Aurr - Set Authority RRs in the Header

Aurr - Set Authority RRs in the Header

This modifier allows to modify the number of Authority records (RRs) in the DNS response header.

It's important to note that this does not change the actual Authority section in the DNS response body in any way.

This modifier is compatible with and can be combined with any other existing feature or modifier.

Category: Header manipulation

Format

*.aurr<NUMBER>.*

Where:

  • The <NUMBER> parameter specifies the number of Authority records in the DNS response header. Note that the maximum number of Authority records that can be set is 65535, as it is a 2-byte field.

Examples

In this example, we use the basic always feature which always resolves to an IP address. Additionally, we set the number of Authority records (RRs) in the DNS header to 0. This arrangement actually accurately reflects the actual content of the DNS response body since there are no authority records:

# dig always.aurr0.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> always.aurr0.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34679
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;always.aurr0.yourdomain.com.	IN	A

;; ANSWER SECTION:
always.aurr0.yourdomain.com. 60	IN	A	2.3.4.5

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 14:05:39 +04 2024
;; MSG SIZE  rcvd: 61

Download PCAP File


Similar to the previous example, but in this case, we set the number of Authority records (RRs) in the DNS header to 1. This arrangement leads to a warning about malformed packet because there is no authority record present in the body, while the parser is expecting one authority record (AUTHORITY: 1):

# dig always.aurr1.yourdomain.com @127.0.0.1

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> always.aurr1.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46262
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;always.aurr1.yourdomain.com.	IN	A

;; ANSWER SECTION:
always.aurr1.yourdomain.com. 60	IN	A	2.3.4.5

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 14:05:40 +04 2024
;; MSG SIZE  rcvd: 61

Download PCAP File


Similar to the previous examples, but in this case, we set the number of Authority records (RRs) in the DNS header to 100. This arrangement also leads to a warning about malformed packet because there are no authority records in the body, while the parser is expecting a hundred authority records (AUTHORITY: 100):

# dig always.aurr100.yourdomain.com @127.0.0.1

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> always.aurr100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20492
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 100, ADDITIONAL: 0

;; QUESTION SECTION:
;always.aurr100.yourdomain.com.	IN	A

;; ANSWER SECTION:
always.aurr100.yourdomain.com. 60 IN	A	2.3.4.5

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 22 14:05:42 +04 2024
;; MSG SIZE  rcvd: 63

Download PCAP File


From the same category

See also


Go back to catalogue.