QueryBack2 - Query Reflection (Stripped)

QueryBack2 - Query Reflection (Stripped)

Instead of returning a DNS response, this module sends back the original query, stripped of any additional sections.

In essence, it reflects only the query (same question), without any additional sections (such as OPT / EDNS0).

This behavior is likely to result in unexpected errors, especially when targetting resolvers.

Category: Empty responses

Format

queryback2.yourdomain.com

This module has no parameters.

Examples

In this example, we see the effects of receiving a query instead of a response. The client (dig) struggles to interpret the response, which lacks any actual response data. We see two different warnings and no answer:

# dig queryback2.yourdomain.com @127.0.0.1

;; Warning: query response not set

; <<>> DiG 9.18.10-2-Debian <<>> queryback2.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58912
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;queryback2.yourdomain.com.	IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 29 23:50:25 +04 2024
;; MSG SIZE  rcvd: 43

Download PCAP File

The difference from the queryback1 variant is that, in this case, only the Transaction ID, the Flags field and the Question is reflected, and nothing else is included.


In TCP mode, the results are the same as in the previous example in UDP mode, leading to multiple warnings with no answer:

# dig queryback2.yourdomain.com @127.0.0.1 +tcp

;; Warning: query response not set

; <<>> DiG 9.18.10-2-Debian <<>> queryback2.yourdomain.com @127.0.0.1 +tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32527
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;queryback2.yourdomain.com.	IN	A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Tue Oct 29 23:50:26 +04 2024
;; MSG SIZE  rcvd: 43

Download PCAP File


In this example, we also request to generate a new Transaction ID in the response (using the newid modifier). This could potentially cause further confusion for a resolver receiving such a response:

# dig queryback2.newid.yourdomain.com @127.0.0.1

;; Warning: ID mismatch: expected ID 50443, got 2609
;; Warning: query response not set
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 50443, got 13209
;; Warning: query response not set
;; communications error to 127.0.0.1#53: timed out
;; Warning: ID mismatch: expected ID 50443, got 50453
;; Warning: query response not set
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.18.10-2-Debian <<>> queryback2.newid.yourdomain.com @127.0.0.1
;; global options: +cmd
;; no servers could be reached

Download PCAP File


From the same category


Go back to catalogue.