SvAlias - Random SVCB Aliases

SvAlias - Random SVCB Aliases

This module is designed to return one or more random aliases using SVCB (Service Binding) records.

It specifically generates a random SVCB alias record in the format svalias######.yourdomain.com, where ###### represents a random number.

The idea is that if the client/resolver decides to resolve this further, it will result in the generation of yet another alias, theoretically leading to a resolution of infinite chain of random aliases. In practice, however, most modern resolvers will terminate the resolution after encountering several consecutive alias records.

Additionally, the module supports DNS queries for locating different services using the underscore (_) prefix notation, also known as Attrleaf naming pattern, service labels, or underscore labels (RFC8552, RFC8553).

Note that this module provides the same functionality as requesting the SVCB record for the generic alias module.

BEWAREThis can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

Category: Aliases

Tags: Amplification, Domain Lock-Up, Denial of Service

RFCs: RFC9460, RFC8552, RFC8553

Format

svalias.<NUMBER>.yourdomain.com

Where:

  • The <NUMBER> parameter defines how many aliases should be generated in the response.

Examples

By default, the module returns a single SVCB alias record (with SvcPriority set to 0):

# dig svalias.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> svalias.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36109
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;svalias.yourdomain.com.		IN	A

;; ANSWER SECTION:
svalias.yourdomain.com.	60	IN	SVCB	0 svalias245011.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:33:59 +04 2024
;; MSG SIZE  rcvd: 84

Download PCAP File


Same example as above, but this time we explicitly specify that we want to receive a single SVCB record:

# dig svalias.1.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> svalias.1.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35041
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;svalias.1.yourdomain.com.	IN	A

;; ANSWER SECTION:
svalias.1.yourdomain.com. 60	IN	SVCB	0 svalias689763.1.yourdomain.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:34:00 +04 2024
;; MSG SIZE  rcvd: 88

Download PCAP File


In this case, we specify that we want to receive 5 (five) SVCB alias records:

# dig svalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> svalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 794
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;svalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias175584.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias670081.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias709467.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias534655.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias197848.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:34:01 +04 2024
;; MSG SIZE  rcvd: 272

Download PCAP File


As mentioned in the description, this module also supports DNS queries for locating different services using the underscore (_) prefix notation. In this example, we search for SIP (Session Initiation Protocol) service, and we request to receive a single SVCB alias record:

# dig _sip.svalias.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> _sip.svalias.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26281
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_sip.svalias.yourdomain.com.	IN	A

;; ANSWER SECTION:
_sip.svalias.yourdomain.com. 60	IN	SVCB	0 _sip.svalias380835.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:34:03 +04 2024
;; MSG SIZE  rcvd: 94

Download PCAP File


Here, we search for SIP service running over UDP, and we want to receive 2 (two) SVCB alias records:

# dig _sip._udp.svalias.2.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> _sip._udp.svalias.2.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22396
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_sip._udp.svalias.2.yourdomain.com. IN	A

;; ANSWER SECTION:
_sip._udp.svalias.2.yourdomain.com. 60 IN SVCB	0 _sip._udp.svalias68871.2.yourdomain.com.
_sip._udp.svalias.2.yourdomain.com. 60 IN SVCB	0 _sip._udp.svalias58558.2.yourdomain.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:34:04 +04 2024
;; MSG SIZE  rcvd: 162

Download PCAP File


Here, we search for HTTP service running over TCP, and we request to receive 10 (ten) SVCB alias records:

# dig _http._tcp.svalias.10.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> _http._tcp.svalias.10.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27173
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_http._tcp.svalias.10.yourdomain.com. IN A

;; ANSWER SECTION:
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias774366.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias88586.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias229026.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias993449.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias635189.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias725211.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias974324.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias229791.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias498227.10.yourdomain.com.
_http._tcp.svalias.10.yourdomain.com. 60 IN SVCB 0 _http._tcp.svalias862743.10.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:34:05 +04 2024
;; MSG SIZE  rcvd: 633

Download PCAP File


Here, we search for HTTP service specifically designed for mobile devices, running over TCP. We request 20 (twenty) SVCB alias records in the response:

# dig _mobile._http._tcp.svalias.20.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> _mobile._http._tcp.svalias.20.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64946
;; flags: qr aa; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_mobile._http._tcp.svalias.20.yourdomain.com. IN A

;; ANSWER SECTION:
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias811997.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias517921.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias587035.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias138536.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias549532.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias954047.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias193364.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias11198.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias43082.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias60358.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias234123.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias302443.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias867824.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias529761.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias826335.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias219670.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias48921.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias369726.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias185492.20.yourdomain.com.
_mobile._http._tcp.svalias.20.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svalias986029.20.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Nov 04 16:34:06 +04 2024
;; MSG SIZE  rcvd: 1378

Download PCAP File


From the same category

See also


Go back to catalogue.