QueryBack1 - Query Reflection

QueryBack1 - Query Reflection

Instead of returning a DNS response, this module sends back the original query exactly as it was received.

This behavior is likely to result in unexpected errors, especially when targetting resolvers.

Category: Empty responses

Format

queryback1.yourdomain.com

This module has no parameters.

Examples

In this example, we see the effects of receiving a query instead of a response. The client (dig) struggles to interpret the response, which lacks any actual response data. We see two different warnings and no answer:

# dig queryback1.yourdomain.com @127.0.0.1

;; Warning: query response not set

; <<>> DiG 9.18.10-2-Debian <<>> queryback1.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48190
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 869618c70fe0979b (echoed)
;; QUESTION SECTION:
;queryback1.yourdomain.com.	IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 29 16:05:21 +04 2024
;; MSG SIZE  rcvd: 66

Download PCAP File


In TCP mode, the results are the same as in the previous example in UDP mode, leading to multiple warnings with no answer:

# dig queryback1.yourdomain.com @127.0.0.1 +tcp

;; Warning: query response not set

; <<>> DiG 9.18.10-2-Debian <<>> queryback1.yourdomain.com @127.0.0.1 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61158
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: b9eb7f1c05b1f8a5 (echoed)
;; QUESTION SECTION:
;queryback1.yourdomain.com.	IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Tue Oct 29 16:05:22 +04 2024
;; MSG SIZE  rcvd: 66

Download PCAP File


In this example, we also request to generate a new Transaction ID in the response (using the newid modifier). This could potentially cause further confusion for a resolver receiving such a response:

# dig queryback1.newid.yourdomain.com @127.0.0.1

;; Warning: ID mismatch: expected ID 22611, got 46426
;; Warning: query response not set
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 22611, got 13720
;; Warning: query response not set
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 22611, got 41617
;; Warning: query response not set
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.18.10-2-Debian <<>> queryback1.newid.yourdomain.com @127.0.0.1
;; global options: +cmd
;; no servers could be reached

Download PCAP File


From the same category


Go back to catalogue.