnelling Relay [draft-ietf-mboned-driad-amt-discovery]
    TA         = 32768    # DNSSEC Trust Authorities [Weiler] 2005-12-13
    DLV        = 32769    # DNSSEC Lookaside Validation [RFC4431]
    WINS       = 65281    # WINS records (WINS Lookup record) [MS DNS]
    WINSR      = 65282    # WINSR records (WINS Reverse Lookup record) [MS DNS]
    UNKNOWN    = 65535    # Non-standard, implemented for this module.

enum Selector {

enum SINKCoding {
    Reserved        = 0
    SNMPASN1        = 1
    OSIASN11990     = 2
    OSIASN11994     = 3
    PrivateAbstract = 63
    DNSRR           = 64
    MIME            = 65
    TextTagged      = 66
    PrivateFormat   = 254

enum SINKMIMESubCoding {
    SevenBit        = 1
    EightBit        = 2
    Binary          = 3
    QuotedPrintable = 4
    Base64          = 5
    Private         = 254

enum SINKSubCoding {
    Reserved     = 0
    BER          = 1
    DER          = 2
    PER          = 3
    PERUnaligned = 4
    CER          = 5

enum SINKTextSubCoding {
    ASCII               = 1
    UTF7                = 2
    UTF8                = 3
    ASCIIWithMIMEHeader = 4
    Private             = 254

enum SSHAlgorithm {
    RSA     = 1    # [RFC4255]
    DSS     = 2    # [RFC4255]
    ECDSA   = 3    # [RFC6594]
    ED25519 = 4    # [RFC7479]

enum SSHFPType {
    SHA1   = 1    # [RFC4255]
    SHA256 = 2    # [RFC6594]

enum TKEYMode {
    ServerAssignment   = 1    # Server assignment [RFC2930]
    DH                 = 2    # Diffie-Hellman Exchange [RFC2930]
    GSSAPI             = 3    # GSS-API negotiation [RFC2930]
    ResolverAssignment = 4    # Resolver assignment [RFC2930]
    KeyDeletion        = 5    # Key deletion [RFC2930]

enum WINSMappingFlag {
    Replicated = 0
    LocalOnly  = 65536

enum ZONEMDDigestType {
    SHA384 = 1

class AngularDistance {
    [Int64]   $Degrees
    [Int64]   $Minutes
    [Decimal] $Seconds
    [String]  $Direction

    hidden static [Int64] $Equator = 2147483648
    hidden static [Int64] $PrimeMeridian = 2147483648

    AngularDistance([UInt32]$value, [DistanceType]$distanceType) {
        $this.Direction = switch ($distanceType) {
            'Latitude' {
                ('S', 'N')[$value -gt [AngularDistance]::Equator]
            'Longitude' {
                ('W', 'E')[$value -gt [AngularDistance]::PrimeMeridian]

        $value = [Math]::Abs($value - 2147483648)

        $remainder = $value % (1000 * 60 * 60)
        $this.Degrees = ($value - $remainder) / (1000 * 60 * 60)
        $value = $remainder

        $remainder = $value % (1000 * 60)
        $this.Minutes = ($value - $remainder) / (1000 * 60)
        $value = $remainder

        $this.Seconds = $value / 1000

    [UInt32] ToUInt32() {
        $value = (
            ($this.Seconds * 1000) +
            ($this.Minutes * 1000 * 60) +
            ($this.Degrees * 1000 * 60 * 60)

        if ($this.Direction -in 'N', 'E') {
            $value = 2147483648 + $value
        } else {
            $value = 2147483648 - $value

        return $value

    [String] ToString() {
        return '{0} {1} {2:N3} {3}' -f @(

    [String] ToLongString() {
        return '{0} degrees {1} minutes {2:N3} seconds {3}' -f @(

class DnsRecordType : IComparable, IEquatable[Object] {
    [String] $Name
    [UInt16] $TypeID

        [RecordType] $value
    ) {
        if ($value -eq 'NSAPPTR') {
            $this.Name = 'NSAP-PTR'
        } else {
            $this.Name = $value

        $this.TypeId = $value

        [String] $value
    ) {
        if ($value -eq 'NSAPPTR') {
            $this.Name = 'NSAP-PTR'
        } else {
            $this.Name = $value

        $value = $value.ToUpper().Trim()
        if ($value -eq 'NSAP-PTR') {
            $this.TypeID = 23
        } elseif ([RecordType].IsEnumDefined($value)) {
            $this.TypeID = [RecordType]$value
        } elseif ($value -match '^TYPE(\d+)$') {
            $this.TypeID = $matches[1]
        } else {
            throw 'Unable to parse record type to a type ID'

        [Int32] $value
    ) {
        $this.TypeID = $value
        if ([RecordType].IsEnumDefined($value)) {
            if ($value -eq 23) {
                $this.Name = 'NSAP-PTR'
            } else {
                $this.Name = [RecordType]$value
        } else {
            $this.Name = 'TYPE{0}' -f $value

    hidden static [UInt16] op_Implicit([DnsRecordType] $dnsRecordType) {
        return [Int32]$dnsRecordType.TypeID

    # Hack to support more than one cast
    hidden static [RecordType] op_Implicit([Object] $dnsRecordType) {
        return [RecordType]$dnsRecordType.TypeID

    [Int32] CompareTo(
        [Object] $object
    ) {
        [UInt16]$uint16 = 0
        if ($object -is [DnsRecordType]) {
            return $this.TypeID.CompareTo($object.TypeID)
        } elseif ($object -is [RecordType]) {
            return $this.TypeID.CompareTo([UInt16]$object)
        } elseif ([Int32]::TryParse($object, [Ref]$uint16)) {
            return $this.TypeID.CompareTo($uint16)
        } elseif ($object -is [String]) {
            try {
                return $this.TypeID.CompareTo(([DnsRecordType]$object).TypeID)
            } catch {
                throw 'Invalid record type'
        } else {
            throw 'Invalid comparison'

    [Boolean] Equals(
        [Object] $object
    ) {
        return $this.CompareTo($object) -eq 0

    [String] ToString() {
        return $this.Name

class EndianBinaryReader : BinaryReader {
    EndianBinaryReader([Stream]$BaseStream) : base($BaseStream) { }

    [UInt16] ReadUInt16(
        [Boolean] $isBigEndian
    ) {
        if ($isBigEndian) {
            return [UInt16](([UInt16]$this.ReadByte() -shl 8) -bor $this.ReadByte())
        } else {
            return $this.ReadUInt16()

    [UInt32] ReadUInt32(
        [Boolean] $isBigEndian
    ) {
        if ($isBigEndian) {
            return [UInt32](
                ([UInt32]$this.ReadByte() -shl 24) -bor
                ([UInt32]$this.ReadByte() -shl 16) -bor
                ([UInt32]$this.ReadByte() -shl 8) -bor
        } else {
            return $this.ReadUInt32()

    [UInt64] ReadUInt48() {
        return $this.ReadUInt48($false)

    [UInt64] ReadUInt48(
        [Boolean] $isBigEndian
    ) {
        if ($isBigEndian) {
            return [UInt64](
                ([UInt64]$this.ReadByte() -shl 40) -bor
                ([UInt64]$this.ReadByte() -shl 32) -bor
                ([UInt64]$this.ReadByte() -shl 24) -bor
                ([UInt64]$this.ReadByte() -shl 16) -bor
                ([UInt64]$this.ReadByte() -shl 8) -bor
        } else {
            return [UInt64]($this.ReadByte() -bor
                ([UInt64]$this.ReadByte() -shl 8) -bor
                ([UInt64]$this.ReadByte() -shl 16) -bor
                ([UInt64]$this.ReadByte() -shl 24) -bor
                ([UInt64]$this.ReadByte() -shl 32) -bor
                ([UInt64]$this.ReadByte() -shl 40))

    [UInt64] ReadUInt64(
        [Boolean] $isBigEndian
    ) {
        if ($isBigEndian) {
            return [UInt64](
                ([UInt64]$this.ReadByte() -shl 56) -bor
                ([UInt64]$this.ReadByte() -shl 48) -bor
                ([UInt64]$this.ReadByte() -shl 40) -bor
                ([UInt64]$this.ReadByte() -shl 32) -bor
                ([UInt64]$this.ReadByte() -shl 24) -bor
                ([UInt64]$this.ReadByte() -shl 16) -bor
                ([UInt64]$this.ReadByte() -shl 8) -bor
        } else {
            return $this.ReadUInt64()

    [Byte] PeekByte() {
        $value = $this.ReadByte()
        $this.BaseStream.Seek(-1, 'Current')
        return $value

    [IPAddress] ReadIPAddress() {
        return [IPAddress]::new($this.ReadBytes(4))

    [IPAddress] ReadIPv6Address() {
        return [IPAddress]::new($this.ReadBytes(16))

    [String] ReadDnsCharacterString() {
        $length = 0
        return $this.ReadDnsCharacterString([Ref]$length)

    [String] ReadDnsCharacterString([Ref]$Length) {
        [Char[]]$escapeChars = @(
        [Char[]]$replaceChars = @(

        $stringLength = $this.ReadByte()
        $Length.Value = $stringLength + 1

        $string = [String]::new($this.ReadChars($stringLength))

        foreach ($escapeChar in $escapeChars) {
            $string = $string.Replace([String]$escapeChar, ('\{0}' -f $escapeChar))
        foreach ($replaceChar in $replaceChars) {
            $string = $string.Replace([String]$replaceChar, ('\{0:000}' -f [Int]$replaceChar))

        return $string

    [UInt16[]] ReadBitMap([Int32]$length) {
        [UInt16[]]$bits = while ($length -gt 0) {
            $windowNumber = $this.ReadByte()
            $bitMapLength = $this.ReadByte()
            $bytes = $this.ReadBytes($bitMapLength)

            $binaryString = [StringBuilder]::new()
            foreach ($byte in $bytes) {
                $null = $binaryString.Append(
                    [Convert]::ToString($byte, 2).PadLeft(8, '0')

            for ($i = 0; $i -lt $binaryString.Length; $i++) {
                if ($binaryString[$i] -eq '1') {
                    $i + (256 * $windowNumber)

            $length -= 2 + $bitMapLength

        return $bits

    # DNS messages implement compression to avoid bloat by repeated use of labels.
    # If a label occurs elsewhere in the message a flag is set and an offset recorded as follows:
    # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    # | 1 1| OFFSET |
    # +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    [String] ReadDnsDomainName() {
        $name = [StringBuilder]::new()
        [UInt64]$CompressionStart = 0

        if ($this.BaseStream.Position -eq $this.BaseStream.Length) {
            return ''

        while ($this.PeekByte() -ne 0) {
            $length = $this.ReadByte()

            if (($length -band [MessageCompression]::Enabled) -eq [MessageCompression]::Enabled) {
                if ($compressionStart -eq 0) {
                    $compressionStart = $this.BaseStream.Position

                # Remove the compression flag bits to calculate the offset value (relative to the start of the message)
                [UInt16]$offset = ([UInt16]($length -bxor [MessageCompression]::Enabled) -shl 8) -bor $this.ReadByte()
                $null = $this.BaseStream.Seek($offset, 'Begin')
            } else {
                $null = $name.Append($this.ReadChars($length)).Append('.')
        if ($compressionStart -gt 0) {
            $null = $this.BaseStream.Seek($compressionStart, 'Begin')

        $null = $this.ReadByte()

        if ($name[-1] -ne '.') {
            $null = $name.Append('.')

        return $name.ToString()

    [String] ReadDnsDomainName([Ref]$Length) {
        $start = $this.BaseStream.Position
        $value = $this.ReadDnsDomainName()
        $end = $this.BaseStream.Position
        $Length.Value = $end - $start

        return $value

    # RFC 1034:
    # "Internally, programs that manipulate domain names should represent them
    # as sequences of labels, where each label is a length octet followed by
    # an octet string. Because all domain names end at the root, which has a
    # null string for a label, these internal representations can use a length
    # byte of zero to terminate a domain name."
    # RFC 1035:
    # "<domain-name> is a domain name represented as a series of labels, and
    # terminated by a label with zero length. <character-string> is a single
    # length octet followed by that number of characters. <character-string>
    # is treated as binary information, and can be up to 256 characters in
    # length (including the length octet)."
    static [Byte[]] GetDnsDomainNameBytes(
        [String] $Name
    ) {
        # Drop any trailing . characters from the name. They are no longer necessary all names must be absolute by this point.
        $Name = $Name.TrimEnd('.')

