QueryBack2 - Query Reflection (Stripped)
Instead of returning a DNS response, this module sends back the original query, stripped of any additional sections.
In essence, it reflects only the query (same question), without any additional sections (such as OPT / EDNS0).
This behavior is likely to result in unexpected errors, especially when targetting resolvers.
Category: Empty responses
Format
queryback2.yourdomain.com
This module has no parameters.
Examples
In this example, we see the effects of receiving a query instead of a response. The client (dig) struggles to interpret the response, which lacks any actual response data. We see two different warnings and no answer:
# dig queryback2.yourdomain.com @127.0.0.1 ;; Warning: query response not set ; <<>> DiG 9.18.10-2-Debian <<>> queryback2.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58912 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;queryback2.yourdomain.com. IN A ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Tue Oct 29 23:50:25 +04 2024 ;; MSG SIZE rcvd: 43
The difference from the queryback1 variant is that, in this case, only the Transaction ID, the Flags field and the Question is reflected, and nothing else is included.
In TCP mode, the results are the same as in the previous example in UDP mode, leading to multiple warnings with no answer:
# dig queryback2.yourdomain.com @127.0.0.1 +tcp ;; Warning: query response not set ; <<>> DiG 9.18.10-2-Debian <<>> queryback2.yourdomain.com @127.0.0.1 +tcp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32527 ;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;queryback2.yourdomain.com. IN A ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP) ;; WHEN: Tue Oct 29 23:50:26 +04 2024 ;; MSG SIZE rcvd: 43
In this example, we also request to generate a new Transaction ID in the response (using the newid modifier). This could potentially cause further confusion for a resolver receiving such a response:
# dig queryback2.newid.yourdomain.com @127.0.0.1 ;; Warning: ID mismatch: expected ID 50443, got 2609 ;; Warning: query response not set ;; communications error to 127.0.0.1#53: timed out ;; Warning: ID mismatch: expected ID 50443, got 13209 ;; Warning: query response not set ;; communications error to 127.0.0.1#53: timed out ;; Warning: ID mismatch: expected ID 50443, got 50453 ;; Warning: query response not set ;; communications error to 127.0.0.1#53: timed out ; <<>> DiG 9.18.10-2-Debian <<>> queryback2.newid.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; no servers could be reached
From the same category
- Close - Close the Connection
- Empty1 - Empty Packet
- Empty2 - Only NULL Bytes
- Empty3 - Only NULL Bytes (Suitable for TCP)
- Empty4 - Only Transaction ID and NULL Bytes
- Empty5 - Only DNS Header and NULL Bytes
- Empty6 - ANSWER Section Missing
- Empty7 - ANSWER Section Is NULL Bytes
- QueryBack1 - Query Reflection
- QueryBack3 - Query Reflection (To Port 53)
- QueryBack4 - Query Reflection (Random, to Port 53)
- Timeout - Do Not Respond