Anrr - Set Answer RRs in the Header
This modifier allows to modify the number of Answers (RRs) in the DNS response header.
It's important to note that this does not change the actual Answer section in the DNS response body in any way.
This modifier is compatible with and can be combined with any other existing feature or modifier.
Category: Header manipulation
Format
*.anrr<NUMBER>.*
Where:
- The
<NUMBER>
parameter specifies the number of Answers in the DNS response header. Note that the maximum number of Answers that can be set is 65535, as it is a 2-byte field.
Examples
In this example, we use the basic always feature which always resolves to an IP address. Additionally, we set the number of answer RRs in the DNS header to 0. This arrangement leads to a warning message about 16 extra bytes at the end because the parser is not expecting any answer in the body since the DNS header indicates there are no answers (ANSWER: 0
):
# dig always.anrr0.yourdomain.com @127.0.0.1
; <<>> DiG 9.18.10-2-Debian <<>> always.anrr0.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4357
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Message has 16 extra bytes at end
;; QUESTION SECTION:
;always.anrr0.yourdomain.com. IN A
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 13:19:27 +04 2024
;; MSG SIZE rcvd: 61
Similar to the previous example, but in this case, we set the number of Answer RRs in the DNS header to 1. This adjustment actually accurately reflects the actual content of the DNS response body, resulting in a completely valid and correct answer:
# dig always.anrr1.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> always.anrr1.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60294 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;always.anrr1.yourdomain.com. IN A ;; ANSWER SECTION: always.anrr1.yourdomain.com. 60 IN A 2.3.4.5 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Tue Oct 22 13:19:28 +04 2024 ;; MSG SIZE rcvd: 61
Similar to the previous examples, but in this case, we set the number of Answer RRs in the DNS header to 2. This arrangement leads to a warning message about malformed packet because there is only one answer in the body while the parser is expecting two answers (ANSWER: 2
):
# dig always.anrr2.yourdomain.com @127.0.0.1
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.18.10-2-Debian <<>> always.anrr2.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63569
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;always.anrr2.yourdomain.com. IN A
;; ANSWER SECTION:
always.anrr2.yourdomain.com. 60 IN A 2.3.4.5
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 13:19:29 +04 2024
;; MSG SIZE rcvd: 61
Similar to the previous example, but in this case, we set the number of Answer RRs in the DNS header to 100. This arrangement leads to a warning message about malformed packet again because there is only one answer in the body while the parser is expecting a hundred answers (ANSWER: 100
):
# dig always.anrr100.yourdomain.com @127.0.0.1
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.18.10-2-Debian <<>> always.anrr100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39457
;; flags: qr aa; QUERY: 1, ANSWER: 100, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;always.anrr100.yourdomain.com. IN A
;; ANSWER SECTION:
always.anrr100.yourdomain.com. 60 IN A 2.3.4.5
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 13:19:30 +04 2024
;; MSG SIZE rcvd: 63
From the same category
- Adrr - Set Additional RRs in the Header
- Aurr - Set Authority RRs in the Header
- Flgs - Set Custom Flags in the Header
- NewId - Set Random Transaction ID
- Qurr - Set Question RRs in the Header
See also
- Tc - Set Truncated Flag (Force TCP Mode)
- Noq - Remove the Query Section
- Slp - Add a Delay (Latency)
- Ttl - Set Custom TTL Value
- Len - Set Custom Length in TCP
- Cnk - Send Response in Chunks (TCP only)
- Cut - Cut N Bytes from the End of the Packet
- Add - Add N Bytes to the End of the Packet
- Rl - Recalculate Length in TCP
- Fc - Force Compression
- Nc - No Compression