        $bytes = [List[Byte]]::new()
        if ($Name) {
            foreach ($label in $Name.Split('.')) {
        # Add a zero length root label

        return $bytes.ToArray()

class EndianBitConverter {
    static [Byte[]] GetBytes(
        [UInt16]  $value,
        [Boolean] $isBigEndian
    ) {
        if ([BitConverter]::IsLittleEndian -eq $isBigEndian) {
            return [BitConverter]::GetBytes(
            )[2, 3]
        } else {
            return [BitConverter]::GetBytes($value)

    static [Byte[]] GetBytes(
        [UInt32]  $value,
        [Boolean] $isBigEndian
    ) {
        if ([BitConverter]::IsLittleEndian -eq $isBigEndian) {
            return [BitConverter]::GetBytes(
        } else {
            return [BitConverter]::GetBytes($value)

    static [String] ToBinary(
        [Byte[]] $bytes
    ) {
        $string = [StringBuilder]::new()
        foreach ($byte in $bytes) {
                [Convert]::ToString($byte, 2).PadLeft(8, '0')
        return $string.ToString()

    static [String] ToHexadecimal(
        [Byte[]] $bytes
    ) {
        $string = [StringBuilder]::new()
        foreach ($byte in $bytes) {
            $string.AppendFormat('{0:X2}' -f $byte)
        return $string.ToString()

    static [String] ToBase32String(
        [Byte[]] $bytes
    ) {
        $base32Characters = '0123456789ABCDEFGHIJKLMNOPQRSTUV'

        if ($bytes.Count -eq 0) {
            return ''

        $binaryString = ''
        foreach ($byte in $bytes) {
            $binaryString += [Convert]::ToString($byte, 2).PadLeft(8, '0')

        $chars = foreach ($value in $binaryString -split '(?<=\G.{5})') {
            if ($value) {
                $byte = [Convert]::ToByte($value.PadRight('0', 5), 2)

        return [String]::new($chars)

class DnsHeader {
                                       1 1 1 1 1 1
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
       | ID |
       |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
       | QDCOUNT |
       | ANCOUNT |
       | NSCOUNT |
       | ARCOUNT |

    [UInt16]      $ID
    [QR]          $QR
    [OpCode]      $OpCode
    [HeaderFlags] $Flags
    [RCode]       $RCode
    [UInt16]      $QuestionCount
    [UInt16]      $AnswerCount
    [UInt16]      $AuthorityCount
    [UInt16]      $AdditionalCount

    DnsHeader() { }

        [EndianBinaryReader] $binaryReader
    ) {
        $this.ID = $binaryReader.ReadUInt16($true)

        $value = $binaryReader.ReadUInt16($true)
        $this.QR = $value -band 0x8000
        $this.OpCode = ($value -band 0x7800) -shr 11
        $this.Flags = $value -band 0x07B0
        $this.RCode = $value -band 0x000F

        $this.QuestionCount = $binaryReader.ReadUInt16($true)
        $this.AnswerCount = $binaryReader.ReadUInt16($true)
        $this.AuthorityCount = $binaryReader.ReadUInt16($true)
        $this.AdditionalCount = $binaryReader.ReadUInt16($true)

        [Boolean] $recursionDesired,
        [UInt16]  $questionCount
    ) {
        $this.ID = Get-Random -Minimum 0 -Maximum ([UInt16]::MaxValue + 1)

        if ($recursionDesired) {
            $this.Flags = [HeaderFlags]::RD
        $this.QuestionCount = $questionCount

    [Byte[]] ToByteArray() {
        $bytes = [Byte[]]::new(12)

        $bytes[0], $bytes[1] = [EndianBitConverter]::GetBytes($this.ID, $true)

        # QR, Flags, OpCode and RCode
        [UInt16]$value = $this.QR -bor
            ([UInt16]$this.OpCode -shl 11) -bor
            $this.Flags -bor
        $bytes[2], $bytes[3] = [EndianBitConverter]::GetBytes($value, $true)

        $bytes[4], $bytes[5] = [EndianBitConverter]::GetBytes($this.QuestionCount, $true)
        $bytes[6], $bytes[7] = [EndianBitConverter]::GetBytes($this.AnswerCount, $true)
        $bytes[8], $bytes[9] = [EndianBitConverter]::GetBytes($this.AuthorityCount, $true)
        $bytes[10], $bytes[11] = [EndianBitConverter]::GetBytes($this.AdditionalCount, $true)

        return $bytes

    [String] ToString() {
        return 'ID: {0} OpCode: {1} RCode: {2} Flags: {3} Query: {4} Answer: {5} Authority: {6} Additional: {7}' -f @(

class DnsQuestion {
                                       1 1 1 1 1 1
         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
       / QNAME /
       / /
       | QTYPE |
       | QCLASS |

    [String]        $Name
    [DnsRecordType] $RecordType
    [Object]        $RecordClass

    DnsQuestion() { }

        [String]      $recordName,
        [RecordType]  $type,
        [RecordClass] $class
    ) {
        $this.Name = $recordName
        $this.RecordType = $type
        $this.RecordClass = $class

        [EndianBinaryReader] $binaryReader
    ) {
        $this.Name = $binaryReader.ReadDnsDomainName()
        $this.RecordType = [DnsRecordType]$binaryReader.ReadUInt16($true)

        if ($this.RecordType -eq 'OPT') {
            $this.RecordClass = $binaryReader.ReadUInt16($true)
        } else {
            $this.RecordClass = [RecordClass]$binaryReader.ReadUInt16($true)

    hidden [Byte[]] ToByteArray() {
        $bytes = [List[Byte]]::new()

        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$this.RecordType, $true))
        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$this.RecordClass, $true))

        return $bytes.ToArray()

    [String] ToString() {
        return '{0,-29} {1,-5} {2,-5}' -f @(

class DnsResourceRecord : IEquatable[Object] {
                                      1 1 1 1 1 1
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
       / NAME /
       / /
       | TYPE |
       | CLASS |
       | TTL |
       | |
       | RDLENGTH |
       / RDATA /
       / /

    [String]        $Name
    [UInt32]        $TTL
    [RecordClass]   $RecordClass      = [RecordClass]::IN
    [DnsRecordType] $RecordType       = 'EMPTY'
    [String]        $RecordData
    [UInt16]        $RecordDataLength

    hidden [Boolean] $IsTruncated

    DnsResourceRecord() {
        $thisTypeName = $this.GetType().Name
        if ($thisTypeName -ne 'DnsResourceRecord') {
            $this.RecordType = $thisTypeName -replace '^Dns|Record$'

        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Name = $dnsResourceRecord.Name
        $this.RecordType = $dnsResourceRecord.RecordType

        $this.RecordClass = $binaryReader.ReadUInt16($true)
        $this.TTL = $binaryReader.ReadUInt32($true)
        $this.RecordDataLength = $binaryReader.ReadUInt16($true)

        if ($binaryReader.BaseStream.Capacity -ge ($binaryReader.BaseStream.Position + $this.RecordDataLength)) {
        $this.RecordData = $this.RecordDataToString()

    static [DnsResourceRecord] Parse(
        [Byte[]] $bytes
    ) {
        $binaryReader = [EndianBinaryReader][MemoryStream]$bytes

        return [DnsResourceRecord]::Parse($binaryReader)

    static [DnsResourceRecord] Parse(
        [EndianBinaryReader] $binaryReader
    ) {
        $resourceRecord = [DnsResourceRecord]::new()
        $resourceRecord.Name = $binaryReader.ReadDnsDomainName()

        if ($binaryReader.BaseStream.Capacity -ge ($binaryReader.BaseStream.Position + 10)) {
            $resourceRecord.RecordType = [Int32]$binaryReader.ReadUInt16($true)
            $typeName = 'Dns{0}Record' -f $resourceRecord.RecordType

            if ($typeName -as [Type]) {
                return ($typeName -as [Type])::new(
            } else {
                # Avoids a race condition when loading classes.
                return ('DnsUNKNOWNRecord' -as [Type])::new(
        } else {
            $resourceRecord.IsTruncated = $true

        return $resourceRecord

    # Child classes must override this method
    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {

    # Child classes must override this method
    hidden [String] RecordDataToString() {
        return ''

    # Child classes should override this method if appropriate
    hidden [Byte[]] RecordDataToByteArray(
        [Boolean] $useCompressedNames
    ) {
        return [Byte[]]::new($this.RecordDataLength)

    [Byte[]] ToByteArray() {
        return $this.ToByteArray($true)

    [Byte[]] ToByteArray(
        [Boolean] $useCompressedNames
    ) {
        $bytes = [List[Byte]]::new()

        if ($useCompressedNames) {
            $bytes.AddRange([Byte[]](0xC0, 0x0C))
        } else {

        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$this.RecordType, $true))
        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$this.RecordClass, $true))
        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt32]$this.TTL, $true))

        $recordDataBytes = $this.RecordDataToByteArray($useCompressedNames)

        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$recordDataBytes.Count, $true))

        return $bytes.ToArray()

    [Boolean] Equals(
        [Object] $object
    ) {
        return $this.ToString() -eq $object.ToString()

    [String] ToString() {
        return '{0,-29} {1,-10} {2,-5} {3,-10} {4}' -f @(

class DnsA6Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFIX LEN | |
        +--+--+--+--+--+--+--+--+ |
        / ADDRESS SUFFIX /
        / /
        / PREFIX NAME /
        / /

    [Byte]      $PrefixLength
    [IPAddress] $AddressSuffix
    [String]    $PrefixName

    DnsA6Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.PrefixLength = $binaryReader.ReadByte()

        $addressSuffixBytes = [Byte[]]::new(16)

        $length = [Math]::Ceiling((128 - $this.PrefixLength) / 8)

            16 - $length,

        $this.AddressSuffix = [IPAddress]::new($addressSuffixBytes)

        if ($this.RecordDataLength - $length - 1 -gt 0) {
            $this.PrefixName = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        $ipAddress = '{0}' -f $this.AddressSuffix.IPAddressToString
        if ($ipAddress -eq '::') {
            $ipAddress = ''

        return ('{0} {1} {2}' -f @(

class DnsAAAARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ADDRESS |
        | |
        | |
        | |
        | |
        | |
        | |
        | |

    [IPAddress] $IPAddress

    DnsAAAARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.IPAddress = $binaryReader.ReadIPv6Address()

    hidden [String] RecordDataToString() {
        return $this.IPAddress.IPAddressToString

class DnsAFSDBRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | SUBTYPE |
        / HOSTNAME /
        / /


    [AFSDBSubType] $SubType
    [UInt16]       $SubTypeValue
    [String]       $Hostname

    DnsAFSDBRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.SubTypeValue = $binaryReader.ReadUInt16($true)
        if ([Enum]::IsDefined([AFSDBSubType], [Int32]$this.SubTypeValue)) {
            $this.SubType = [Int32]$this.SubTypeValue
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsAMTRELAYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PRECEDENCE | D| TYPE |
        / RELAY /
        / /


    [Byte]         $Precedence
    [Boolean]      $DiscoveryOptional
    [AMTRelayType] $Type
    [String]       $Relay

    DnsAMTRELAYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Precedence = $binaryReader.ReadByte()

        $discoveryAndType = $binaryReader.ReadByte()

        $this.DiscoveryOptional = $discoveryAndType -band 0x80
        $this.Type = $discoveryAndType -band 0x7F

        if ($this.Type -ne 'None') {
            $this.Relay = switch ($this.Type) {
                IPv4       {
                IPv6       {
                DomainName {

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(

class DnsAPLRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFIX | N| AFDLENGTH |
        / AFDPART /
        / /


    [PSObject[]] $List

    DnsAPLRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        if ($this.RecordDataLength -gt 0) {
            $listLength = $this.RecordDataLength

            $this.List = while ($listLength -gt 0) {
                $addressFamily = [IanaAddressFamily]$binaryReader.ReadUInt16($true)
                $prefix = $binaryReader.ReadByte()
                $negationAndLength = $binaryReader.ReadByte()

                $item = [PSCustomObject]@{
                    AddressFamily = $addressFamily
                    Prefix        = $prefix
                    Negation      = [Boolean]($negationAndLength -band 0x80)
                    AddressLength = $negationAndLength -band 0x7F
                    Address       = $null
                $addressBytes = switch ($item.AddressFamily) {
                    'IPv4' { [Byte[]]::new(4) }
                    'IPv6' { [Byte[]]::new(16) }

                $item.Address = [IPAddress]::new($addressBytes)


                $listLength -= 4 + $item.AddressLength

    hidden [String] RecordDataToString() {
        $values = foreach ($item in $this.List) {
            '{0}{1:D}:{2}/{3}' -f @(
                ('', '!')[$item.Negation]
        return $values -join ' '

class DnsARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ADDRESS |

    [IPAddress] $IPAddress

    DnsARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.IPAddress = $binaryReader.ReadIPAddress()

    hidden [String] RecordDataToString() {
        return $this.IPAddress.IPAddressToString

class DnsATMARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | FORMAT | |
        +--+--+--+--+--+--+--+--+ |
        / ATMADDRESS /
        / /

    [ATMAFormat] $Format
    [String]     $ATMAAddress

    DnsATMARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Format = [ATMAFormat]$binaryReader.ReadByte()

        $length = $this.RecordDataLength - 1

        $this.ATMAAddress = switch ($this.Format) {
            'E164' {
                '+{0}' -f [String]::new($binaryReader.ReadChars($length))
            default {

    hidden [String] RecordDataToString() {
        return $this.ATMAAddress

class DnsAVCRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / AVC-DATA /

    [String[]]   $Data

    DnsAVCRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = $this.RecordDataLength
        if ($length -gt 0) {
            $this.Data = do {
                $entryLength = 0


                $length -= $entryLength
            } until ($length -le 0)

    hidden [String] RecordDataToString() {
        return '"{0}"' -f ($this.Data -join '" "')

class DnsCAARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | FLAGS | /
        +--+--+--+--+--+--+--+--+ /
        / TAG /
        / /
        / VALUE /
        / /


    [CAAFlag] $CAAFlag
    [String]  $Tag
    [String]  $Value

    DnsCAARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.CAAFlag = $binaryReader.ReadByte()

        $length = 0
        $this.Tag = $binaryReader.ReadDnsCharacterString([Ref]$length)

        $this.Value = [String]::new($binaryReader.ReadChars(
            $this.RecordDataLength - $length - 1

    hidden [String] RecordDataToString() {
        return '{0:D} {1} "{2}"' -f @(

class DnsCDNSKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | FLAGS |
        / PUBLIC KEY /
        / /
        / /
        The flags field takes the following format, discussed in RFC 4034 2.1.1:
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | | Z| | S|
        Where Z represents the ZoneKey bit, and S the SecureEntryPoint bit.


