Skip to content

Latest commit

 

History

History
1285 lines (1018 loc) · 56.8 KB

aliases-loops-and-chains.md

File metadata and controls

1285 lines (1018 loc) · 56.8 KB
Raw

PolarDNS catalogue - Aliases, loops and chains

  1. General features
  2. Aliases, loops and chains
  3. Response modifiers
  4. CNAME fuzzing
  5. Bad compression
  6. Empty responses
  7. Record injections

Generic

Random N aliases (alias)

Respond with a randomly generated alias in the format alias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. This feature supports CNAME, DNAME, HTTPS, SVCB, SRV, MX, NS and SPF (TXT) resource types. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:alias.<NUMBER>.yourdomain.com
example:dig alias.yourdomain.com @127.0.0.1
example:dig alias.10.yourdomain.com @127.0.0.1
example:dig CNAME alias.10.yourdomain.com @127.0.0.1
example:dig DNAME alias.10.yourdomain.com @127.0.0.1
example:dig HTTPS alias.10.yourdomain.com @127.0.0.1
example:dig SVCB alias.10.yourdomain.com @127.0.0.1
example:dig SRV alias.10.yourdomain.com @127.0.0.1
example:dig TXT alias.10.yourdomain.com @127.0.0.1
example:dig MX alias.10.yourdomain.com @127.0.0.1
example:dig NS alias.10.yourdomain.com @127.0.0.1
example:dig alias.5.yourdomain.com @127.0.0.1

Sample:

# dig alias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> alias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32197
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alias.5.yourdomain.com.		IN	A

;; ANSWER SECTION:
alias.5.yourdomain.com.	60	IN	CNAME	alias323773.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias323773.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias323773.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias323773.5.yourdomain.com.
alias.5.yourdomain.com.	60	IN	CNAME	alias323773.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Jun 03 01:15:16 +04 2024
;; MSG SIZE  rcvd: 360

Alias chain (chain)

Respond with an incremented alias record, creating an infinite alias chain that continues to increment indefinitely. This feature supports CNAME, DNAME, HTTPS, SVCB, SRV, MX, NS and SPF (TXT) resource types.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:chain<NUMBER>.yourdomain.com
example:dig chain.yourdomain.com @127.0.0.1
example:dig CNAME chain.yourdomain.com @127.0.0.1
example:dig DNAME chain.yourdomain.com @127.0.0.1
example:dig HTTPS chain.yourdomain.com @127.0.0.1
example:dig SVCB chain.yourdomain.com @127.0.0.1
example:dig SRV chain.yourdomain.com @127.0.0.1
example:dig TXT chain.yourdomain.com @127.0.0.1
example:dig MX chain.yourdomain.com @127.0.0.1
example:dig NS chain.yourdomain.com @127.0.0.1
example:dig chain100.yourdomain.com @127.0.0.1

Sample:

# dig chain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> chain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27069
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;chain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
chain100.yourdomain.com. 60	IN	CNAME	chain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Jun 03 01:15:16 +04 2024
;; MSG SIZE  rcvd: 101

Alias loop (loop)

Respond with the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. This feature supports CNAME, DNAME, HTTPS, SVCB, SRV, MX, NS and SPF (TXT) resource types.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:loop.<NUMBER>.yourdomain.com
example:dig loop.yourdomain.com @127.0.0.1
example:dig loop.10.yourdomain.com @127.0.0.1
example:dig CNAME loop.10.yourdomain.com @127.0.0.1
example:dig DNAME loop.10.yourdomain.com @127.0.0.1
example:dig HTTPS loop.10.yourdomain.com @127.0.0.1
example:dig SVCB loop.10.yourdomain.com @127.0.0.1
example:dig SRV loop.10.yourdomain.com @127.0.0.1
example:dig TXT loop.10.yourdomain.com @127.0.0.1
example:dig MX loop.10.yourdomain.com @127.0.0.1
example:dig NS loop.10.yourdomain.com @127.0.0.1

Sample:

# dig loop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> loop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38888
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;loop.yourdomain.com.		IN	A

;; ANSWER SECTION:
loop.yourdomain.com.	60	IN	CNAME	loop.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue May 28 11:50:00 +04 2024
;; MSG SIZE  rcvd: 89

CNAME (Canonical Name)

CNAME random N aliases (cnalias)

Respond with a randomly generated CNAME record in the format cnalias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the CNAME record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:cnalias.<NUMBER>.yourdomain.com
example:dig cnalias.yourdomain.com @127.0.0.1
example:dig cnalias.1.yourdomain.com @127.0.0.1
example:dig cnalias.5.yourdomain.com @127.0.0.1

