Cnk - Send Response in Chunks (TCP only)
This modifier allows dividing the DNS response packet into multiple chunks of a specified size, which are then sent sequentially, one after another.
It is recommended to use this in combination with the slp modifier to introduce a delay between sending each chunk.
Such approach can delay the complete reception of the response and occupy a resolution worker/thread on the target DNS resolver for a prolonged period of time. Sending numerous such requests simultaneously can potentially lead to a Denial of Service (DoS) situation on the resolver.
This modifier is compatible with and can be combined with any other existing feature or modifier.
Category: Packet manipulation
Format
*.cnk<BYTES>.*
Where:
- The
<BYTES>
parameter specifies the size of each chunk for dividing the DNS response packet. If the specified size exceeds the total packet size, the entire packet will be sent as a single chunk.
Examples
In this example, we use the basic always feature to request 10 A records in TCP mode. Additionally, we request the response to be divided into 20-byte chunks with a 150-millisecond delay between sending each chunk:
# dig always.10.cnk20.slp150.yourdomain.com @127.0.0.1 +tcp
; <<>> DiG 9.18.10-2-Debian <<>> always.10.cnk20.slp150.yourdomain.com @127.0.0.1 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45549
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;always.10.cnk20.slp150.yourdomain.com. IN A
;; ANSWER SECTION:
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A 2.3.4.5
;; Query time: 1848 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Wed Dec 11 15:51:56 +04 2024
;; MSG SIZE rcvd: 215
We can see that this setup effectively extended the time required to receive the full response to approximately 1.85 seconds.
Similar to the previous example, but in this case, we request the response to be divided into 10-byte chunks. This configuration effectively doubles the time required to receive the full response. Additionally, we use the tc modifier to force the resolver to communicate with the PolarDNS server in TCP mode:
# dig always.10.cnk10.slp150.tc.yourdomain.com @127.0.0.1
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.18.10-2-Debian <<>> always.10.cnk10.slp150.tc.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28346
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;always.10.cnk10.slp150.tc.yourdomain.com. IN A
;; ANSWER SECTION:
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN A 2.3.4.5
;; Query time: 3512 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Wed Dec 11 15:52:01 +04 2024
;; MSG SIZE rcvd: 218
In this example, we use the spfalias1 feature to request 10 SPF (TXT) records and forcing TCP mode by using the tc modifier. Additionally, we request the response to be divided into 10-byte chunks with a 100-millisecond delay between sending each chunk:
# dig spfalias1.10.tc.cnk10.slp100.yourdomain.com @127.0.0.1
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.18.10-2-Debian <<>> spfalias1.10.tc.cnk10.slp100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34484
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;spfalias1.10.tc.cnk10.slp100.yourdomain.com. IN A
;; ANSWER SECTION:
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias12580.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias154391.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias123335.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias138454.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias132776.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias15822.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias194079.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias114179.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias1308.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias196642.10.tc.cnk10.slp100.yourdomain.com ~all"
;; Query time: 9072 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Thu Dec 12 10:13:40 +04 2024
;; MSG SIZE rcvd: 867
Given the resulting packet size of 867 bytes, this setup effectively extended the time required to receive the full response to slightly over 9 seconds.
From the same category
- Add - Add N Bytes to the End of the Packet
- Cut - Cut N Bytes from the End of the Packet
- Fc - Force Compression
- Len - Set Custom Length in TCP
- Nc - No Compression
- Noq - Remove the Query Section
- Rl - Recalculate Length in TCP
- Slp - Add a Delay (Latency)
- Tc - Set Truncated Flag (Force TCP Mode)
- Ttl - Set Custom TTL Value
See also
- NewId - Set Random Transaction ID
- Flgs - Set Custom Flags in the Header
- Qurr - Set Question RRs in the Header
- Anrr - Set Answer RRs in the Header
- Aurr - Set Authority RRs in the Header
- Adrr - Set Additional RRs in the Header