    [UInt16]              $Flags
    [Boolean]             $ZoneKey
    [Boolean]             $SecureEntryPoint
    [KEYProtocol]         $Protocol
    [EncryptionAlgorithm] $Algorithm
    [String]              $PublicKey

    DnsCDNSKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Flags = $binaryReader.ReadUInt16($true)
        $this.ZoneKey = $this.Flags -band 0x0100
        $this.SecureEntryPoint = $this.Flags -band 0x0001
        $this.Protocol = $binaryReader.ReadByte()
        $this.Algorithm = $binaryReader.ReadByte()

        $bytes = $binaryReader.ReadBytes($this.RecordDataLength - 4)
        $this.PublicKey = [Convert]::ToBase64String($bytes)


    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(
            $this.PublicKey -split '(?<=\G.{56})' -join ' '

class DnsCDSRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | KEYTAG |
        / DIGEST /
        / /


    [UInt16]              $KeyTag
    [EncryptionAlgorithm] $Algorithm
    [DigestType]          $DigestType
    [String]              $Digest

    DnsCDSRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.KeyTag = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()
        $this.DigestType = $binaryReader.ReadByte()

        $bytes = $binaryReader.ReadBytes($this.RecordDataLength - 4)
        $this.Digest = [EndianBitConverter]::ToHexadecimal($bytes)

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(
            $this.Digest -split '(?<=\G.{56})' -join ' '

class DnsCERTRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | TYPE |
        | KEY TAG |
        | ALGORITHM | |
        +--+--+--+--+--+--+--+--+ |
        / CERTIFICATE or CRL /
        / /


    [CertificateType]     $CertificateType
    [UInt16]              $KeyTag
    [EncryptionAlgorithm] $Algorithm
    [String]              $Certificate

    DnsCERTRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.CertificateType = $binaryReader.ReadUInt16($true)
        $this.KeyTag = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()

        $bytes = $binaryReader.ReadBytes($this.RecordDataLength - 5)
        $this.Certificate = [Convert]::ToBase64String($bytes)

    hidden [String] RecordDataToString() {
        return '{0:D} {1:D} {2} {3}' -f @(
            $this.Certificate -split '(?<=\G.{56})' -join ' '

class DnsCNAMERecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / CNAME /
        / /

    [String] $Hostname

    DnsCNAMERecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Hostname

class DnsCSYNCRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | SERIAL |
        | |
        | FLAGS |
        / TYPE BIT MAP /
        / /


    [UInt32]          $Serial
    [CSYNCFlags]      $Flags
    [DnsRecordType[]] $TypesToProcess

    DnsCSYNCRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Serial = $binaryReader.ReadUInt32($true)
        $this.Flags = $binaryReader.ReadUInt16($true)

        $this.TypesToProcess = $binaryReader.ReadBitMap($this.RecordDataLength - 6)

    hidden [String] RecordDataToString() {
        if ($this.TypesToProcess.Count -gt 0) {
            return '{0} {1:D} {2}' -f @(
                $this.TypesToProcess -join ' '
        } else {
            return '{0} {1:D}' -f @(

class DnsDHCIDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / <anything> /
        / /


    [Byte[]] $BinaryData

    DnsDHCIDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.BinaryData = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return [Convert]::ToBase64String($this.BinaryData)

class DnsDLVRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | KEYTAG |
        / DIGEST /
        / /


    [UInt16]              $KeyTag
    [EncryptionAlgorithm] $Algorithm
    [DigestType]          $DigestType
    [String]              $Digest

    DnsDLVRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.KeyTag = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()
        $this.DigestType = $binaryReader.ReadByte()

        $bytes = $binaryReader.ReadBytes($this.RecordDataLength - 4)
        $this.Digest = [EndianBitConverter]::ToHexadecimal($bytes)

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(

class DnsDNAMERecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / TARGET /
        / /


    [String] $Target

    DnsDNAMERecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Target = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Target

class DnsDNSKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | FLAGS |
        / PUBLIC KEY /
        / /
        / /
        The flags field takes the following format, discussed in RFC 4034 2.1.1:
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | | Z| | S|
        Where Z represents the ZoneKey bit, and S the SecureEntryPoint bit.


    [UInt16]              $Flags
    [Boolean]             $ZoneKey
    [Boolean]             $SecureEntryPoint
    [KEYProtocol]         $Protocol
    [EncryptionAlgorithm] $Algorithm
    [String]              $PublicKey

    DnsDNSKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Flags = $binaryReader.ReadUInt16($true)
        $this.ZoneKey = $this.Flags -band 0x0100
        $this.SecureEntryPoint = $this.Flags -band 0x0001
        $this.Protocol = $binaryReader.ReadByte()
        $this.Algorithm = $binaryReader.ReadByte()

        $bytes = $binaryReader.ReadBytes($this.RecordDataLength - 4)
        $this.PublicKey = [Convert]::ToBase64String($bytes)


    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(
            $this.PublicKey -split '(?<=\G.{56})' -join ' '

class DnsDOARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | DOA-ENTERPRISE |
        | |
        | DOA-TYPE |
        | |
        | DOA-LOCATION | /
        +--+--+--+--+--+--+--+--+ /
        / DOA-MEDIA-TYPE /
        / /
        / DOA-DATA /
        / /

        DOA Enterprise values are defined by:


    [UInt32]      $Enterprise
    [UInt32]      $Type
    [DOALocation] $Location
    [String]      $MediaType
    [String]      $Data

    DnsDOARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Enterprise = $binaryReader.ReadUInt32($true)
        $this.Type = $binaryReader.ReadUInt32($true)
        $this.Location = $binaryReader.ReadByte()

        $length = 0
        $this.MediaType = $binaryReader.ReadDnsCharacterString([Ref]$length)

        $length = $this.RecordDataLength - 9 - $length
        $this.Data = [Convert]::ToBase64String($binaryReader.ReadBytes($length))

    hidden [String] RecordDataToString() {
        return '{0} {1} {2:D} "{3}" {4}' -f @(

class DnsDSRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | KEYTAG |
        / DIGEST /
        / /


    [UInt16]              $KeyTag
    [EncryptionAlgorithm] $Algorithm
    [DigestType]          $DigestType
    [String]              $Digest

    DnsDSRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.KeyTag = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()
        $this.DigestType = $binaryReader.ReadByte()

        $bytes = $binaryReader.ReadBytes($this.RecordDataLength - 4)
        $this.Digest = [EndianBitConverter]::ToHexadecimal($bytes)

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(
            $this.Digest -split '(?<=\G.{56})' -join ' '

class DnsEIDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / EID /


    [String] $EID

    DnsEIDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.EID = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($this.RecordDataLength))

    hidden [String] RecordDataToString() {
        return $this.EID

class DnsEUI48Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ADDRESS |
        | |
        | |


    [String] $Address

    DnsEUI48Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Address = [BitConverter]::ToString($binaryReader.ReadBytes(6)).ToLower()

    hidden [String] RecordDataToString() {
        return $this.Address

class DnsEUI64Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ADDRESS |
        | |
        | |
        | |


    [String] $Address

    DnsEUI64Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Address = [BitConverter]::ToString($binaryReader.ReadBytes(8)).ToLower()

    hidden [String] RecordDataToString() {
        return $this.Address

class DnsGIDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / GID /

    [Byte[]] $Data

    DnsGIDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Data = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return '\# {0} {1}' -f @(

class DnsGPOSRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / LONGITUDE /
        / /
        / LATITUDE /
        / /
        / ALTITUDE /
        / /


    [String] $Longitude
    [String] $Latitude
    [String] $Altitude

    DnsGPOSRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Longitude = $binaryReader.ReadDnsCharacterString()
        $this.Latitude = $binaryReader.ReadDnsCharacterString()
        $this.Altitude = $binaryReader.ReadDnsCharacterString()

    hidden [String] RecordDataToString() {
        return '"{0}" "{1}" "{2}"' -f @(

class DnsHINFORecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / CPU /
        / OS /


    [String] $CPU
    [String] $OS

    DnsHINFORecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.CPU = $binaryReader.ReadDnsCharacterString()
        $this.OS = $binaryReader.ReadDnsCharacterString()

    hidden [String] RecordDataToString() {
        return '"{0}" "{1}"' -f @(

class DnsHIPRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / HIT /
        / /
        / PUBLIC KEY /
        / /
        / /


    [IPSECAlgorithm] $PublicKeyAlgorithm
    [String]         $HIT
    [String]         $PublicKey
    [String[]]       $RendezvousServers

    DnsHIPRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $hitLength = $binaryReader.ReadByte()

        $this.PublicKeyAlgorithm = $binaryReader.ReadByte()

        $publicKeyLength = $binaryReader.ReadUInt16($true)

        $this.HIT = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($hitLength))
        $this.PublicKey = [Convert]::ToBase64String($binaryReader.ReadBytes($publicKeyLength))

        $length = $this.RecordDataLength - 4 - $hitLength - $publicKeyLength
        if ($length -gt 0) {
            $this.RendezvousServers = do {
                $entryLength = 0


                $length -= $entryLength
            } until ($length -le 0)

    hidden [String] RecordDataToString() {
        return '{0:D} {1} {2} {3}' -f @(
            $this.RendezvousServers -join ' '

class DnsIPSECKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ALGORITHM | /
        +--+--+--+--+--+--+--+--+ /
        / GATEWAY /
        / /
        / PUBLICKEY /
        / /


    [Byte]             $Precedence
    [IPSECGatewayType] $GatewayType
    [IPSECAlgorithm]   $Algorithm
    [String]           $Gateway
    [String]           $PublicKey

    DnsIPSECKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Precedence = $binaryReader.ReadByte()
        $this.GatewayType = $binaryReader.ReadByte()
        $this.Algorithm = $binaryReader.ReadByte()

        $length = 0
        $this.Gateway = switch ($this.GatewayType) {
            IPv4       {
                $length = 4
            IPv6       {
                $length = 16
            DomainName {
        if ($this.Gateway.Length -eq 0) {
            $this.Gateway = '.'

        $publicKeyLength = $this.RecordDataLength - $length - 3
        $this.PublicKey = [Convert]::ToBase64String($binaryReader.ReadBytes($publicKeyLength))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3} {4}' -f @(

class DnsISDNRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / ISDNADDRESS /
        / SUBADDRESS /


    [String]     $ISDNAddress
    [String]     $SubAddress

    DnsISDNRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = 0
        $this.ISDNAddress = $binaryReader.ReadDnsCharacterString([Ref]$length)

        if ($this.RecordDataLength - $length -gt 0) {
            $this.SubAddress = $binaryReader.ReadDnsCharacterString()

    hidden [String] RecordDataToString() {
        if ($this.SubAddress) {
            return '"{0}" "{1}"' -f @(
        } else {
            return '"{0}"' -f @(

class DnsKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | FLAGS |
        / PUBLIC KEY /
        / /
        / /
        The flags field takes the following format, discussed in RFC 2535 3.1.2:
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | A/C | Z | XT| Z | Z | NAMTYP| Z | Z | Z | Z | SIG |

    [UInt16]              $Flags
    [KEYAC]               $AuthenticationConfidentiality
    [UInt16]              $FlagsExtension
    [KEYNameType]         $NameType
    [Boolean]             $SignatoryField
    [KEYProtocol]         $Protocol
    [EncryptionAlgorithm] $Algorithm
    [String]              $PublicKey

    DnsKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Flags = $binaryReader.ReadUInt16($true)
        $this.AuthenticationConfidentiality = [Byte]($this.Flags -shr 14)

        if (($this.Flags -band 0x1000) -eq 0x1000) {
            $this.FlagsExtension = $binaryReader.ReadUInt16($true)

        $this.NameType = ($this.Flags -band 0x0300) -shr 9
        $this.SignatoryField = $this.Flags -band 0x000F
        $this.Protocol = $binaryReader.ReadByte()
        $this.Algorithm = $binaryReader.ReadByte()

        $length = $this.RecordDataLength - 4
        if ($this.AuthenticationConfidentiality -ne 'NoKey' -and $length -gt 0) {
            $this.PublicKey = [Convert]::ToBase64String($binaryReader.ReadBytes($length))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(
            $this.PublicKey -split '(?<=\G.{56})' -join ' '

class DnsKXRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        / EXCHANGER /
        / /


    [UInt16] $Preference
    [String] $Exchanger

    DnsKXRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.Exchanger = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsL32Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        | LOCATOR |
        | |


    [UInt16] $Preference
    [String] $Locator

    DnsL32Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.Locator = $binaryReader.ReadIPAddress()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsL64Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        | LOCATOR |
        | |
        | |
        | |


    [UInt16] $Preference
    [String] $Locator

    DnsL64Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)

        $bytes = $binaryReader.ReadBytes(8)
        $address = for ($i = 0; $i -lt $bytes.Count; $i += 2) {
            ('{0:x2}{1:x2}' -f $bytes[$i], $bytes[$i + 1]).TrimStart('0')
        $this.Locator = $address -join ':'

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsLOCRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | VERSION | SIZE |
        | HORIZ PRE | VERT PRE |
        | LATITUDE |
        | |
        | LONGITUDE |
        | |
        | ALTITUDE |
        | |


    [Byte]            $Version
    [Decimal]         $Size
    [Decimal]         $HorizontalPrecision
    [Decimal]         $VerticalPrecision
    [AngularDistance] $Latitude
    [AngularDistance] $Longitude
    [Decimal]         $Altitude

    DnsLOCRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Double] ConvertFromIntegerPair($byte) {
        return 0 + ('{0}e{1}' -f @(
            ($byte -band 0xF0) -shr 4
            $byte -band 0x0F
        )) / 100

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Version = $binaryReader.ReadByte()

        $this.Size = $this.ConvertFromIntegerPair($binaryReader.ReadByte())
        $this.HorizontalPrecision = $this.ConvertFromIntegerPair($binaryReader.ReadByte())
        $this.VerticalPrecision = $this.ConvertFromIntegerPair($binaryReader.ReadByte())

