SpfAlias1 - Random SPF (TXT) Aliases (Variant 1)
This module is designed to generate DNS responses with SPF (Sender Policy Framework) records that contain random aliases. The SPF protocol is used for authorizing domains during email communication.
This variant can produce multiple SPF entries, each contained within a single TXT record. In this case, each SPF entry contains a single include:
parameter with a randomly generated domain name (alias). This alias is in the format spfalias1#####.yourdomain.com
where #####
represents a random number.
The idea is that if the client/resolver decides to resolve this further, it will result in the generation of yet another alias, theoretically leading to a resolution of infinite chain of random aliases. In practice, however, most modern resolvers will terminate the resolution after encountering several consecutive alias records.
Note that this feature provides the same functionality as requesting the TXT record for the generic alias feature. Responding with multiple records (aliases) in a single response is also supported.
Category: Aliases
Tags: Amplification, Domain Lock-Up, Denial of Service
Format
spfalias1.<NUMBER>.yourdomain.com
Where:
- The
<NUMBER>
parameter defines how many aliases should be generated in the response.
Examples
By default, the module returns a single SPF (TXT) alias:
# dig spfalias1.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias1.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46732 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias1.yourdomain.com. IN A ;; ANSWER SECTION: spfalias1.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias16089.yourdomain.com ~all" ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:04:15 +04 2024 ;; MSG SIZE rcvd: 103
Same example as above, but this time we explicitly specify that we want to receive a single SPF (TXT) record:
# dig spfalias1.1.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias1.1.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18172 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias1.1.yourdomain.com. IN A ;; ANSWER SECTION: spfalias1.1.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias14333.1.yourdomain.com ~all" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:04:16 +04 2024 ;; MSG SIZE rcvd: 107
In this case, we specify that we want to receive five SPF (TXT) aliases:
# dig spfalias1.5.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias1.5.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11456 ;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias1.5.yourdomain.com. IN A ;; ANSWER SECTION: spfalias1.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias150609.5.yourdomain.com ~all" spfalias1.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias112276.5.yourdomain.com ~all" spfalias1.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias195314.5.yourdomain.com ~all" spfalias1.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias18721.5.yourdomain.com ~all" spfalias1.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias135910.5.yourdomain.com ~all" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:04:17 +04 2024 ;; MSG SIZE rcvd: 363
Here we can see that resolving any of the generated aliases leads to more aliases, potentially causing an infinite recursion:
# dig spfalias12345.5.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> spfalias12345.5.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2817 ;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spfalias12345.5.yourdomain.com. IN A ;; ANSWER SECTION: spfalias12345.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias129776.5.yourdomain.com ~all" spfalias12345.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias164194.5.yourdomain.com ~all" spfalias12345.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias167509.5.yourdomain.com ~all" spfalias12345.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias140009.5.yourdomain.com ~all" spfalias12345.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias137564.5.yourdomain.com ~all" ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Oct 16 15:17:58 +04 2024 ;; MSG SIZE rcvd: 368
From the same category
- Alias - Random Aliases
- CnAlias - Random CNAME Aliases
- DnAlias - Random DNAME Aliases
- HtAlias - Random HTTPS Aliases
- MxAlias - Random MX Aliases
- NptEnumAlias - Random NAPTR ENUM Aliases
- NsAlias - Random NS Aliases
- PtrAlias - Random PTR Aliases
- SpfAlias2 - Random SPF (TXT) Aliases (Variant 2)
- SrAlias - Random SRV Aliases
- SvAlias - Random SVCB Aliases