NewId - Set Random Transaction ID

NewId - Set Random Transaction ID

This modifier generates a new Transaction ID (TXID) for the DNS response, causing a mismatch with the Transaction ID that was sent in the query.

The Transaction ID is a 2-byte field located at the beginning of the DNS packet. In standard DNS communication, the Transaction ID in the response must precisely match the Transaction ID in the query. If they do not match, it indicates that the response is unrelated to the original query.

This modifier is compatible with and can be combined with any other existing feature or modifier.

Category: Header manipulation

Format

*.newid.*

This module has no parameters.

Examples

In this example, we use the basic always feature which always resolves to an IP address. We request to generate a new Transaction ID for the DNS response. As a result, the client is unable to associate the response with the original query:

# dig always.newid.yourdomain.com @127.0.0.1

;; Warning: ID mismatch: expected ID 52149, got 37106
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 52149, got 20468
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 52149, got 51986
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.18.10-2-Debian <<>> always.newid.yourdomain.com @127.0.0.1
;; global options: +cmd
;; no servers could be reached

Download PCAP File


In this example, we use the size feature which returns multiple anwers at once. Once again we request to generate a new Transaction ID for the DNS response. As a result, the client is unable to associate the response with the original query:

# dig size.newid.yourdomain.com @127.0.0.1

;; Warning: ID mismatch: expected ID 19139, got 38099
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 19139, got 30848
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 19139, got 24385
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.18.10-2-Debian <<>> size.newid.yourdomain.com @127.0.0.1
;; global options: +cmd
;; no servers could be reached

Download PCAP File


From the same category

See also


Go back to catalogue.