Thanks for taking a stab at a vague question.

You did not define "does not work"

It does not return any RR's or the Question. It parses the UDP header. I have that with NetPacket::UDP.

I've got a more specific question that will probably get me started in the right direction. The transaction ID is the first two bytes in the payload. The following code should return the transaction ID, but I'm not doing it right

my $udp_packet = NetPacket::UDP->decode($A_raw_IP_Packet);
my $payload = $udp_obj->{data};
#unpack "v" might return the two-bytes as an integer?
my $transID = unpack(v, substr($payload,0,2);
print "there's a transID of $transID \n";
[download]

Running my script, I get

Theres a transid 14964. In a separate terminal, dig returns an ID 7751