Alias - Random Aliases

Alias - Random Aliases

This module implements random aliases in DNS using variety of different record (resource) types. It supports the following record types:

  • CNAME (Canonical Name)
  • DNAME (Delegation Name)
  • HTTPS (HyperText Transfer Protocol Secure)
  • SVCB (Service Binding)
  • SPF (Sender Policy Framework)
  • SRV (Service Locator)
  • MX (Mail Exchange)
  • NS (Name Server)

The module generates a random alias record in the format alias######.yourdomain.com, where ###### represents a random number.

The idea is that if the client/resolver decides to resolve this further, it will result in the generation of yet another alias, theoretically leading to a resolution of infinite chain of random aliases. In practice, however, most modern resolvers will terminate the resolution after encountering several consecutive alias records.

Additionally, the module can respond with multiple alias records. The specific number of records created is based on the numerical value added to the domain name.

BEWAREThis can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

Category: Aliases

Tags: Amplification, Domain Lock-Up, Denial of Service

RFCs: RFC1034, RFC1035, RFC2672, RFC2782, RFC2915, RFC3761, RFC4408, RFC6672, RFC7208, RFC9460

Format

alias.<NUMBER>.yourdomain.com

Where:

  • The <NUMBER> parameter defines how many aliases should be generated in the response.

Examples

By default, the module generates a single CNAME alias:

# dig alias.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> alias.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37338
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.yourdomain.com.		IN	A

;; ANSWER SECTION:
alias.yourdomain.com.	60	IN	CNAME	alias54752.yourdomain.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:31 +04 2024
;; MSG SIZE  rcvd: 77

Download PCAP File


Like other features, you can append anything to the feature name to avoid receiving cached responses from the target DNS resolver. This forces the target resolver to actively communicate with our PolarDNS server instead of responding with cached answers. Using a random number is the most effective strategy:

# dig alias${RANDOM}.yourdomain.com @10.211.55.2

; <<>> DiG 9.18.10-2-Debian <<>> alias1467.yourdomain.com @10.211.55.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27306
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias1467.yourdomain.com.	IN	A

;; ANSWER SECTION:
alias1467.yourdomain.com. 60	IN	CNAME	alias304698.yourdomain.com.

;; Query time: 4 msec
;; SERVER: 10.211.55.2#53(10.211.55.2) (UDP)
;; WHEN: Fri Nov 01 11:20:39 +04 2024
;; MSG SIZE  rcvd: 82

Download PCAP File


In this example, we explicitly request five CNAME alias records:

# dig CNAME alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> CNAME alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49874
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	CNAME

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	CNAME	alias272095.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias450748.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias968735.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias509.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias705353.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:35 +04 2024
;; MSG SIZE  rcvd: 247

Download PCAP File


In this example, we request five DNAME alias records:

# dig DNAME alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> DNAME alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57507
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	DNAME

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	DNAME	alias6171.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	DNAME	alias332639.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	DNAME	alias826490.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	DNAME	alias794293.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	DNAME	alias924157.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:37 +04 2024
;; MSG SIZE  rcvd: 248

Download PCAP File


In this example, we request five HTTPS alias records. Note that HTTPS records include SvcPriority field which is set to 0 for every record:

# dig HTTPS alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> HTTPS alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47393
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	HTTPS

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	HTTPS	0 alias732626.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	HTTPS	0 alias55279.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	HTTPS	0 alias64468.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	HTTPS	0 alias107380.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	HTTPS	0 alias48323.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:38 +04 2024
;; MSG SIZE  rcvd: 257

Download PCAP File


In this example, we request five SVCB alias records. Note that SVCB records include SvcPriority field which is set to 0 for every record:

# dig SVCB alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> SVCB alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13676
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	SVCB

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	SVCB	0 alias249629.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SVCB	0 alias935916.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SVCB	0 alias45911.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SVCB	0 alias439073.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SVCB	0 alias936.5.yourdomain.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:39 +04 2024
;; MSG SIZE  rcvd: 256

Download PCAP File


In this example, we request five SRV alias records. Note that SRV records include fields for Priority, Weight, and Port number. In this module, both the Priority and Weight are set to 0, while the Port number is randomly assigned for each record:

# dig SRV alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> SRV alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61727
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	SRV

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	SRV	0 0 31514 alias192640.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SRV	0 0 5419 alias26044.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SRV	0 0 24657 alias650070.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SRV	0 0 53105 alias385473.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	SRV	0 0 14553 alias921545.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:40 +04 2024
;; MSG SIZE  rcvd: 279

Download PCAP File


In this example, we request five SPF alias records. Note that each SPF record is contained within a single TXT record in this case:

# dig TXT alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> TXT alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50138
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	TXT

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	TXT	"v=spf1 include:alias96317.5.yourdomain.com ~all"
alias.5.yourdomain.com.	60	IN	TXT	"v=spf1 include:alias845874.5.yourdomain.com ~all"
alias.5.yourdomain.com.	60	IN	TXT	"v=spf1 include:alias912078.5.yourdomain.com ~all"
alias.5.yourdomain.com.	60	IN	TXT	"v=spf1 include:alias771043.5.yourdomain.com ~all"
alias.5.yourdomain.com.	60	IN	TXT	"v=spf1 include:alias161094.5.yourdomain.com ~all"

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:42 +04 2024
;; MSG SIZE  rcvd: 344

Download PCAP File

There is also a designated spfalias2 module which can fit multiple SPF aliases within a single TXT record.


In this example, we request five MX alias records. Note that MX records include Preference field which is set to 0 for every record:

# dig MX alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> MX alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4834
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	MX

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	MX	0 alias497465.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	MX	0 alias734659.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	MX	0 alias722603.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	MX	0 alias328306.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	MX	0 alias28466.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:43 +04 2024
;; MSG SIZE  rcvd: 259

Download PCAP File


In this example, we request five NS alias records:

# dig NS alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> NS alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59022
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	NS

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	NS	alias262604.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	NS	alias703293.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	NS	alias579565.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	NS	alias99588.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	NS	alias205106.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Oct 18 11:39:44 +04 2024
;; MSG SIZE  rcvd: 249

Download PCAP File


From the same category

See also


Go back to catalogue.