dnsfile = magic *( msghdr msgbuf )
msghdr = timestamp frameno ipver ip_src ip_dst transport_type sport dport
         msglen
msgbuf = octet *( octet )

All integers are little-endian.
binary64 is the IEEE 754 representation for 8 bytes floating-point numbers.

Name            Data Type   Description
magic           uint32      Constant 0x00DABDAB.
msghdr          struct      Variable size, depending on whether it contains
                            IPv4 or IPv6 addresses.
timestamp       binary64    Time when message has been received (for fragmented
                            messages: when the message could have been reassem-
                            bled).
frameno         uint32      Frame number in original pcap file of DNS message
                            (for fragmented messages: last received frame of
                            reassembled message).
ipver           uint8       0x04 for IPv4 addresses, 0x06 for IPv6 addresses.
ip_src          struct      Sender address: 4 bytes or 16 bytes IPv4/IPv6
                            address in network byte order (as used by in_addr).
ip_dst          struct      Receiver address: same format as ip_src.
transport_type  uint8       Internet Protocol Number (as assigned by IANA):
                            0x11 for UDP messages, 0x06 for TCP messages.
sport           uint16      Sender TCP/UDP port.
dport           uint16      Receiver TCP/UDP port.
msglen          uint16      Length of DNS message (number of octects of follow-
                            ing msgbuf), without any IPv4/IPv6/UDP/TCP headers.
msgbuf          struct      DNS message (query or response, maybe with broken
                            content) in wire format (as specified by RFC 1035),
                            possibly reassembled to any size 1 to 65535 bytes.