Empty6 - ANSWER Section Missing

Empty6 - ANSWER Section Missing

This module is designed to respond with a standard-looking DNS response that, according to the DNS header, contains a single Answer. However, the actual Answer is intentionally ommited. The entire ANSWER section is removed from the body.

This is likely to result in unexpected errors.

Category: Empty responses

Format

empty6.yourdomain.com

This module has no parameters.

Examples

In this example, we can see that we receive a DNS response with the entire ANSWER section missing from the body. The parser cannot interpret this response properly and identifies it as malformed:

# dig empty6.yourdomain.com @127.0.0.1

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> empty6.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10659
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;empty6.yourdomain.com.		IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 29 01:15:09 +04 2024
;; MSG SIZE  rcvd: 39

Download PCAP File


In TCP mode, the results are the same as in the previous example in UDP mode. The entire ANSWER section is missing from the body and we see a warning about malformed packet:

# dig empty6.yourdomain.com @127.0.0.1 +tcp

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> empty6.yourdomain.com @127.0.0.1 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22731
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;empty6.yourdomain.com.		IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Tue Oct 29 11:29:13 +04 2024
;; MSG SIZE  rcvd: 39

Download PCAP File


Like other features, we can append anything to the feature name to avoid receiving cached responses from the target DNS resolver. This forces the target resolver to actively communicate with our PolarDNS server instead of responding with cached answers. Using a random number is the most effective strategy:

# dig empty6${RANDOM}.yourdomain.com @10.211.55.2

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.18.10-2-Debian <<>> empty624929.yourdomain.com @10.211.55.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2777
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;empty624929.yourdomain.com.	IN	A

;; Query time: 0 msec
;; SERVER: 10.211.55.2#53(10.211.55.2) (UDP)
;; WHEN: Fri Nov 01 11:20:45 +04 2024
;; MSG SIZE  rcvd: 44

Download PCAP File


From the same category


Go back to catalogue.