SvLoop - SVCB Alias Loops
This module implements alias loops using SVCB (Service Binding) records. The loops can be a direct loop, where the alias points back to the same domain name as in the original query, or they can include multiple elements, cycling through a specified number of domains.
The idea is that if the client/resolver decides to resolve this further, it will enter an infinite loop. In practice, however, most modern resolvers detect such loops and terminate the resolution.
Note that SVCB records include a SvcPriority field. In this module, the field always set to 0.
Additionally, the module supports DNS queries for locating different services using the underscore (_) prefix notation, also known as Attrleaf naming pattern, service labels, or underscore labels (RFC8552, RFC8553).
Note that this feature provides the same functionality as requesting a SVCB record for the generic loop feature.
Category: Alias loops
Tags: Domain Lock-Up, Denial of Service
RFCs: RFC9460, RFC8552, RFC8553
Format
svloop.<NUMBER>.yourdomain.com
Where:
- The
<NUMBER>parameter specifies the number of elements the loop should contain.
Examples
In this example, we can see a direct loop formed by requesting an SVCB record containing the exact same domain name:
# dig svloop.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> svloop.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24227 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;svloop.yourdomain.com. IN A ;; ANSWER SECTION: svloop.yourdomain.com. 60 IN SVCB 0 svloop.yourdomain.com. ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 06 12:02:16 +04 2024 ;; MSG SIZE rcvd: 76
In this example, we request a SVCB alias loop consisting of 5 elements:
# dig svloop.5.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> svloop.5.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19920 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;svloop.5.yourdomain.com. IN A ;; ANSWER SECTION: svloop.5.yourdomain.com. 60 IN SVCB 0 svloop.5.1.yourdomain.com. ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 06 12:02:17 +04 2024 ;; MSG SIZE rcvd: 82
The resulting domain name svloop.5.1.yourdomain.com represents the 1st element of the loop.
By resolving the 1st element, we are pointed to the 2nd element of the loop:
# dig svloop.5.1.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> svloop.5.1.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10747 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;svloop.5.1.yourdomain.com. IN A ;; ANSWER SECTION: svloop.5.1.yourdomain.com. 60 IN SVCB 0 svloop.5.2.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 06 12:02:19 +04 2024 ;; MSG SIZE rcvd: 84
This continues up to the 5th and final element — svloop.5.5.yourdomain.com.
By resolving the final element of the loop, we are directed back to the 1st element again:
# dig svloop.5.5.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> svloop.5.5.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5592 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;svloop.5.5.yourdomain.com. IN A ;; ANSWER SECTION: svloop.5.5.yourdomain.com. 60 IN SVCB 0 svloop.5.1.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 06 12:02:20 +04 2024 ;; MSG SIZE rcvd: 84
We can see that we are indeed pointed back to the 1st element again, effectively forming a loop.
As mentioned in the description, this module also supports DNS queries for locating different services using the underscore (_) prefix notation. This example demonstrates such usage, where we search for an HTTP service specifically designed for mobile devices and running over TCP. In this case, we request a loop of 10 elements:
# dig _mobile._http._tcp.svloop.10.yourdomain.com @127.0.0.1 ; <<>> DiG 9.18.10-2-Debian <<>> _mobile._http._tcp.svloop.10.yourdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16456 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;_mobile._http._tcp.svloop.10.yourdomain.com. IN A ;; ANSWER SECTION: _mobile._http._tcp.svloop.10.yourdomain.com. 60 IN SVCB 0 _mobile._http._tcp.svloop.10.1.yourdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 06 12:02:21 +04 2024 ;; MSG SIZE rcvd: 122
The resulting domain name _mobile._http._tcp.svloop.10.1.yourdomain.com represents the 1st element of the loop.
From the same category
- CnLoop - CNAME Alias Loops
- DnLoop - DNAME Alias Loops
- HtLoop - HTTPS Alias Loops
- Loop - Alias Loops
- MxLoop - MX Alias Loops
- NptEnumLoop - NAPTR ENUM Alias Loops
- NsLoop - NS Alias Loops
- PtrLoop1 - PTR Alias Loops (Variant 1)
- PtrLoop2 - PTR Alias Loops (Variant 2)
- SpfLoop - SPF (TXT) Alias Loops
- SrLoop - SRV Alias Loops