        $this.Latitude = [AngularDistance]::new($binaryReader.ReadUInt32($true), 'Latitude')
        $this.Longitude = [AngularDistance]::new($binaryReader.ReadUInt32($true), 'Longitude')
        $this.Altitude = (-10000000 + $binaryReader.ReadUInt32($true)) / 100

    hidden [String] RecordDataToString() {
        return '{0} {1} {2:N2}m {3}m {4}m {5}m' -f @(

class DnsLPRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        / FQDN /
        / /


    [UInt16] $Preference
    [String] $FQDN

    DnsLPRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.FQDN = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsMBRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / MADNAME /
        / /


    [String] $Hostname

    DnsMBRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Hostname

class DnsMDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / MADNAME /
        / /


    [String] $Hostname

    DnsMDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Hostname

class DnsMFRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / MADNAME /
        / /


    [String] $Hostname

    DnsMFRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Hostname

class DnsMGRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / MGMNAME /
        / /


    [String] $MailboxName

    DnsMGRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.MailboxName = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.MailboxName

class DnsMINFORecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / RMAILBX /
        / EMAILBX /


    [String] $ResponsibleMailbox
    [String] $ErrorMailbox

    DnsMINFORecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.ResponsibleMailbox = $binaryReader.ReadDnsDomainName()
        $this.ErrorMailbox = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsMRRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / NEWNAME /
        / /


    [String] $MailboxName

    DnsMRRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.MailboxName = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.MailboxName

class DnsMXRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        / EXCHANGE /
        / /


    [UInt16] $Preference
    [String] $Exchange

    DnsMXRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.Exchange = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsNAPTRRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ORDER |
        | PREFERENCE |
        / FLAGS /
        / SERVICES /
        / REGEXP /
        / REPLACEMENT /
        / /


    [UInt16] $Order
    [UInt16] $Preference
    [String] $Flags
    [String] $Service
    [String] $RegularExpression
    [String] $Replacement

    DnsNAPTRRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Order = $binaryReader.ReadUInt16($true)
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.Flags = $binaryReader.ReadDnsCharacterString()
        $this.Service = $binaryReader.ReadDnsCharacterString()
        $this.RegularExpression = $binaryReader.ReadDnsCharacterString()
        $this.Replacement = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1} "{2}" "{3}" "{4}" {5}' -f @(

class DnsNIDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        | NODEID |
        | |
        | |
        | |


    [UInt16] $Preference
    [String] $NodeID

    DnsNIDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)

        $bytes = $binaryReader.ReadBytes(8)
        $address = for ($i = 0; $i -lt $bytes.Count; $i += 2) {
            ('{0:x2}{1:x2}' -f $bytes[$i], $bytes[$i + 1]).TrimStart('0')
        $this.NodeID = $address -join ':'

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsNIMLOCRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / BinaryData /


    [Byte[]] $BinaryData

    DnsNIMLOCRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.BinaryData = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return [EndianBitConverter]::ToHexadecimal($this.BinaryData)

class DnsNINFORecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / ZS-DATA /
        / /


    [String[]] $ZSData

    DnsNINFORecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = $this.RecordDataLength
        if ($length -gt 0) {
            $this.ZSData = do {
                $entryLength = 0


                $length -= $entryLength
            } until ($length -le 0)

    hidden [String] RecordDataToString() {
        return '"{0}"' -f ($this.ZSData -join '" "')

class DnsNSAPPTRRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / OWNER /
        / /


    [String] $Owner

    DnsNSAPPTRRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Owner = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Owner

    [String] ToString() {
        return '{0,-29} {1,-10} {2,-5} {3,-10} {4}' -f @(

class DnsNSAPRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / NSAP /


    [String] $Text
    [String] $Data

    DnsNSAPRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Data = '0x{0}' -f @(

    hidden [String] RecordDataToString() {
        return $this.Data

class DnsNSEC3PARAMRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | HASH ALG | FLAGS |
        | ITERATIONS |
        | SALT LEN | /
        +--+--+--+--+--+--+--+--+ /
        / SALT /


    [NSEC3HashAlgorithm] $HashAlgorithm
    [Byte]               $Flags
    [UInt16]             $Iterations
    [String]             $Salt = '-'

    DnsNSEC3PARAMRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.HashAlgorithm = $binaryReader.ReadByte()
        $this.Flags = $binaryReader.ReadByte()
        $this.Iterations = $binaryReader.ReadUInt16($true)

        $saltLength = $binaryReader.ReadByte()
        if ($saltLength -gt 0) {
            $this.Salt = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($saltLength))

    hidden [String] RecordDataToString() {
        return '{0:D} {1} {2} {3}' -f @(

class DnsNSEC3Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | HASH ALG | FLAGS |
        | ITERATIONS |
        | SALT LEN | /
        +--+--+--+--+--+--+--+--+ /
        / SALT /
        | HASH LEN | /
        +--+--+--+--+--+--+--+--+ /
        / HASH /
        / /
        / <BIT MAP> /
        / /
        The flags field takes the following format, discussed in RFC 5155 3.2:
          0 1 2 3 4 5 6 7
        | |O |
        Where O, bit 7, represents the Opt-Out Flag.


    [NSEC3HashAlgorithm] $HashAlgorithm
    [Byte]               $Flags
    [Boolean]            $OptOut
    [UInt16]             $Iterations
    [String]             $Salt
    [String]             $Hash
    [DnsRecordType[]]    $RRType

    DnsNSEC3Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.HashAlgorithm = $binaryReader.ReadByte()
        $this.Flags = $binaryReader.ReadByte()
        $this.OptOut = $this.Flags -band [NSEC3Flags]::OptOut
        $this.Iterations = $binaryReader.ReadUInt16($true)

        $saltLength = $binaryReader.ReadByte()
        if ($saltLength -gt 0) {
            $this.Salt = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($saltLength))

        $hashLength = $binaryReader.ReadByte()
        $this.Hash = [EndianBitConverter]::ToBase32String($binaryReader.ReadBytes($hashLength))

        $this.RRType = $binaryReader.ReadBitMap(
            $this.RecordDataLength - 6 - $saltLength - $hashLength

    hidden [String] RecordDataToString() {
        return '{0:D} {1} {2} {3} {4} {5}' -f @(
            $this.RRType -join ' '

class DnsNSECRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / DOMAINNAME /
        / /
        / <BIT MAP> /
        / /

    [String]          $DomainName
    [DnsRecordType[]] $RRType

    DnsNSECRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = 0
        $this.DomainName = $binaryReader.ReadDnsDomainName([Ref]$length)

        $this.RRType = $binaryReader.ReadBitMap(
            $this.RecordDataLength - $length

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(
            $this.RRType -join ' '

class DnsNSRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / NSDNAME /
        / /

    [String] $Hostname

    DnsNSRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Hostname

class DnsNULLRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / <anything> /
        / /


    [Byte[]] $BinaryData

    DnsNULLRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.BinaryData = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return [Convert]::ToBase64String($this.BinaryData)

class DnsNXTRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / DOMAINNAME /
        / /
        / <BIT MAP> /
        / /


    [String]          $DomainName
    [DnsRecordType[]] $RRType

    DnsNXTRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = 0
        $this.DomainName = $binaryReader.ReadDnsDomainName([Ref]$length)

        $bitMapLength = $this.RecordDataLength - $length
        $bitMap = $binaryReader.ReadBytes($bitMapLength)

        $this.RRType = for ($i = 0; $i -lt $bitMapLength; $i++) {
            for ($j = 7; $j -ge 0; $j--) {
                if ($bitMap[$i] -band 1 -shl $j) {
                    8 * $i + 7 - $j

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(
            $this.RRType -join ' '

class DnsOPENPGPKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / TXT-DATA /


    [String] $Key

    DnsOPENPGPKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Key = [Convert]::ToBase64String($binaryReader.ReadBytes($this.RecordDataLength))

    hidden [String] RecordDataToString() {
        return $this.Key -split '(?<=\G.{56})' -join ' '

class DnsOPTRecord : DnsResourceRecord {
        OPT records make the following changes to standard resource record fields:
        Field Name Field Type Description
        ---------- ---------- -----------
        NAME domain name empty (root domain)
        TYPE u_int16_t OPT
        CLASS u_int16_t sender's UDP payload size
        TTL u_int32_t extended RCODE and flags
        RDLEN u_int16_t describes RDATA
        RDATA octet stream {attribute,value} pairs
        The Extended RCODE (stored in the TTL) is formatted as follows:
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | Z |
        RR data structure:
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | OPTION-CODE |
        | OPTION-LENGTH |
        / OPTION-DATA /
        / /
        Processing for each option assigned by IANA has been added as described below.
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | OPTION-CODE |
        | OPTION-LENGTH |
        | VERSION |
        | LLQ-OPCODE |
        | ERROR-CODE |
        | LLQ-ID |
        | |
        | |
        | |
        | |
        | |
        | |
        | |
        | LEASE-LIFE |
        | |
        Option data is returned as a byte array (NSIDBytes) and an ASCII string (NSIDString).
        DUA, DHU and N3U
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | OPTION-CODE |
        | LIST-LENGTH |
        | ALG-CODE | ... /
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | OPTION-CODE |
        | OPTION-LENGTH |
        / ADDRESS /


    [UInt16]       $MaximumPayloadSize
    [UInt16]       $ExtendedRCode
    [UInt32]       $Version
    [PSObject[]]   $OptionData

    DnsOPTRecord() : base() {
        $this.RecordType = 'OPT'
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Name = $dnsResourceRecord.Name
        $this.RecordType = $dnsResourceRecord.RecordType

        $this.MaximumPayloadSize = $binaryReader.ReadUInt16($true)
        $this.ExtendedRCode = $binaryReader.ReadByte()
        $this.Version = $binaryReader.ReadByte()

        $this.Z = $binaryReader.ReadUInt16($true)
        $this.RecordDataLength = $binaryReader.ReadUInt16($true)

        if ($binaryReader.BaseStream.Capacity -ge ($binaryReader.BaseStream.Position + $this.RecordDataLength)) {

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $optionsLength = $this.RecordDataLength

        $this.OptionData = while ($optionsLength -gt 0) {
            $optionCode   = [EDnsOptionCode]$binaryReader.ReadUInt16($true)
            $optionLength = $binaryReader.ReadUInt16($true)
            $optionsLength -= $optionLength

            switch ($optionCode) {
                'LLQ' {
                        OptionCode   = $optionCode
                        OptionLength = $optionLength
                        Version      = $binaryReader.ReadUInt16($true)
                        OpCode       = [LLQOpCode]$binaryReader.ReadUInt16($true)
                        ErrorCode    = [LLQErrorCode]$binaryReader.ReadUInt16($true)
                        ID           = $binaryReader.ReadUInt64($true)
                        LeaseLife    = $binaryReader.ReadUInt32($true)
                'UL' {
                        OptionCode   = $optionCode
                        OptionLength = $optionLength
                        Lease        = $binaryReader.ReadInt32($true)
                'NSID' {
                    $bytes = $binaryReader.ReadBytes($this.OptionLength)
                        OptionCode   = $optionCode
                        OptionLength = $optionLength
                        Bytes        = $bytes
                        String       = [Encoding]::UTF8.GetString($bytes)
                'EDNSClientSubnet' {
                    $option = [PSCustomObject]@{
                        OptionCode    = $optionCode
                        OptionLength  = $optionLength
                        AddressFamily = [IanaAddressFamily]$binaryReader.ReadUInt16($true)
                        SourceNetMask = $binaryReader.ReadByte()
                        ScopeNetMask  = $binaryReader.ReadByte()
                        Address       = $null

                    $addressLength = [Math]::Ceiling($option.SourceNetMask / 8)
                    $addressBytes = $binaryReader.ReadBytes($addressLength)

                    $length = switch ($option.AddressFamily) {
                        'IPv4' { 4 }
                        'IPv6' { 16 }
                    if ($length) {
                        while ($addressBytes.Length -lt $length) {
                            $addressBytes = @([Byte]0) + $addressBytes
                        $option.Address = [IPAddress]::new($addressBytes)
                    } else {
                        $option.Address = $addressBytes

                { $_ -in 'DAU', 'DHU', 'N3U' } {
                        OptionCode   = $optionCode
                        OptionLength = $optionLength
                        Algorithm    = [EncryptionAlgorithm]$binaryReader.ReadByte()
                        HashBytes    = [Convert]::ToBase64String($binaryReader.ReadBytes($optionLength - 1))
                default {
                        OptionCode   = $optionCode
                        OptionLength = $optionLength
                        OptionData   = $binaryReader.ReadBytes($optionLength)

    hidden [IEnumerable[Byte]] RecordDataToByteArray() {
        return [Byte[]]::new(0)

    [Byte[]] ToByteArray(
        [Boolean] $useCompressedNames
    ) {
        $bytes = [List[Byte]]::new()

        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$this.RecordType, $true))
        $bytes.AddRange([EndianBitConverter]::GetBytes($this.MaximumPayloadSize, $true))
        $bytes.AddRange([EndianBitConverter]::GetBytes($this.ExtendedRCode, $true))
        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$this.Z, $true))

        $recordDataBytes = $this.RecordDataToByteArray()

        $bytes.AddRange([EndianBitConverter]::GetBytes([UInt16]$recordDataBytes.Count, $true))

        return $bytes.ToArray()

class DnsPTRRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / PTRDNAME /
        / /


    [String] $Hostname

    DnsPTRRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return $this.Hostname

class DnsPXRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        / MAP822 /
        / /
        / MAPX400 /
        / /


