Adrr - Set Additional RRs in the Header

Adrr - Set Additional RRs in the Header

This modifier allows to modify the number of Additional records (RRs) in the DNS response header.

It's important to note that this does not change the actual Additional section in the DNS response body in any way.

This modifier is compatible with and can be combined with any other existing feature or modifier.

Category: Header manipulation

Format

*.adrr<NUMBER>.*

Where:

  • The <NUMBER> parameter specifies the number of Additional records in the DNS response header. Note that the maximum number of Additional records that can be set is 65535, as it is a 2-byte field.

Examples

In this example, we use the basic always feature which always resolves to an IP address. Additionally, we set the number of Additional records (RRs) in the DNS header to 0. This arrangement actually accurately reflects the actual content of the DNS response body since there are no additional records:

# dig always.adrr0.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> always.adrr0.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1010
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;always.adrr0.yourdomain.com.	IN	A

;; ANSWER SECTION:
always.adrr0.yourdomain.com. 60	IN	A	2.3.4.5

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 13:47:25 +04 2024
;; MSG SIZE  rcvd: 61

Download PCAP File


Similar to the previous example, but in this case, we set the number of Additional records (RRs) in the DNS header to 1. This arrangement leads to a malformed message packet warning because there is no additional record present in the body, while the parser is expecting one additional record (ADDITIONAL: 1):

# dig always.adrr1.yourdomain.com @127.0.0.1

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> always.adrr1.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7237
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;always.adrr1.yourdomain.com.	IN	A

;; ANSWER SECTION:
always.adrr1.yourdomain.com. 60	IN	A	2.3.4.5

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 13:47:26 +04 2024
;; MSG SIZE  rcvd: 61

Download PCAP File


Similar to the previous examples, but in this case, we set the number of Additional records (RRs) in the DNS header to 100. This arrangement also leads to a malformed message packet warning because there are no additional records in the body, while the parser is expecting a hundred additional records (ADDITIONAL: 100):

# dig always.adrr100.yourdomain.com @127.0.0.1

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> always.adrr100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41506
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 100

;; QUESTION SECTION:
;always.adrr100.yourdomain.com.	IN	A

;; ANSWER SECTION:
always.adrr100.yourdomain.com. 60 IN	A	2.3.4.5

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 13:47:28 +04 2024
;; MSG SIZE  rcvd: 63

Download PCAP File


From the same category

See also


Go back to catalogue.