Sample:

# dig cnalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> cnalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8560
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
cnalias.5.yourdomain.com. 60	IN	CNAME	cnalias559648.5.yourdomain.com.
cnalias.5.yourdomain.com. 60	IN	CNAME	cnalias938954.5.yourdomain.com.
cnalias.5.yourdomain.com. 60	IN	CNAME	cnalias292192.5.yourdomain.com.
cnalias.5.yourdomain.com. 60	IN	CNAME	cnalias644854.5.yourdomain.com.
cnalias.5.yourdomain.com. 60	IN	CNAME	cnalias304807.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 382

CNAME alias chain (cnchain)

Respond with an incremented CNAME record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the CNAME record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:cnchain<NUMBER>.yourdomain.com
example:dig cnchain.yourdomain.com @127.0.0.1
example:dig cnchain100.yourdomain.com @127.0.0.1

Sample:

# dig cnchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> cnchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9010
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
cnchain100.yourdomain.com. 60	IN	CNAME	cnchain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 107

CNAME alias loop (cnloop)

Respond with a CNAME record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the CNAME record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:cnloop.<NUMBER>.yourdomain.com
example:dig cnloop.yourdomain.com @127.0.0.1
example:dig cnloop.5.yourdomain.com @127.0.0.1
example:dig cnloop.10.yourdomain.com @127.0.0.1

Sample:

# dig cnloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> cnloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20548
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cnloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
cnloop.yourdomain.com.	60	IN	CNAME	cnloop.yourdomain.com.

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 95

DNAME (Delegation Name)

DNAME random N aliases (dnalias)

Respond with a randomly generated DNAME record in the format dnalias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the DNAME record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:dnalias.<NUMBER>.yourdomain.com
example:dig dnalias.yourdomain.com @127.0.0.1
example:dig dnalias.1.yourdomain.com @127.0.0.1
example:dig dnalias.5.yourdomain.com @127.0.0.1

Sample:

# dig dnalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> dnalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21696
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dnalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
dnalias.5.yourdomain.com. 60	IN	DNAME	dnalias533593.5.yourdomain.com.
dnalias.5.yourdomain.com. 60	IN	DNAME	dnalias877276.5.yourdomain.com.
dnalias.5.yourdomain.com. 60	IN	DNAME	dnalias644088.5.yourdomain.com.
dnalias.5.yourdomain.com. 60	IN	DNAME	dnalias366486.5.yourdomain.com.
dnalias.5.yourdomain.com. 60	IN	DNAME	dnalias753117.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 382

DNAME alias chain (dnchain)

Respond with an incremented DNAME record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the DNAME record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:dnchain<NUMBER>.yourdomain.com
example:dig dnchain.yourdomain.com @127.0.0.1
example:dig dnchain100.yourdomain.com @127.0.0.1

Sample:

# dig dnchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> dnchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46743
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dnchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
dnchain100.yourdomain.com. 60	IN	DNAME	dnchain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 107

DNAME alias loop (dnloop)

Respond with a DNAME record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the DNAME record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:dnloop.<NUMBER>.yourdomain.com
example:dig dnloop.yourdomain.com @127.0.0.1
example:dig dnloop.5.yourdomain.com @127.0.0.1
example:dig dnloop.10.yourdomain.com @127.0.0.1

Sample:

# dig dnloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> dnloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61371
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dnloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
dnloop.yourdomain.com.	60	IN	DNAME	dnloop.yourdomain.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 95

HTTPS (HTTPS Binding)

HTTPS random N aliases (htalias)

Respond with a randomly generated HTTPS record in the format htalias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the HTTPS record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:htalias.<NUMBER>.yourdomain.com
example:dig htalias.yourdomain.com @127.0.0.1
example:dig htalias.1.yourdomain.com @127.0.0.1
example:dig htalias.5.yourdomain.com @127.0.0.1

Sample:

# dig htalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> htalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47932
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;htalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
htalias.5.yourdomain.com. 60	IN	HTTPS	0 htalias103536.5.yourdomain.com.
htalias.5.yourdomain.com. 60	IN	HTTPS	0 htalias771588.5.yourdomain.com.
htalias.5.yourdomain.com. 60	IN	HTTPS	0 htalias784421.5.yourdomain.com.
htalias.5.yourdomain.com. 60	IN	HTTPS	0 htalias283125.5.yourdomain.com.
htalias.5.yourdomain.com. 60	IN	HTTPS	0 htalias939599.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 392

