Empty3 - Only NULL Bytes (Suitable for TCP)
This module is designed to respond with an empty answer consisting solely of an arbitrary number of NULL bytes (\000
).
Note that DNS packets in TCP mode include a length field at the beginning.
This module correctly provides the length information at the beginning of the packet in TCP mode. For a variant that does not provide the length information in TCP mode, refer to the empty2 module.
Category: Empty responses
Format
empty3.<NUMBER>.yourdomain.com
Where:
- The
<NUMBER>
parameter defines how many NULL bytes should be generated in the response. By default, a single NULL byte is generated.
Examples
By default, the module generates a single NULL byte as the response. This is insufficient for a valid DNS response, causing the client to make three attempts to resolve the error:
# dig empty3.yourdomain.com @127.0.0.1 ;; Warning: short (< header size) message received ;; communications error to 127.0.0.1#53: timed out ;; Warning: short (< header size) message received ;; communications error to 127.0.0.1#53: timed out ;; Warning: short (< header size) message received ;; communications error to 127.0.0.1#53: timed out ; <<>> DiG 9.18.10-2-Debian <<>> empty3.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; no servers could be reached
In this example, we request 100 NULL bytes as the response. In this case, the parser interprets the Transaction ID in the response as 0 (\000\000
) which does not match the Transaction ID from the original query. As a result, the client again makes three attempts to resolve the error:
# dig empty3.100.yourdomain.com @127.0.0.1 ;; Warning: ID mismatch: expected ID 5404, got 0 ;; Warning: query response not set ;; communications error to 127.0.0.1#53: timed out ;; Warning: ID mismatch: expected ID 5404, got 0 ;; Warning: query response not set ;; communications error to 127.0.0.1#53: timed out ;; Warning: ID mismatch: expected ID 5404, got 0 ;; Warning: query response not set ;; communications error to 127.0.0.1#53: timed out ; <<>> DiG 9.18.10-2-Debian <<>> empty3.100.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; no servers could be reached
In this example, we switch to TCP mode and request 100 NULL bytes as the response. In this module, the length is correctly provided at the beginning of the packet, allowing the parser to proceeds with parsing the Transaction ID. It interprets the Transaction ID in the response as 0 (\000\000
) which does not match the Transaction ID from the original query. In TCP mode, the client does not make any further attempts to resolve the error:
# dig empty3.100.yourdomain.com @127.0.0.1 +tcp
;; ERROR: ID mismatch: expected ID 64330, got 0
Like other features, you can append anything to the feature name to avoid receiving cached responses from the target DNS resolver. This forces the target resolver to actively communicate with our PolarDNS server instead of responding with cached answers. Using a random number is the most effective strategy:
# dig empty3${RANDOM}.100.yourdomain.com @10.211.55.2 ;; Warning: ID mismatch: expected ID 33773, got 0 ;; Warning: query response not set ;; communications error to 10.211.55.2#53: timed out ;; Warning: ID mismatch: expected ID 33773, got 0 ;; Warning: query response not set ;; communications error to 10.211.55.2#53: timed out ;; Warning: ID mismatch: expected ID 33773, got 0 ;; Warning: query response not set ;; communications error to 10.211.55.2#53: timed out ; <<>> DiG 9.18.10-2-Debian <<>> empty332312.100.yourdomain.com @10.211.55.2 ;; global options: +cmd ;; no servers could be reached
From the same category
- Close - Close the Connection
- Empty1 - Empty Packet
- Empty2 - Only NULL Bytes
- Empty4 - Only Transaction ID and NULL Bytes
- Empty5 - Only DNS Header and NULL Bytes
- Empty6 - ANSWER Section Missing
- Empty7 - ANSWER Section Is NULL Bytes
- QueryBack1 - Query Reflection
- QueryBack2 - Query Reflection (Stripped)
- QueryBack3 - Query Reflection (To Port 53)
- QueryBack4 - Query Reflection (Random, to Port 53)
- Timeout - Do Not Respond