    [UInt16] $Preference
    [String] $MAP822
    [String] $MAPX400

    DnsPXRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.MAP822 = $binaryReader.ReadDnsDomainName()
        $this.MAPX400 = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0,-5} {1} {2}' -f @(

class DnsRKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | FLAGS |
        / PUBLIC KEY /
        / /
        / /


    [UInt16]              $Flags
    [KEYProtocol]         $Protocol
    [EncryptionAlgorithm] $Algorithm
    [String]              $PublicKey

    DnsRKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Flags = $binaryReader.ReadUInt16($true)
        $this.Protocol = $binaryReader.ReadByte()
        $this.Algorithm = $binaryReader.ReadByte()

        $keyLength = $this.RecordDataLength - 4
        $this.PublicKey = [Convert]::ToBase64String($binaryReader.ReadBytes($keyLength))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(
            $this.PublicKey -split '(?<=\G.{56})' -join ' '

class DnsRPRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / RMAILBX /
        / TXTDNAME /


    [String] $ResponsibleMailbox
    [String] $DomainName

    DnsRPRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.ResponsibleMailbox = $binaryReader.ReadDnsDomainName()
        $this.DomainName = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsRRSIGRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | TYPE COVERED |
        | ALGORITHM | LABELS |
        | ORIGINAL TTL |
        | |
        | |
        | |
        | KEY TAG |
        / SIGNER'S NAME /
        / /
        / /
        / SIGNATURE /
        / /
        / /


    [DnsRecordType]       $TypeCovered
    [EncryptionAlgorithm] $Algorithm
    [Byte]                $Labels
    [UInt32]              $OriginalTTL
    [DateTime]            $SignatureExpiration
    [DateTime]            $SignatureInception
    [UInt16]              $KeyTag
    [String]              $SignersName
    [String]              $Signature

    DnsRRSIGRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.TypeCovered = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()
        $this.Labels = $binaryReader.ReadByte()
        $this.OriginalTTL = $binaryReader.ReadUInt32($true)
        $this.SignatureExpiration = (Get-Date '01/01/1970').AddSeconds($binaryReader.ReadUInt32($true))
        $this.SignatureInception = (Get-Date '01/01/1970').AddSeconds($binaryReader.ReadUInt32($true))
        $this.KeyTag = $binaryReader.ReadUInt16($true)

        $length = 0
        $this.SignersName = $binaryReader.ReadDnsDomainName([Ref]$length)
        $this.Signature = [Convert]::ToBase64String($binaryReader.ReadBytes($this.RecordDataLength - 18 - $length))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2} {3} {4:yyyyMMddHHmmss} {5:yyyyMMddHHmmss} {6} {7} {8}' -f @(
            $this.Signature -split '(?<=\G.{56})' -join ' '

    [String] ToLongString() {
        return (@(
            '{0} {1:D} {2} ( ; type-cov={0}, alg={1}, labels={2}'
            ' {3,-16} ; OriginalTTL'
            ' {4,-16:yyyyMMddHHmmss} ; Signature expiration ({4:u})'
            ' {5,-16:yyyyMMddHHmmss} ; Signature inception ({5:u})'
            ' {6,-16} ; Key identifier'
            ' {7,-16} ; Signer'
            ' {8,-16} ; Signature'
         ) -join "`n") -f @(
            $this.Signature -split '(?<=\G.{56})' -join ' '

class DnsRTRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PREFERENCE |
        / /


    [UInt16] $Preference
    [String] $IntermediateHost

    DnsRTRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Preference = $binaryReader.ReadUInt16($true)
        $this.IntermediateHost = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsSIGRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | TYPE COVERED |
        | ALGORITHM | LABELS |
        | ORIGINAL TTL |
        | |
        | |
        | |
        | KEY TAG |
        / SIGNER'S NAME /
        / /
        / /
        / SIGNATURE /
        / /
        / /


    [DnsRecordType]       $TypeCovered
    [EncryptionAlgorithm] $Algorithm
    [Byte]                $Labels
    [UInt32]              $OriginalTTL
    [DateTime]            $SignatureExpiration
    [DateTime]            $SignatureInception
    [UInt16]              $KeyTag
    [String]              $SignersName
    [String]              $Signature

    DnsSIGRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.TypeCovered = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()
        $this.Labels = $binaryReader.ReadByte()
        $this.OriginalTTL = $binaryReader.ReadUInt32($true)
        $this.SignatureExpiration = (Get-Date "01/01/1970").AddSeconds($binaryReader.ReadUInt32($true))
        $this.SignatureInception = (Get-Date "01/01/1970").AddSeconds($binaryReader.ReadUInt32($true))
        $this.KeyTag = $binaryReader.ReadUInt16($true)

        $length = 0
        $this.SignersName = $binaryReader.ReadDnsDomainName([Ref]$length)
        $this.Signature = [Convert]::ToBase64String($binaryReader.ReadBytes($this.RecordDataLength - 18 - $length))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2} {3} {4:yyyyMMddHHmmss} {5:yyyyMMddHHmmss} {6} {7} {8}' -f @(
            $this.Signature -split '(?<=\G.{56})' -join ' '

    [String] ToLongString() {
        return (@(
            '{0} {1:D} {2} ( ; type-cov={0}, alg={1}, labels={2}'
            ' {3,-16} ; OriginalTTL'
            ' {4,-16:yyyyMMddHHmmss} ; Signature expiration ({4:u})'
            ' {5,-16:yyyyMMddHHmmss} ; Signature inception ({5:u})'
            ' {6,-16} ; Key identifier'
            ' {7,-16} ; Signer'
            ' {8,-16} ; Signature'
         ) -join "`n") -f @(
            $this.Signature -split '(?<=\G.{56})' -join ' '

class DnsSINKRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | CODING | SUBCODING |
        / DATA /
        / /

        The structure above is modified to match dig. Adding a meaning byte.

    [Byte]   $Meaning
    [Byte]   $Coding
    [Byte]   $Subcoding
    [String] $Data

    DnsSINKRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Meaning = $binaryReader.ReadByte()
        $this.Coding = $binaryReader.ReadByte()
        $this.Subcoding = $binaryReader.ReadByte()

        $dataLength = $this.RecordDataLength - 3
        if ($dataLength -gt 0) {
            $this.Data = [Convert]::ToBase64String($binaryReader.ReadBytes($dataLength))

    hidden [String] RecordDataToString() {
        if ($this.Data) {
            return '{0:D} {1:D} {2:D} {3}' -f @(
        } else {
            return '{0:D} {1:D} {2:D}' -f @(

class DnsSMIMEARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | MATCHING TYPE | /
        +--+--+--+--+--+--+--+--+ /
        / /


    [CertificateUsage] $CertificateUsage
    [Selector]         $Selector
    [MatchingType]     $MatchingType
    [String]           $CertificateAssociation

    DnsSMIMEARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.CertificateUsage = $binaryReader.ReadByte()
        $this.Selector = $binaryReader.ReadByte()
        $this.MatchingType = $binaryReader.ReadByte()
        $this.CertificateAssociation = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($this.RecordDataLength - 3))

    hidden [String] RecordDataToString() {
        return '{0:D} {1:D} {2:D} {3}' -f @(
            $this.CertificateAssociation -split '(?<=\G.{56})' -join ' '

class DnsSOARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / MNAME /
        / /
        / RNAME /
        / /
        | SERIAL |
        | |
        | REFRESH |
        | |
        | RETRY |
        | |
        | EXPIRE |
        | |
        | MINIMUM |
        | |


    [String] $NameServer
    [String] $ResponsiblePerson
    [UInt32] $Serial
    [UInt32] $Refresh
    [UInt32] $Retry
    [UInt32] $Expire
    [UInt32] $MinimumTTL

    DnsSOARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.NameServer = $binaryReader.ReadDnsDomainName()
        $this.ResponsiblePerson = $binaryReader.ReadDnsDomainName()
        $this.Serial = $binaryReader.ReadUInt32($true)
        $this.Refresh = $binaryReader.ReadUInt32($true)
        $this.Retry = $binaryReader.ReadUInt32($true)
        $this.Expire = $binaryReader.ReadUInt32($true)
        $this.MinimumTTL = $binaryReader.ReadUInt32($true)

    hidden [String] RecordDataToString() {
        return '{0} {1} {2} {3} {4} {5} {6}' -f @(

    hidden [Byte[]] RecordDataToByteArray(
        [Boolean] $useCompressedNames
    ) {
        $bytes = [List[Byte]]::new()

        if ($useCompressedNames) {
            # MNAME
            $bytes.AddRange([Byte[]](0xC0, 0x0C))
            # RNAME
            $bytes.AddRange([Byte[]](0xC0, 0x0C))
        } else {
            # RNAME

        # SerialNumber
        $bytes.AddRange([EndianBitConverter]::GetBytes($this.Serial, $true))

        return $bytes.ToArray()

    [String] ToLongString() {
        return (@(
            '{0} {1} ('
            ' {2,-10} ; serial'
            ' {3,-10} ; refresh ({4})'
            ' {5,-10} ; retry ({6})'
            ' {7,-10} ; expire ({8})'
            ' {9,-10} ; minimum ttl ({10})'
        ) -join "`n") -f @(
            (ConvertToTimeSpanString -Seconds $this.Refresh)
            (ConvertToTimeSpanString -Seconds $this.Retry)
            (ConvertToTimeSpanString -Seconds $this.Expire)
            (ConvertToTimeSpanString -Seconds $this.MinimumTTL)

class DnsSPFRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / TXT-DATA /


    [String[]] $SPF

    DnsSPFRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = $this.RecordDataLength
        if ($length -gt 0) {
            $this.SPF = do {
                $entryLength = 0


                $length -= $entryLength
            } until ($length -le 0)

    hidden [String] RecordDataToString() {
        return '"{0}"' -f ($this.SPF -join '" "')

class DnsSRVRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PRIORITY |
        | WEIGHT |
        | PORT |
        / TARGET /
        / /


    [UInt16] $Priority
    [UInt16] $Weight
    [UInt16] $Port
    [String] $Hostname

    DnsSRVRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Priority = $binaryReader.ReadUInt16($true)
        $this.Weight = $binaryReader.ReadUInt16($true)
        $this.Port = $binaryReader.ReadUInt16($true)
        $this.Hostname = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1} {2} {3}' -f @(

class DnsSSHFPRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ALGORITHM | FPTYPE |
        / FINGERPRINT /
        / /


    [SSHAlgorithm] $Algorithm
    [SSHFPType]    $FPType
    [String]       $Fingerprint

    DnsSSHFPRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Algorithm = $binaryReader.ReadByte()
        $this.FPType = $binaryReader.ReadByte()
        $this.FingerPrint = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($this.RecordDataLength - 2))

    hidden [String] RecordDataToString() {
        return '{0:D} {1:D} {2}' -f @(
            $this.Fingerprint -split '(?<=\G.{56})' -join ' '

class DnsTALINKRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / PREV /
        / /
        / NEXT /
        / /


    [String] $Previous
    [String] $Next

    DnsTALINKRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Previous = $binaryReader.ReadDnsDomainName()
        $this.Next = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        return '{0} {1}' -f @(

class DnsTARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | KEYTAG |
        / DIGEST /
        / /


    [UInt16]              $KeyTag
    [EncryptionAlgorithm] $Algorithm
    [DigestType]          $DigestType
    [String]              $Digest

    DnsTARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.KeyTag = $binaryReader.ReadUInt16($true)
        $this.Algorithm = $binaryReader.ReadByte()
        $this.DigestType = $binaryReader.ReadByte()
        $this.Digest = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($this.RecordDataLength - 4))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2:D} {3}' -f @(

class DnsTKEYRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / ALGORITHM /
        / /
        | INCEPTION |
        | |
        | EXPIRATION |
        | |
        | MODE |
        | ERROR |
        | KEYSIZE |
        / KEYDATA /
        / /
        | OTHERSIZE |
        / OTHERDATA /
        / /


    [String]   $Algorithm
    [DateTime] $Inception
    [DateTime] $Expiration
    [TKEYMode] $Mode
    [RCode]    $TKEYError
    [String]   $KeyData
    [String]   $OtherData

    DnsTKEYRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Algorithm = $binaryReader.ReadDnsDomainName()
        $this.Inception = (Get-Date "01/01/1970").AddSeconds($binaryReader.ReadUInt32($true))
        $this.Expiration = (Get-Date "01/01/1970").AddSeconds($binaryReader.ReadUInt32($true))
        $this.Mode = $binaryReader.ReadUInt16($true)
        $this.TKEYError = $binaryReader.ReadUInt16($true)

        $keySize = $binaryReader.ReadUInt16($true)
        $this.KeyData = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($keySize))

        $otherSize = $binaryReader.ReadUInt16($true)
        if ($otherSize -gt 0) {
            $this.OtherData = [EndianBitConverter]::ToHexadecimal($BinaryReader.ReadBytes($otherSize))

    hidden [String] RecordDataToString() {
        return '{0} {1:yyyyMMddHHmmss} {2:yyyyMMddHHmmss} {3:D} {4} {5}' -f @(

class DnsTLSARecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | MATCHING TYPE | /
        +--+--+--+--+--+--+--+--+ /
        / /


    [CertificateUsage] $CertificateUsage
    [Selector]         $Selector
    [MatchingType]     $MatchingType
    [String]           $CertificateAssociation

    DnsTLSARecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.CertificateUsage = $binaryReader.ReadByte()
        $this.Selector = $binaryReader.ReadByte()
        $this.MatchingType = $binaryReader.ReadByte()
        $this.CertificateAssociation = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($this.RecordDataLength - 3))

    hidden [String] RecordDataToString() {
        return '{0:D} {1:D} {2:D} {3}' -f @(
            $this.CertificateAssociation -split '(?<=\G.{56})' -join ' '

class DnsTSIGRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / ALGORITHM /
        / /
        | TIMESIGNED |
        | |
        | |
        | FUDGE |
        | MACSIZE |
        / MAC /
        / /
        | ORIGINALID |
        | ERROR |
        | OTHERSIZE |
        / OTHERDATA /
        / /


