I'm not sure if it the same situation, but is not a usage of 'strace' easier?
You can see syscalls and you can search for sendmsg and recvmsg to see what data are sent through socket.
strace -e trace=sendmsg,recvmsg -f -s 1024 dig +short www.google.com
This will show you a full DNS request and answer. Reverse engineering was never easy before :)