Cnk - Send Response in Chunks (TCP only)

Cnk - Send Response in Chunks (TCP only)

This modifier allows dividing the DNS response packet into multiple chunks of a specified size, which are then sent sequentially, one after another.

It is recommended to use this in combination with the slp modifier to introduce a delay between sending each chunk.

Such approach can delay the complete reception of the response and occupy a resolution worker/thread on the target DNS resolver for a prolonged period of time. Sending numerous such requests simultaneously can potentially lead to a Denial of Service (DoS) situation on the resolver.

This modifier is compatible with and can be combined with any other existing feature or modifier.

BEWAREThis can potentially lead to domain lock-up (DoS).

Category: Packet manipulation

Format

*.cnk<BYTES>.*

Where:

  • The <BYTES> parameter specifies the size of each chunk for dividing the DNS response packet. If the specified size exceeds the total packet size, the entire packet will be sent as a single chunk.

Examples

In this example, we use the basic always feature to request 10 A records in TCP mode. Additionally, we request the response to be divided into 20-byte chunks with a 150-millisecond delay between sending each chunk:

# dig always.10.cnk20.slp150.yourdomain.com @127.0.0.1 +tcp

; <<>> DiG 9.18.10-2-Debian <<>> always.10.cnk20.slp150.yourdomain.com @127.0.0.1 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45549
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;always.10.cnk20.slp150.yourdomain.com. IN A

;; ANSWER SECTION:
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5
always.10.cnk20.slp150.yourdomain.com. 60 IN A	2.3.4.5

;; Query time: 1848 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Wed Dec 11 15:51:56 +04 2024
;; MSG SIZE  rcvd: 215

Download PCAP File

We can see that this setup effectively extended the time required to receive the full response to approximately 1.85 seconds.


Similar to the previous example, but in this case, we request the response to be divided into 10-byte chunks. This configuration effectively doubles the time required to receive the full response. Additionally, we use the tc modifier to force the resolver to communicate with the PolarDNS server in TCP mode:

# dig always.10.cnk10.slp150.tc.yourdomain.com @127.0.0.1

;; Truncated, retrying in TCP mode.

; <<>> DiG 9.18.10-2-Debian <<>> always.10.cnk10.slp150.tc.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28346
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;always.10.cnk10.slp150.tc.yourdomain.com. IN A

;; ANSWER SECTION:
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5
always.10.cnk10.slp150.tc.yourdomain.com. 60 IN	A 2.3.4.5

;; Query time: 3512 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Wed Dec 11 15:52:01 +04 2024
;; MSG SIZE  rcvd: 218

Download PCAP File


In this example, we use the spfalias1 feature to request 10 SPF (TXT) records and forcing TCP mode by using the tc modifier. Additionally, we request the response to be divided into 10-byte chunks with a 100-millisecond delay between sending each chunk:

# dig spfalias1.10.tc.cnk10.slp100.yourdomain.com @127.0.0.1

;; Truncated, retrying in TCP mode.

; <<>> DiG 9.18.10-2-Debian <<>> spfalias1.10.tc.cnk10.slp100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34484
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;spfalias1.10.tc.cnk10.slp100.yourdomain.com. IN	A

;; ANSWER SECTION:
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias12580.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias154391.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias123335.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias138454.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias132776.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias15822.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias194079.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias114179.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias1308.10.tc.cnk10.slp100.yourdomain.com ~all"
spfalias1.10.tc.cnk10.slp100.yourdomain.com. 60	IN TXT "v=spf1 include:spfalias196642.10.tc.cnk10.slp100.yourdomain.com ~all"

;; Query time: 9072 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Thu Dec 12 10:13:40 +04 2024
;; MSG SIZE  rcvd: 867

Download PCAP File

Given the resulting packet size of 867 bytes, this setup effectively extended the time required to receive the full response to slightly over 9 seconds.


From the same category

See also


Go back to catalogue.