    [String]   $Algorithm
    [DateTime] $TimeSigned
    [UInt16]   $Fudge
    [String]   $MAC
    [UInt16]   $OriginalID
    [RCode]    $TSIGError
    [String]   $OtherData

    DnsTSIGRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Algorithm = $binaryReader.ReadDnsDomainName()
        $this.TimeSigned = (Get-Date "01/01/1970").AddSeconds($binaryReader.ReadUInt48($true))
        $this.Fudge = $binaryReader.ReadUInt16($true)

        $macSize = $binaryReader.ReadUInt16($true)
        $this.MAC =  [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($macSize))

        $this.OriginalID = $binaryReader.ReadUInt16($true)
        $this.TSIGError = $binaryReader.ReadUInt16($true)

        $otherSize = $binaryReader.ReadUInt16($true)

        if ($otherSize -gt 0) {
            $this.OtherData = [EndianBitConverter]::ToHexadecimal($BinaryReader.ReadBytes($otherSize))

    hidden [String] RecordDataToString() {
        return '{0} {1:yyyyMMddHHmmss} {2} {3} {4} {5:D} {6}' -f @(

class DnsTXTRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / TXT-DATA /


    [String[]] $Text

    DnsTXTRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $length = $this.RecordDataLength
        if ($length -gt 0) {
            $this.Text = do {
                $entryLength = 0


                $length -= $entryLength
            } until ($length -le 0)

    hidden [String] RecordDataToString() {
        return '"{0}"' -f ($this.Text -join '" "')

class DnsUIDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / UID /

    [Byte[]] $Data

    DnsUIDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Data = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return '\# {0} {1}' -f @(

class DnsUINFORecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / UINFO /

    [Byte[]] $Data

    DnsUINFORecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Data = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return '\# {0} {1}' -f @(

class DnsUNKNOWNRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / <anything> /
        / /

    [Byte[]] $BinaryData

    DnsUNKNOWNRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.BinaryData = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return [Convert]::ToBase64String($this.BinaryData)

class DnsUNSPECRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / UNSPEC /

    [Byte[]] $Data

    DnsUNSPECRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Data = $binaryReader.ReadBytes($this.RecordDataLength)

    hidden [String] RecordDataToString() {
        return '\# {0} {1}' -f @(

class DnsURIRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | PRIORITY |
        | WEIGHT |
        / TARGET /
        / /


    [UInt16] $Priority
    [UInt16] $Weight
    [String] $Target

    DnsURIRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Priority = $binaryReader.ReadUInt16($true)
        $this.Weight = $binaryReader.ReadUInt16($true)

        $this.Target = [String]::new($binaryReader.ReadChars(
            $this.RecordDataLength - 4

    hidden [String] RecordDataToString() {
        return '{0} {1} "{2}"' -f @(

class DnsWINSRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | LOCAL FLAG |
        | |
        | LOOKUP TIMEOUT |
        | |
        | CACHE TIMEOUT |
        | |
        | |
        / SERVER IP LIST /
        / /


    [WINSMappingFlag] $MappingFlag
    [UInt32]          $LookupTimeout
    [UInt32]          $CacheTimeout
    [IPAddress[]]     $ServerList

    DnsWINSRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.MappingFlag = $binaryReader.ReadUInt32($true)
        $this.LookupTimeout = $binaryReader.ReadUInt32($true)
        $this.CacheTimeout = $binaryReader.ReadUInt32($true)

        $numberOfServers = $binaryReader.ReadUInt32($true)

        $this.ServerList = for ($i = 0; $i -lt $numberOfServers; $i++) {

    hidden [String] RecordDataToString() {
        $value = 'L{0} C{1} ( {2} )' -f @(
            $this.ServerList -join ' '
        if ($this.MappingFlag -eq 0x10000) {
            return 'LOCAL {0}' -f $value
        return $value

class DnsWINSRRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | LOCAL FLAG |
        | |
        | LOOKUP TIMEOUT |
        | |
        | CACHE TIMEOUT |
        | |
        | |
        / DOMAIN NAME LIST /
        / /


    [WINSMappingFlag] $MappingFlag
    [UInt32]          $LookupTimeout
    [UInt32]          $CacheTimeout
    [String]          $DomainToAppend

    DnsWINSRRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.MappingFlag = $binaryReader.ReadUInt32($true)
        $this.LookupTimeout = $binaryReader.ReadUInt32($true)
        $this.CacheTimeout = $binaryReader.ReadUInt32($true)

        $this.DomainToAppend = $binaryReader.ReadDnsDomainName()

    hidden [String] RecordDataToString() {
        $value = 'L{0} C{1} ( {2} )' -f @(
        if ($this.MappingFlag -eq 0x10000) {
            return 'LOCAL {0}' -f $value
        return $value

class DnsWKSRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | ADDRESS |
        | |
        | PROTOCOL | /
        +--+--+--+--+--+--+--+--+ /
        / /
        / <BIT MAP> /
        / /


    [IPAddress]    $IPAddress
    [Byte]         $IPProtocolNumber
    [ProtocolType] $IPProtocolType
    [String]       $BitMap
    [UInt16[]]     $Ports

    DnsWKSRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.IPAddress = $binaryReader.ReadIPAddress()
        $this.IPProtocolNumber = $binaryReader.ReadByte()
        $this.IPProtocolType = $this.IPProtocolNumber

        $bitmapBytes = $binaryReader.ReadBytes($this.RecordDataLength - 5)
        foreach ($byte in $bitmapBytes) {
            $this.BitMap += [Convert]::ToString($byte, 2).PadLeft(8, '0')

        $this.Ports = for ($i = 0; $i -lt $this.BitMap.Length; $i++) {
            if ($this.BitMap[$i] -eq '1') {

    hidden [String] RecordDataToString() {
        return '{0} {1} {2}' -f @(
            $this.Ports -join ' '

class DnsX25Record : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / TXT-DATA /


    [String] $PSDNAddress

    DnsX25Record() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.PSDNAddress = $binaryReader.ReadDnsCharacterString()

    hidden [String] RecordDataToString() {
        return '"{0}"' -f $this.PSDNAddress

class DnsZONEMDRecord : DnsResourceRecord {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        | SERIAL |
        | |
        / DIGEST /
        / /


    [UInt32]           $Serial
    [ZONEMDDigestType] $DigestType
    [Byte]             $Reserved
    [String]           $Digest

    DnsZONEMDRecord() : base() { }
        [DnsResourceRecord]  $dnsResourceRecord,
        [EndianBinaryReader] $binaryReader
    ) : base(
    ) { }

    hidden [Void] ReadRecordData(
        [EndianBinaryReader] $binaryReader
    ) {
        $this.Serial = $binaryReader.ReadUInt32($true)
        $this.DigestType = $binaryReader.ReadByte()
        $this.Reserved = $binaryReader.ReadByte()
        $this.Digest = [EndianBitConverter]::ToHexadecimal($binaryReader.ReadBytes($this.RecordDataLength - 6))

    hidden [String] RecordDataToString() {
        return '{0} {1:D} {2} {3}' -f @(
            $this.Digest -split '(?<=\G.{56})' -join ' '

class DnsMessage {
                                        1 1 1 1 1 1
          0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
        / /
        / HEADER /
        / /
        / /
        / QUESTION /
        / /
        / /
        / ANSWER /
        / /
        / /
        / AUTHORITY /
        / /
        / /
        / ADDITIONAL /
        / /

    [DnsHeader]           $Header
    [DnsQuestion[]]       $Question
    [DnsResourceRecord[]] $Answer
    [DnsResourceRecord[]] $Authority
    [DnsResourceRecord[]] $Additional
    [Int]                 $Size
    [Int64]               $TimeTaken
    [String]              $ComputerName

    DnsMessage() { }

        [String]      $name,
        [RecordType]  $recordType
    ) {
        $this.Header = [DnsHeader]::new($true, 1)
        $this.Question = [DnsQuestion]::new($name, $recordType, 'IN')

        [String]      $name,
        [RecordType]  $recordType,
        [RecordClass] $recordClass
    ) {
        $this.Header = [DnsHeader]::new($true, 1)
        $this.Question = [DnsQuestion]::new($name, $recordType, $recordClass)

        [String]      $name,
        [RecordType]  $recordType,
        [RecordClass] $recordClass,
        [UInt32]      $Serial
    ) {
        $this.Header = [DnsHeader]::new($true, 1)
        $this.Question = [DnsQuestion]::new($name, $recordType, $recordClass)

        $this.Header.AuthorityCount = 1
        $this.Authority = [DnsSOARecord]@{ Serial = $Serial }

    ) {
        $binaryReader = [EndianBinaryReader][MemoryStream]$message
        $this.Size = $message.Length

        $this.Header = [DnsHeader]$binaryReader

        $this.Question = for ($i = 0; $i -lt $this.Header.QuestionCount; $i++) {
        $this.Answer = for ($i = 0; $i -lt $this.Header.AnswerCount; $i++) {
        $this.Authority = for ($i = 0; $i -lt $this.Header.AuthorityCount; $i++) {
        $this.Additional = for ($i = 0; $i -lt $this.Header.AdditionalCount; $i++) {

    hidden [String] RecordSetToString(
        [DnsResourceRecord[]] $resourceRecords
    ) {
        if ($resourceRecords.Count -gt 0) {
            $string = [StringBuilder]::new()
            foreach ($resourceRecord in $resourceRecords) {
                if ($resourceRecord.RecordType -ne [RecordType]::OPT) {
            return $string.ToString().TrimEnd()
        return ''

    [String] QuestionToString() {
        $string = [StringBuilder]::new()
        foreach ($question in $this.Question) {
        return $string.ToString().TrimEnd()

    [String] AnswerToString() {
        return $this.RecordSetToString($this.Answer)

    [String] AuthorityToString() {
        return $this.RecordSetToString($this.Authority)

    [String] AdditionalToString() {
        return $this.RecordSetToString($this.Additional)

    [Void] SetEDnsBufferSize() {

    [Void] SetEDnsBufferSize([UInt16]$EDnsBufferSize) {
        $this.Header.AdditionalCount = 1
        $this.Additional = [DnsOPTRecord]@{
            MaximumPayloadSize = $EDnsBufferSize
            Z                  = [EDnsDNSSECOK]::DO

    [Void] SetAcceptDnsSec() {
        $this.Header.Flags = $this.Header.Flags -bor [HeaderFlags]::AD

    [Void] DisableRecursion() {
        $this.Header.Flags = [UInt16]$this.Header.Flags -bxor [UInt16][HeaderFlags]::RD

    [Byte[]] ToByteArray() {
        return $this.ToByteArray($false, $true)

    [Byte[]] ToByteArray(
        [Boolean] $useCompressedNames
    ) {
        return $this.ToByteArray($false, $useCompressedNames)

    [Byte[]] ToByteArray(
        [Boolean] $tcp,
        [Boolean] $useCompressedNames
    ) {
        $bytes = [List[Byte]]::new()


        if ($this.Header.AuthorityCount -gt 0) {
            foreach ($resourceRecord in $this.Authority) {
        if ($this.Header.AdditionalCount -gt 0) {
            foreach ($resourceRecord in $this.Additional) {

        if ($tcp) {
            $length = [BitConverter]::GetBytes([UInt16]$bytes.Count)
            $bytes.InsertRange(0, $length)

        return $bytes.ToArray()

class DnsClient {
    [Int32]     $BufferSize = 4096
    [EndPoint]  $RemoteEndPoint
    [Timespan]  $TimeTaken

    hidden [Socket] $socket

    DnsClient() {
        $this.Initialize($false, $false, 5, 5)

        [Boolean] $useTcp,
        [Boolean] $useIPv6
    ) {
        $this.Initialize($useTcp, $useIPv6, 5, 5)

        [Boolean] $useTcp,
        [Boolean] $useIPv6,
        [Int32]   $receiveTimeout,
        [Int32]   $sendTimeout
    ) {
        $this.Initialize($useTcp, $useIPv6, $receiveTimeout, $sendTimeout)

    hidden [Void] Initialize(
        [Boolean] $useTcp,
        [Boolean] $useIPv6,
        [Int32]   $receiveTimeout,
        [Int32]   $sendTimeout
    ) {
        $addressFamily = 'InterNetwork'
        if ($useIPv6) {
            $addressFamily = 'InterNetworkV6'
        if ($useTcp) {
            $this.Socket = [Socket]::new($addressFamily, 'Stream', 'Tcp')
        } else {
            $this.Socket = [Socket]::new($addressFamily, 'Dgram', 'Udp')
        $this.Socket.ReceiveTimeout = $receiveTimeout * 1000
        $this.Socket.SendTimeout = $sendTimeout * 1000

    [Void] SendQuestion(
        [DnsMessage] $message,
        [IPAddress]  $ipAddress
    ) {

    [Void] SendQuestion(
        [DnsMessage] $message,
        [IPAddress]  $ipAddress,
        [UInt16]     $port
    ) {
        try {
            $stopWatch = [StopWatch]::StartNew()

            $this.RemoteEndPoint = [EndPoint][IPEndPoint]::new($ipAddress, $port)

            if ($this.socket.ProtocolType -eq 'Tcp') {
                try {
                    $this.socket.Send($message.ToByteArray($true, $true))
                } catch {
            } else {
                $null = $this.socket.SendTo(
                    $message.ToByteArray($false, $true),
        } catch {
        } finally {

            $this.TimeTaken = $stopWatch.Elapsed

    [DnsMessage] ReceiveAnswer() {
        try {
            $stopWatch = [StopWatch]::StartNew()