HTTPS alias chain (htchain)

Respond with an incremented HTTPS alias record (SvcPriority 0), creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the HTTPS record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:htchain<NUMBER>.yourdomain.com
example:dig htchain.yourdomain.com @127.0.0.1
example:dig htchain100.yourdomain.com @127.0.0.1

Sample:

# dig htchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> htchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1020
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;htchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
htchain100.yourdomain.com. 60	IN	HTTPS	0 htchain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 109

HTTPS alias loop (htloop)

Respond with a HTTPS record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the HTTPS record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:htloop.<NUMBER>.yourdomain.com
example:dig htloop.yourdomain.com @127.0.0.1
example:dig htloop.5.yourdomain.com @127.0.0.1
example:dig htloop.10.yourdomain.com @127.0.0.1

Sample:

# dig htloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> htloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25585
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;htloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
htloop.yourdomain.com.	60	IN	HTTPS	0 htloop.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:11 +04 2024
;; MSG SIZE  rcvd: 97

SVCB (Service Binding)

SVCB random N aliases (svalias)

Respond with a randomly generated SVCB record in the format svalias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the SVCB record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:svalias.<NUMBER>.yourdomain.com
example:dig svalias.yourdomain.com @127.0.0.1
example:dig svalias.1.yourdomain.com @127.0.0.1
example:dig _sip.svalias.yourdomain.com @127.0.0.1
example:dig _sip._udp.svalias.yourdomain.com @127.0.0.1
example:dig _http._tcp.svalias.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.svalias.yourdomain.com @127.0.0.1
example:dig svalias.5.yourdomain.com @127.0.0.1

Sample:

# dig svalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> svalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3335
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;svalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias312485.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias807161.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias476482.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias311437.5.yourdomain.com.
svalias.5.yourdomain.com. 60	IN	SVCB	0 svalias123344.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 392

SVCB alias chain (svchain)

Respond with an incremented SVCB alias record (SvcPriority 0), creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the SVCB record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:svchain<NUMBER>.yourdomain.com
example:dig svchain.yourdomain.com @127.0.0.1
example:dig _sip.svchain.yourdomain.com @127.0.0.1
example:dig _sip._udp.svchain.yourdomain.com @127.0.0.1
example:dig _http._tcp.svchain.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.svchain.yourdomain.com @127.0.0.1
example:dig svchain100.yourdomain.com @127.0.0.1

Sample:

# dig svchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> svchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49230
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;svchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
svchain100.yourdomain.com. 60	IN	SVCB	0 svchain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 109

SVCB alias loop (svloop)

Respond with a SVCB record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the SVCB record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:svloop.<NUMBER>.yourdomain.com
example:dig svloop.yourdomain.com @127.0.0.1
example:dig svloop.10.yourdomain.com @127.0.0.1
example:dig _sip.svloop.yourdomain.com @127.0.0.1
example:dig _sip._udp.svloop.yourdomain.com @127.0.0.1
example:dig _http._tcp.svloop.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.svloop.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.svloop.10.yourdomain.com @127.0.0.1

Sample:

# dig svloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> svloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38993
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;svloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
svloop.yourdomain.com.	60	IN	SVCB	0 svloop.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 97

SRV (Service Locator)

SRV random N aliases (sralias)

Respond with a randomly generated SRV record in the format sralias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the SRV record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:sralias.<NUMBER>.yourdomain.com
example:dig sralias.yourdomain.com @127.0.0.1
example:dig sralias.1.yourdomain.com @127.0.0.1
example:dig _sip.sralias.yourdomain.com @127.0.0.1
example:dig _sip._udp.sralias.yourdomain.com @127.0.0.1
example:dig _http._tcp.sralias.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.sralias.yourdomain.com @127.0.0.1
example:dig sralias.5.yourdomain.com @127.0.0.1

Sample:

# dig sralias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> sralias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47235
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sralias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
sralias.5.yourdomain.com. 60	IN	SRV	0 0 53616 sralias589536.5.yourdomain.com.
sralias.5.yourdomain.com. 60	IN	SRV	0 0 35659 sralias554721.5.yourdomain.com.
sralias.5.yourdomain.com. 60	IN	SRV	0 0 59737 sralias536404.5.yourdomain.com.
sralias.5.yourdomain.com. 60	IN	SRV	0 0 47250 sralias276839.5.yourdomain.com.
sralias.5.yourdomain.com. 60	IN	SRV	0 0 60876 sralias37220.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 411

