Chain - Alias Chains
This module implements incremental alias chains using variety of different record (resource) types. It supports the following record types:
- CNAME (Canonical Name)
- DNAME (Delegation Name)
- HTTPS (HyperText Transfer Protocol Secure)
- SVCB (Service Binding)
- SPF (Sender Policy Framework)
- SRV (Service Locator)
- MX (Mail Exchange)
- NS (Name Server)
The module returns an alias record with an incremented domain name index, forming a chain that continues to increment indefinitely.
Specifically, this module generates an alias record in the format chain###.yourdomain.com
, where ###
represents the incremented index.
The concept is that if the client/resolver attempts to resolve this alias further, it will generate yet another incremented alias, causing the process to continue indefinitely and potentially keeping the resolver occupied.
However, in practice, most modern resolvers detect such chains and terminate the resolution after encountering a certain number of consecutive aliases (e.g., 20 aliases) or upon reaching a specified time limit for the resolution (e.g., 30 seconds).
Category: Alias chains
Tags: Domain Lock-Up, Denial of Service
RFCs: RFC1034, RFC1035, RFC2672, RFC2782, RFC2915, RFC3761, RFC4408, RFC6672, RFC7208, RFC9460
Format
chain<NUMBER>.yourdomain.com
Where:
- The
<NUMBER>
parameter specifies an arbitrary number that will be incremented in the response.
Examples
By default, the module generates a CNAME alias with the index of 1:
# dig chain.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> chain.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64247 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain.yourdomain.com. IN A ;; ANSWER SECTION: chain.yourdomain.com. 60 IN CNAME chain1.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:31 +04 2024 ;; MSG SIZE rcvd: 73
If we attempt to resolve the resulting domain name (chain1.yourdomain.com
), we receive an incremented alias record:
# dig chain1.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> chain1.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56389 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain1.yourdomain.com. IN A ;; ANSWER SECTION: chain1.yourdomain.com. 60 IN CNAME chain2.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:32 +04 2024 ;; MSG SIZE rcvd: 74
If we continue to resolve the next domain name (chain2.yourdomain.com
), we again receive an incremented alias record:
# dig chain2.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> chain2.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21790 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain2.yourdomain.com. IN A ;; ANSWER SECTION: chain2.yourdomain.com. 60 IN CNAME chain3.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:33 +04 2024 ;; MSG SIZE rcvd: 74
This resolution process can continue indefinitely, as there are no limits on the size of the index number. Each resolution yields another incremented alias record:
# dig chain9999999999999999999999999.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> chain9999999999999999999999999.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36288 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain9999999999999999999999999.yourdomain.com. IN A ;; ANSWER SECTION: chain9999999999999999999999999.yourdomain.com. 60 IN CNAME chain10000000000000000000000000.yourdomain.com. ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:34 +04 2024 ;; MSG SIZE rcvd: 123
The domain name will never be fully resolved as the incremental process continues indefinitely.
As mentioned in the description, this module supports multiple different record types. In this example, we ask for a DNAME record type. Specifically, we request a DNAME alias record with an index of 100:
# dig DNAME chain100.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> DNAME chain100.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56380 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain100.yourdomain.com. IN DNAME ;; ANSWER SECTION: chain100.yourdomain.com. 60 IN DNAME chain101.yourdomain.com. ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:36 +04 2024 ;; MSG SIZE rcvd: 78
We can see that we received an incremented DNAME alias record.
In this example, we request an MX record with an index of 1,000:
# dig MX chain1000.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> MX chain1000.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61690 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain1000.yourdomain.com. IN MX ;; ANSWER SECTION: chain1000.yourdomain.com. 60 IN MX 0 chain1001.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:37 +04 2024 ;; MSG SIZE rcvd: 82
We can see that we received an incremented MX alias record.
In this example, we request an SPF record with an index of 10,000. Since SPF records are published within TXT records, we request a TXT record in this case:
# dig TXT chain10000.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> TXT chain10000.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63066 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;chain10000.yourdomain.com. IN TXT ;; ANSWER SECTION: chain10000.yourdomain.com. 60 IN TXT "v=spf1 include:chain10001.yourdomain.com ~all" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Nov 08 23:23:38 +04 2024 ;; MSG SIZE rcvd: 101
Again, we received an incremented SPF alias record as the answer. The domain name will never be fully resolved as the incremental process continues indefinitely.
From the same category
- CnChain - CNAME Alias Chains
- DnChain - DNAME Alias Chains
- HtChain - HTTPS Alias Chains
- MxChain - MX Alias Chains
- NsChain - NS Alias Chains
- SpfChain - SPF (TXT) Alias Chains
- SrChain - SRV Alias Chains
- SvChain - SVCB Alias Chains