            $messageBytes = $this.ReceiveBytes()

            return [DnsMessage]::new($messageBytes)
        } catch {
        } finally {

            $this.TimeTaken += $stopWatch.Elapsed

    [Byte[]] ReceiveBytes() {
        try {
            $buffer = [Byte[]]::new($this.bufferSize)

            if ($this.socket.ProtocolType -eq 'Tcp') {
                $bytesReceived = $this.socket.Receive($buffer)
                $length = [BitConverter]::ToUInt16(($buffer[1, 0]), 0)
                $messageBytes = [Byte[]]::new($length)
                    $bytesReceived - 2

                $totalBytesReceived = $bytesReceived

                while ($totalBytesReceived -lt $length) {
                    $bytesReceived = $this.socket.Receive($buffer)
                        $totalBytesReceived - 2,
                    $totalBytesReceived += $bytesReceived

                $this.RemoteEndPoint = $this.socket.RemoteEndPoint
            } else {
                if ($this.socket.AddressFamily -eq 'InterNetwork') {
                    $endPoint = [IPEndPoint]::new([IPAddress]::Any, 0)
                } else {
                    $endPoint = [IPEndPoint]::new([IPAddress]::IPv6Any, 0)

                $bytesReceived = $this.socket.ReceiveFrom($buffer, [Ref]$endPoint)
                $this.RemoteEndPoint = $endPoint

                $messageBytes = [Byte[]]::new($bytesReceived)

            return $messageBytes
        } catch {

    [Void] Close() {
        if ($this.socket.ProtocolType -eq 'Tcp') {

class DnsCacheRecord {
    [String]            $Name
    [UInt32]            $TTL
    [DnsRecordType]     $RecordType
    [IPAddress]         $IPAddress
    [CacheResourceType] $ResourceType = 'Address'
    [DateTime]          $TimeAdded = (Get-Date)
    [Boolean]           $IsPermanent

    DnsCacheRecord() { }

        [DnsARecord] $dnsRecord
    ) {

        [DnsAAAARecord] $dnsRecord
    ) {

    hidden Initialize(
    ) {
        $this.Name = $dnsRecord.Name
        $this.TTL = $dnsRecord.TTL
        $this.RecordType = $dnsRecord.RecordType
        $this.IPAddress = $dnsRecord.IPAddress

    static [DnsCacheRecord] Parse(
        [String] $recordData
    ) {
        if ($recordData -match '(?<Name>\S+)\s+(?<TTL>\d+)\s+(IN)?\s*(?<RecordType>A|AAAA)\s+(?<IPAddress>\S+)') {
            return [DnsCacheRecord]$matches
        } else {
            throw 'Invalid record data format'

    [Boolean] HasExpired() {
        if ($this.IsPermanent) {
            return $false

        return $this.TimeAdded.AddSeconds($this.TTL) -lt (Get-Date)

class ValidateDnsName : ValidateEnumeratedArgumentsAttribute {
    Hidden $nameRegex = '^([A-Z0-9]|_[A-Z])(([\w\-]{0,61})[^_\-])?(\.([A-Z0-9]|_[A-Z])(([\w\-]{0,61})[^_\-])?)*$|^\.$'

    ValidateDnsName() { }

    [Void] ValidateElement(
    ) {
        if (-not ([IPAddress]::TryParse($element, [Ref]$null)) -and $element -notmatch $this.nameRegex) {
            $errorRecord = [ErrorRecord]::new(
                [ArgumentException]::new('Invalid name format'),
            throw $errorRecord

function ConvertToTimeSpanString {
        Converts a number of seconds to a string.
        ConvertToTimeSpanString accepts values in seconds then uses integer division to represent that time as a string.
        ConvertToTimeSpanString accepts UInt32 values, overcoming the Int32 type limitation built into New-TimeSpan.
        The format below is used, omitting any values of 0:
        # weeks # days # hours # minutes # seconds
        ConvertToTimeSpanString 28800
        [UInt32]::MaxValue | ConvertToTimeSpanString
        86400, 700210 | ConvertToTimeSpanString

    param (
        # A number of seconds as an unsigned 32-bit integer.
        [Parameter(Mandatory, ValueFromPipeline)]

    begin {
        # Time periods described in seconds
        $formats = [Ordered]@{
            week   = 604800
            day    = 86400
            hour   = 3600
            minute = 60
            second = 1

    process {
        $values = foreach ($key in $formats.Keys) {
            $remainder = $Seconds % $formats[$key]
            $value = ($Seconds - $Remainder) / $formats[$key]
            $Seconds = $remainder

            if ($value) {
                '{0} {1}{2}' -f @(
                    ('', 's')[$value -gt 1]
        return $values -join ' '

function GetDnsSuffixSearchList {
        Attempt to discover a DNS suffix search list.
        Attempt to discover a DNS suffix search list.

    param (

    if (-not $Name.EndsWith('.')) {
        if (-not $psversiontable.Platform -or $psversiontable.Platform -eq 'Win32NT') {
            $params = @{
                ClassName = 'Win32_NetworkAdapterConfiguration'
                Property  = 'DNSDomainSuffixSearchOrder'
            (Get-CimInstance @params).DNSDomainSuffixSearchOrder
        } elseif (Test-Path '/etc/resolv.conf') {
            Get-Content '/etc/resolv.conf' | Where-Object { $_ -match '^search (.+)' } | ForEach-Object {
                $matches[1] -split '\s+'

function ResolveDnsServer {
    param (
        # The name or IP address of a DNS server to use.

        # Whether or not IPv6 will be used.

    $ipAddress = [IPAddress]::Any
    if ([IPAddress]::TryParse($ComputerName, [Ref]$ipAddress)) {
        return $ipAddress
    } else {
        if ($IPv6) {
            $serverRecordType = [RecordType]::AAAA
        } else {
            $serverRecordType = [RecordType]::A

        if ($cachedServer = Get-InternalDnsCacheRecord -Name $ComputerName -RecordType $ServerRecordType) {
            Write-Debug ('Resolve-DnsServer: Cache: Using Server ({0}) from cache.' -f $ComputerName)

            return $cachedServer | Select-Object -First 1 | Select-Object -ExpandProperty IPAddress
        } else {
            $dnsResponse = Get-Dns -Name $ComputerName -RecordType $ServerRecordType

            if ($dnsResponse.Answer) {
                $ipAddress = $dnsResponse.Answer | Select-Object -First 1 | Select-Object -ExpandProperty IPAddress

                Write-Debug ('Resolve-DnsServer: Cache: Adding Server ({0}) to cache.' -f $ComputerName)
                $dnsResponse.Answer | Add-InternalDnsCacheRecord

                return $ipAddress

    $errorRecord = [ErrorRecord]::new(
        [ArgumentException]::new('Unable to find an IP address for the specified name server ({0})' -f $ComputerName),

function Add-InternalDnsCacheRecord {
        Add a new CacheRecord to the DNS cache object.
        The DNS cache is used to reduce the effort required to resolve DNS server names used with the ComputerName parameter.
        $CacheRecord | Add-InternalDnsCacheRecord

    [CmdletBinding(DefaultParameterSetName = 'CacheRecord')]
    param (
        # A record to add to the cache.
        [Parameter(Mandatory, ValueFromPipeline, ParameterSetName = 'CacheRecord')]

        # A resource record to add to the cache.
        [Parameter(Mandatory, ValueFromPipeline, ParameterSetName = 'ResourceRecord')]

        # The cache object type.
        [CacheResourceType]$ResourceType = 'Address',

        # A time property is used to age entries out of the cache. If permanent is set the time is not, the value will not be purged based on the TTL.

    process {
        if ($ResourceRecord) {
            $CacheRecord = $ResourceRecord

        $CacheRecord.ResourceType = $ResourceType
        if ($Permanent) {
            $CacheRecord.IsPermanent = $true

        if ($Script:dnsCache.Contains($CacheRecord.Name)) {
            if ($Script:dnsCache.Contains($CacheRecord.Name)) {
                $Script:dnsCache[$CacheRecord.Name] += $CacheRecord
        } else {
            $Script:dnsCache.Add($CacheRecord.Name, @($CacheRecord))

function Clear-InternalDnsCache {
        Clears expired entries from the internal DNS cache.
        Clear expired entries from the internal DNS cache.

    param (

    if ($ExpiredOnly) {
        (Get-InternalDnsCacheRecord | Where-Object { $_.HasExpired() }) |
    } else {
        if ($pscmdlet.ShouldProcess('Clearing DNS cache')) {

function Format-DnsResponse {
    param (


    $maximumLength = $host.UI.RawUI.BufferSize.Width - 15

    $recordStrings = if ($DnsMessage.$Section.Count -gt 0) {
        foreach ($resourceRecord in $DnsMessage.$Section) {
            $string = $resourceRecord.ToString()
            if ($string.Length -gt $maximumLength) {
                '{0}...' -f $string.Substring(0, $maximumLength - 4)
            } else {

    $recordStrings -join "`n"

function Get-Dns {
        Get a DNS resource record from a DNS server.
        Get-Dns is a debugging resolver tool similar to dig and nslookup.
        Get-Dns hostname
        Attempt to resolve hostname using the system-configured search list.
        Get-Dns www.domain.example
        The system-configured search list will be appended to this query before it is executed.
        Get-Dns www.domain.example.
        The name is fully-qualified (or root terminated), no additional suffixes will be appended.
        Get-Dns example. -DnsSec
        Request ANY record for the domain, advertising DNSSEC support.

    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '')]
    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseOutputTypeCorrectly', '')]
    param (
        # A resource name to query, by default Get-Dns will use '.' as the name. IP addresses (IPv4 and IPv6) are automatically converted into an appropriate format to aid PTR queries.
        [Parameter(Position = 1, ValueFromPipeline, ValueFromPipelineByPropertyName)]
        [String]$Name = ".",

        # Any resource record type, by default a query for ANY will be sent.
        [Parameter(Position = 2, ValueFromPipelineByPropertyName)]
        [RecordType]$RecordType = [RecordType]::ANY,

        # By default the class is IN. CH (Chaos) may be used to query for name server information. HS (Hesoid) may be used if the name server supports it.
        [RecordClass]$RecordClass = [RecordClass]::IN,

        # Remove the Recursion Desired (RD) flag from a query. Recursion is requested by default.

        # Advertise support for DNSSEC when executing a query.

        # Enable EDNS support, suppresses OPT RR advertising client support in DNS question. Automatically enabled if DNSSEC is requested.

        # By default the EDns buffer size is set to 4096 bytes.
        [UInt16]$EDnsBufferSize = 4096,

        # Disable the use of TCP if a truncated response (TC flag) is seen when using UDP.

        # If a name is not root terminated (does not end with '.') a SearchList will be used for recursive queries. If this parameter is not defined Get-Dns will attempt to retrieve a SearchList from the hosts network configuration.
        # An empty search list by be specified by providing an empty array for this parameter.
        [String[]]$SearchList = (GetDnsSuffixSearchList),

        # Recursive, or version, queries can be forced to use TCP by setting the TCP switch parameter.

        # By default, DNS uses TCP or UDP port 53. The port used to send queries may be changed if a server is listening on a different port.
        [UInt16]$Port = 53,

        # By default, queries will timeout after 5 seconds. The value may be set between 1 and 30 seconds.
        [ValidateRange(1, 30)]
        [Byte]$Timeout = 5,

        # Force the use of IPv6 for queries, if this parameter is set and the ComputerName is set to a name (e.g. ns1.domain.example), Get-Dns will attempt to locate an AAAA record for the server.

        # A server name or IP address to execute a query against. If an IPv6 address is used Get-Dns will attempt the query using IPv6 (enables the IPv6 parameter).
        # If a name is used another lookup will be required to resolve the name to an IP. Get-Dns caches responses for queries performed involving the Server parameter. The cache may be viewed and maintained using the *-InternalDnsCache CmdLets.
        # If no server name is defined, the Get-DnsServerList command is used to discover locally configured DNS servers.
        [String]$ComputerName = (Get-DnsServerList -IPv6:$IPv6 | Select-Object -First 1),

        # Forces Get-Dns to output intermediate requests which would normally be hidden, such as NXDomain replies when using a SearchList.

    begin {
        Clear-InternalDnsCache -ExpiredOnly

    process {
        try {
            $serverIPAddress = ResolveDnsServer -ComputerName $ComputerName -IPv6:$IPv6
            if ($serverIPAdddress.AddressFamily -eq [AddressFamily]::InterNetworkv6) {
                Write-Verbose "Resolve-DnsServer: IPv6 server value used. Using IPv6 transport."
                $IPv6 = $true
            $ComputerName = $serverIPAddress
        } catch {

        $querySearchList = $SearchList
        if ($Name.EndsWith('.')) {
            $querySearchList = ''
        } elseif ($Name.IndexOf('.') -ne $Name.LastIndexOf('.')) {
            $querySearchList += ''

        $querySearchListPosition = 0
        foreach ($suffix in $querySearchList) {

            if ($suffix) {
                $fullName = '{0}.{1}' -f $Name, $suffix
            } else {
                $fullName = $Name

            $dnsMessage = [DnsMessage]::new(

            if ($EDns -or $DnsSec) {
            if ($DnsSec) {
            if ($NoRecursion) {

            try {
                $dnsClient = [DnsClient]::new(
                    ([IPAddress]$ComputerName).AddressFamily -eq 'InterNetworkV6',


                $dnsResponse = $dnsClient.ReceiveAnswer()
                $dnsResponse.ComputerName = $dnsClient.RemoteEndPoint
                $dnsResponse.TimeTaken = $dnsClient.TimeTaken.TotalMilliseconds

                if ($dnsResponse.Header.RCode -ne 'NXDOMAIN' -or
                    $querySearchListPosition -eq $querySearchList.Count -or
                    $dnsDebug) {

                    if ($dnsResponse.Header.Flags -band 'TC' -and -not $NoTcpFallback) {
                        Write-Debug 'Response is truncated. Resending using TCP'

                        Get-Dns @psboundparameters -Tcp

                    } else {

                    if (-not $dnsDebug) {
            } catch [SocketException] {
                $errorRecord = [ErrorRecord]::new(
            } catch {

function Get-DnsServerList {
        Gets a list of network interfaces and attempts to return a list of DNS server IP addresses.
        Get-DnsServerList uses System.Net.NetworkInformation to return a list of operational ethernet or wireless interfaces. IP properties are returned, and an attempt to return a list of DNS server addresses is made. If successful, the DNS server list is returned.
        Get-DnsServerList -IPv6

    param (
        # Find DNS servers which support IPv6.

    if ($IPv6) {
        $AddressFamily = [AddressFamily]::InterNetworkv6
    } else {
        $AddressFamily = [AddressFamily]::InterNetwork

    if ([NetworkInterface]::GetIsNetworkAvailable()) {
            Where{ $_.OperationalStatus -eq 'Up' -and $_.NetworkInterfaceType -match 'Ethernet|Wireless' }.
            ForEach{ $_.GetIPProperties().DnsAddresses }.
            Where{ $_.AddressFamily -eq $AddressFamily }
    } else {
        $errorRecord = [ErrorRecord]::new(
            [InvalidOperationException]::new('Failed to locate an available network'),

function Get-DnsVersion {
        Get the DNS server version.
        Attempt to get the DNS server version by sending a request for version.bind. using the CH class.
        DNS servers often refuse queries for the version number.
        Get the version of the default DNS server.
        Get-DnsVersion -ComputerName
        Get the version of the DNS server running on

    param (
        # Recursive, or version, queries can be forced to use TCP by setting the TCP switch parameter.

