Skip to main content
Link
Menu
Expand
(external link)
Document
Search
Copy
Copied
PolarDNS Documentation
PolarDNS
Installation
Installation Methods
Running PolarDNS
Using PolarDNS
Getting Started with PolarDNS
Understanding the Main Concept
Features and Response Modifiers Explained
Testing of Recursive DNS Resolvers
Testing Process Breakdown
Adding New Features
Introduction
Process of Adding New Features
PolarDNS Modularity
Where to Add the Code
The process_DNS() Function
Crafting DNS Responses
Debugging PolarDNS
Useful Links
Catalogue
Alias chains
Chain - Alias Chains
CnChain - CNAME Alias Chains
DnChain - DNAME Alias Chains
HtChain - HTTPS Alias Chains
MxChain - MX Alias Chains
NsChain - NS Alias Chains
SpfChain - SPF (TXT) Alias Chains
SrChain - SRV Alias Chains
SvChain - SVCB Alias Chains
Alias loops
CnLoop - CNAME Alias Loops
DnLoop - DNAME Alias Loops
HtLoop - HTTPS Alias Loops
Loop - Alias Loops
MxLoop - MX Alias Loops
NptEnumLoop - NAPTR ENUM Alias Loops
NsLoop - NS Alias Loops
PtrLoop1 - PTR Alias Loops (Variant 1)
PtrLoop2 - PTR Alias Loops (Variant 2)
SpfLoop - SPF (TXT) Alias Loops
SrLoop - SRV Alias Loops
SvLoop - SVCB Alias Loops
Aliases
Alias - Random Aliases
CnAlias - Random CNAME Aliases
DnAlias - Random DNAME Aliases
HtAlias - Random HTTPS Aliases
MxAlias - Random MX Aliases
NptEnumAlias - Random NAPTR ENUM Aliases
NsAlias - Random NS Aliases
PtrAlias - Random PTR Aliases
SpfAlias1 - Random SPF (TXT) Aliases (Variant 1)
SpfAlias2 - Random SPF (TXT) Aliases (Variant 2)
SrAlias - Random SRV Aliases
SvAlias - Random SVCB Aliases
Bad compression
BadCompress1 - Custom Offset in Name Field
BadCompress2 - Custom Offset in CNAME Field
BadCompressFwPtr1 - Forward and Double Pointer in Name Field (Variant 1)
BadCompressFwPtr2 - Forward and Double Pointer in Name Field (Variant 2)
BadCompressLoop1 - Pointer Loop in Name Field (Variant 1)
BadCompressLoop2 - Pointer Loop in Name Field (Variant 2)
BadCompressLoop3 - Double Pointer Loop
BadCompressLoop4 - Pointer Loop in CNAME Field (Variant 1)
BadCompressLoop5 - Pointer Loop in CNAME Field (Variant 2)
BadCompressMid1 - Compression in the Middle of CNAME
Cache poisoning
InjA - A Record Injection
InjAaaa - AAAA Record Injection
InjCname - CNAME Record Injection
InjDname - DNAME Record Injection
InjMx - MX Record Injection
InjNs - NS Record Injection
InjPtr - PTR Record Injection
Empty responses
Close - Close the Connection
Empty1 - Empty Packet
Empty2 - Only NULL Bytes
Empty3 - Only NULL Bytes (Suitable for TCP)
Empty4 - Only Transaction ID and NULL Bytes
Empty5 - Only DNS Header and NULL Bytes
Empty6 - ANSWER Section Missing
Empty7 - ANSWER Section Is NULL Bytes
QueryBack1 - Query Reflection
QueryBack2 - Query Reflection (Stripped)
QueryBack3 - Query Reflection (To Port 53)
QueryBack4 - Query Reflection (Random, to Port 53)
Timeout - Do Not Respond
Fuzzing
AFuzz1 - Single A Record with Arbitrary Byte
AFuzz2 - Many Bogus A Records and Legit A Record
BigBinTxt - TXT Record with Multiple Binary Strings
BigTxt - TXT Record with Multiple Text Strings
ManyBinTxt - Many TXT Records with Binary Data
ManyTxt - Many TXT Records with Random Text
Nfz - Name Fuzzing Generator
General features
Always - Always Resolve to IP Address
Self - What Is My IP Address
Size - Max A or AAAA Records Within Size Limit
Header manipulation
Adrr - Set Additional RRs in the Header
Anrr - Set Answer RRs in the Header
Aurr - Set Authority RRs in the Header
Flgs - Set Custom Flags in the Header
NewId - Set Random Transaction ID
Qurr - Set Question RRs in the Header
Packet manipulation
Add - Add N Bytes to the End of the Packet
Cnk - Send Response in Chunks (TCP only)
Cut - Cut N Bytes from the End of the Packet
Fc - Force Compression
Len - Set Custom Length in TCP
Nc - No Compression
Noq - Remove the Query Section
Rl - Recalculate Length in TCP
Slp - Add a Delay (Latency)
Tc - Set Truncated Flag (Force TCP Mode)
Ttl - Set Custom TTL Value
BlackHat 2023 MEA
View PolarDNS on GitHub
BlackHat 2023 MEA
PolarDNS was presented at
Black Hat MEA 2023
in the following sessions:
Session 1
: Attacking DNS resolvers from the server-side for fun and profit (
pptx
)
Session 2
: PolarDNS: New specialized DNS server for penetration testing and vulnerability research (
pptx
)