        # By default, DNS uses TCP or UDP port 53. The port used to send queries may be changed if a server is listening on a different port.
        [UInt16]$Port = 53,

        # By default, queries will timeout after 5 seconds. The value may be set between 1 and 30 seconds.
        [ValidateRange(1, 30)]
        [Byte]$Timeout = 5,

        # Force the use of IPv6 for queries, if this parameter is set and the ComputerName is set to a name (e.g. ns1.domain.example), Get-Dns will attempt to locate an AAAA record for the server.

        # A server name or IP address to execute a query against. If an IPv6 address is used Get-Dns will attempt the query using IPv6 (enables the IPv6 parameter).
        # If a name is used another lookup will be required to resolve the name to an IP. Get-Dns caches responses for queries performed involving the Server parameter. The cache may be viewed and maintained using the *-InternalDnsCache CmdLets.
        # If no server name is defined, the Get-DnsServerList command is used to discover locally configured DNS servers.

    $params = @{
        Name        = 'version.bind.'
        RecordType  = 'TXT'
        RecordClass = 'CH'
    Get-Dns @params @psboundparameters

function Get-DnsZoneTransfer {
        Get the content of a DNS zone using zone transfer.
        Get the content of a DNS zone using zone transfer.

    param (
        # The name of the zone to transfer.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline, ValueFromPipelineByPropertyName)]

        # If the serial number is set, an incremental zone transfer is performed.

        # By default, DNS uses TCP or UDP port 53. The port used to send queries may be changed if a server is listening on a different port.
        [UInt16]$Port = 53,

        # By default, queries will timeout after 5 seconds. The value may be set between 1 and 30 seconds.
        [ValidateRange(1, 30)]
        [Byte]$Timeout = 5,

        # Force the use of IPv6 for queries, if this parameter is set and the ComputerName is set to a name (e.g. ns1.domain.example), Get-Dns will attempt to locate an AAAA record for the server.

        # A server name or IP address to execute a query against. If an IPv6 address is used Get-Dns will attempt the query using IPv6 (enables the IPv6 parameter).
        # If a name is used another lookup will be required to resolve the name to an IP. Get-Dns caches responses for queries performed involving the Server parameter. The cache may be viewed and maintained using the *-InternalDnsCache CmdLets.
        # If no server name is defined, the Get-DnsServerList command is used to discover locally configured DNS servers.

    begin {
        try {
            $serverIPAddress = ResolveDnsServer -ComputerName $ComputerName -IPv6:$IPv6
            if ($serverIPAdddress.AddressFamily -eq [AddressFamily]::InterNetworkv6) {
                Write-Verbose 'IPv6 server value used. Using IPv6 transport.'
                $IPv6 = $true
            $ComputerName = $serverIPAddress
        } catch {

    process {
        if ($SerialNumber) {
            $dnsMessage = [DnsMessage]::new(
        } else {
            $dnsMessage = [DnsMessage]::new(

        $dnsClient = [DnsClient]::new(
            ([IPAddress]$ComputerName).AddressFamily -eq 'InterNetworkV6',


        $dnsResponse = $dnsClient.ReceiveAnswer()
        $dnsResponse.ComputerName = $dnsClient.RemoteEndPoint
        $dnsResponse.TimeTaken = $dnsClient.TimeTaken.TotalMilliseconds


function Get-InternalDnsCacheRecord {
        Get the content of the internal DNS cache used by Get-Dns.
        Get-InternalDnsCacheRecord displays records held in the cache.
        Get-InternalDnsCacheRecord A

    param (
        # The name of the record to retrieve.
        [Parameter(Position = 1, ValueFromPipelineByPropertyName)]

        # The record type to retrieve.
        [Parameter(Position = 2, ValueFromPipelineByPropertyName)]

        # The resource type to retrieve.
        [ValidateSet('Address', 'Hint')]

    process {
        if ($Name) {
            if (-not $Name.EndsWith('.')) {
                $Name += '.'
            if ($Script:dnsCache.Contains($Name)) {
                $Script:dnsCache[$Name] | Where-Object {
                    -not $RecordType -or $_.RecordType -eq $RecordType
        } else {
            $Script:dnsCache.Values | ForEach-Object { $_ } | Where-Object {
                (-not $RecordType -or $_.RecordType -eq $RecordType) -and
                (-not $ResourceType -or $_.ResourceType -eq $ResourceType)

function Initialize-InternalDnsCache {
        Initializes a basic DNS cache for use by Get-Dns.
        Get-Dns maintains a limited DNS cache, capturing A and AAAA records, to assist name server resolution (for values passed using the Server parameter).
        The cache may be manipulated using *-InternalDnsCacheRecord CmdLets.

    param( )

    $Script:dnsCache = @{}

    $path = Join-Path $myinvocation.MyCommand.Module.ModuleBase 'var\named.root'
    if (Test-Path $path) {
        Get-Content $path |
            Where-Object { -not $_.StartsWith(';') -and $_ -cmatch '\d+\s+A' } |
            ForEach-Object { [DnsCacheRecord]::Parse($_) } |
            Add-InternalDnsCacheRecord -ResourceType Hint -Permanent

function Remove-InternalDnsCacheRecord {
        Remove a single entry from the internal DNS cache.
        Remove a single entry from the internal DNS cache.
        Remove-InternalDnsCacheRecord someName -RecordType A

    param (
        # The name of the record to retrieve.
        [Parameter(Position = 1, ValueFromPipelineByPropertyName)]

        # The record type to retrieve.
        [Parameter(Position = 2, ValueFromPipelineByPropertyName)]
        [ValidateSet('A', 'AAAA')]

    process {
        if (-not $Name.EndsWith('.')) {
            $Name += '.'

        if ($Script:dnsCache.Contains($Name)) {
            if ($pscmdlet.ShouldProcess('Removing {0} from cache' -f $Name)) {
                if ($RecordType) {
                    $Script:dnsCache[$Name] = $Script:dnsCache[$Name] | Where-Object {
                        $_.RecordType -ne $RecordType

                    if ($Script:dnsCache[$Name].Count -eq 0) {
                } else {

function Search-Dns {
        Search all name servers for a specific record.
        Search-Dns may be used to retrieve a resource record from all name servers for a given domain.

    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '')]
    param (
        # The name of the record to search for. The name can either be fully-qualified or relative to the zone name.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline, ValueFromPipelineByPropertyName)]

        # The zone name is used to ensure the correct zone is searched for records. This avoids the need for tricks to discover the authority for record types such as CNAME.
        [Parameter(Mandatory, Position = 2, ValueFromPipelineByPropertyName)]

        # The record type to search for.
        [Parameter(Position = 3, ValueFromPipelineByPropertyName)]
        [RecordType]$RecordType = 'ANY',

        # Advertise support for DNSSEC when executing a query.

        # Recursive, or version, queries can be forced to use TCP by setting the TCP switch parameter.

        # By default, DNS uses TCP or UDP port 53. The port used to send queries may be changed if a server is listening on a different port.
        [UInt16]$Port = 53,

        # By default, queries will timeout after 5 seconds. The value may be set between 1 and 30 seconds.
        [ValidateRange(1, 30)]
        [Byte]$Timeout = 5,

        # Force the use of IPv6 for queries, if this parameter is set and the ComputerName is set to a name (e.g. ns1.domain.example), Get-Dns will attempt to locate an AAAA record for the server.

        # A server name or IP address to execute a query against. If an IPv6 address is used Get-Dns will attempt the query using IPv6 (enables the IPv6 parameter).
        # If a name is used another lookup will be required to resolve the name to an IP. Get-Dns caches responses for queries performed involving the Server parameter. The cache may be viewed and maintained using the *-InternalDnsCache CmdLets.
        # If no server name is defined, the Get-DnsServerList command is used to discover locally configured DNS servers.

    process {
        $null = $psboundparameters.Remove('Name')
        $null = $psboundparameters.Remove('ZoneName')
        $null = $psboundparameters.Remove('RecordType')

        $params = @{
            Name       = $ZoneName = '{0}.' -f $ZoneName.TrimEnd('.')
            RecordType = 'NS'
        $dnsResponse = Get-Dns @params @psboundparameters

        $Name = '{0}.' -f $Name.TrimEnd('.')
        if (-not $Name.EndsWith($ZoneName, 'InvariantCultureIgnoreCase')) {
            $Name = '{0}{1}' -f $Name, $ZoneName
        $Name = $Name.TrimStart('.')

        foreach ($answer in $dnsResponse.Answer) {
            $nameServer = $answer.HostName

            $params = @{
                Name         = $Name
                RecordType   = $RecordType
                ComputerName = $nameServer
            Get-Dns @params @psboundparameters

function Trace-Dns {
        Iteratively trace resolution of a name from a root or specified name server.
        Trace-Dns attempts to resolve a name from a root or specified name server by following authority records.

    [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '')]
    param (
        # The name of the record to search for. The name can either be fully-qualified or relative to the zone name.
        [Parameter(Mandatory, Position = 1, ValueFromPipeline, ValueFromPipelineByPropertyName)]

        # The record type to search for.
        [Parameter(Position = 3, ValueFromPipelineByPropertyName)]
        [RecordType]$RecordType = 'ANY',

        # Advertise support for DNSSEC when executing a query.

        # Recursive, or version, queries can be forced to use TCP by setting the TCP switch parameter.

        # By default, DNS uses TCP or UDP port 53. The port used to send queries may be changed if a server is listening on a different port.
        [UInt16]$Port = 53,

        # By default, queries will timeout after 5 seconds. The value may be set between 1 and 30 seconds.
        [ValidateRange(1, 30)]
        [Byte]$Timeout = 5,

        # Force the use of IPv6 for queries, if this parameter is set and the ComputerName is set to a name (e.g. ns1.domain.example), Get-Dns will attempt to locate an AAAA record for the server.

        # A server name or IP address to execute a query against. If an IPv6 address is used Get-Dns will attempt the query using IPv6 (enables the IPv6 parameter).
        # If a name is used another lookup will be required to resolve the name to an IP. Get-Dns caches responses for queries performed involving the Server parameter. The cache may be viewed and maintained using the *-InternalDnsCache CmdLets.
        # If no server name is defined, the Get-DnsServerList command is used to discover locally configured DNS servers.

    begin {
        if (-not $ComputerName) {
            $nameServerRecordType = 'A'
            if ($IPv6) {
                $nameServerRecordType = 'AAAA'

            $rootHints = Get-InternalDnsCacheRecord -RecordType $nameServerRecordType -ResourceType Hint
            $ComputerName = $rootHints.Name | Sort-Object { Get-Random } | Select-Object -First 1

    process {
        do {
            $dnsResponse = Get-Dns @psboundparameters -NoRecursion -ComputerName $ComputerName

            if ($dnsResponse.Header.AuthorityCount -gt 0) {
                $ComputerName = $dnsResponse.Authority[0].Hostname

        } until ($dnsResponse.Header.AnswerCount -gt 0 -or $dnsResponse.Header.RCode -ne 'NOERROR')

function Update-InternalRootHint {
        Updates the root hints file from InterNIC then re-initializes the internal cache.
        The root hints file is used as the basis of an internal DNS cache. The content of the root hints file is used during iterative name resolution.
    .PARAMETER Source
        Update-InternalRootHints attempts to download a named.root file from InterNIC by default. An alternative root hints source may be specified here.

    param (
        [URI]$Source = ""

    $path = Join-Path $myinvocation.MyCommand.Module.ModuleBase 'var\named.root'
    if ($pscmdlet.ShouldProcess('Updating {0}' -f $path)) {
        Invoke-WebRequest -Uri $Source -OutFile $path

function InitializeModule {
    # Resolver (Message): Initialize the DNS cache for Get-Dns

    # Resolver (Message): Set a variable to store TC state.
    New-Variable DnsTCEndFound -Scope Script -Value $false