SRV alias chain (srchain)

Respond with an incremented SRV record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the SRV record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:srchain<NUMBER>.yourdomain.com
example:dig srchain.yourdomain.com @127.0.0.1
example:dig _sip.srchain.yourdomain.com @127.0.0.1
example:dig _sip._udp.srchain.yourdomain.com @127.0.0.1
example:dig _http._tcp.srchain.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.srchain.yourdomain.com @127.0.0.1
example:dig srchain100.yourdomain.com @127.0.0.1

Sample:

# dig srchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> srchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50457
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;srchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
srchain100.yourdomain.com. 60	IN	SRV	0 0 25008 srchain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 113

SRV alias loop (srloop)

Respond with a SRV record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the SRV record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:srloop.<NUMBER>.yourdomain.com
example:dig srloop.yourdomain.com @127.0.0.1
example:dig srloop.10.yourdomain.com @127.0.0.1
example:dig _sip.srloop.yourdomain.com @127.0.0.1
example:dig _sip._udp.srloop.yourdomain.com @127.0.0.1
example:dig _http._tcp.srloop.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.srloop.yourdomain.com @127.0.0.1
example:dig _mobile._http._tcp.srloop.10.yourdomain.com @127.0.0.1

Sample:

# dig srloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> srloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64758
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;srloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
srloop.yourdomain.com.	60	IN	SRV	0 0 38882 srloop.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 101

MX (Mail Exchange)

MX random N aliases (mxalias)

Respond with a randomly generated MX record in the format mxalias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the MX record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:mxalias.<NUMBER>.yourdomain.com
example:dig mxalias.yourdomain.com @127.0.0.1
example:dig mxalias.1.yourdomain.com @127.0.0.1
example:dig mxalias.5.yourdomain.com @127.0.0.1

Sample:

# dig mxalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> mxalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21241
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mxalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
mxalias.5.yourdomain.com. 60	IN	MX	0 mxalias870446.5.yourdomain.com.
mxalias.5.yourdomain.com. 60	IN	MX	0 mxalias122700.5.yourdomain.com.
mxalias.5.yourdomain.com. 60	IN	MX	0 mxalias482975.5.yourdomain.com.
mxalias.5.yourdomain.com. 60	IN	MX	0 mxalias714375.5.yourdomain.com.
mxalias.5.yourdomain.com. 60	IN	MX	0 mxalias861718.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 392

MX alias chain (mxchain)

Respond with an incremented MX record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the MX record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:mxchain<NUMBER>.yourdomain.com
example:dig mxchain.yourdomain.com @127.0.0.1
example:dig mxchain100.yourdomain.com @127.0.0.1

Sample:

# dig mxchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> mxchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8860
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mxchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
mxchain100.yourdomain.com. 60	IN	MX	0 mxchain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 109

MX alias loop (mxloop)

Respond with a MXx record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the MX record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:mxloop.<NUMBER>.yourdomain.com
example:dig mxloop.yourdomain.com @127.0.0.1
example:dig mxloop.5.yourdomain.com @127.0.0.1
example:dig mxloop.10.yourdomain.com @127.0.0.1

Sample:

# dig mxloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> mxloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41968
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mxloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
mxloop.yourdomain.com.	60	IN	MX	0 mxloop.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 01 00:46:12 +04 2024
;; MSG SIZE  rcvd: 97

NS (Name Server)

NS random N aliases (nsalias)

Respond with a randomly generated NS record in the format nsalias######.yourdomain.com where ###### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the NS record for the generic alias feature. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:nsalias.<NUMBER>.yourdomain.com
example:dig nsalias.yourdomain.com @127.0.0.1
example:dig nsalias.1.yourdomain.com @127.0.0.1
example:dig nsalias.5.yourdomain.com @127.0.0.1

Sample:

# dig nsalias.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> nsalias.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5265
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nsalias.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
nsalias.5.yourdomain.com. 60	IN	NS	nsalias745947.5.yourdomain.com.
nsalias.5.yourdomain.com. 60	IN	NS	nsalias39277.5.yourdomain.com.
nsalias.5.yourdomain.com. 60	IN	NS	nsalias385184.5.yourdomain.com.
nsalias.5.yourdomain.com. 60	IN	NS	nsalias621059.5.yourdomain.com.
nsalias.5.yourdomain.com. 60	IN	NS	nsalias694309.5.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Jul 11 11:53:03 +04 2024
;; MSG SIZE  rcvd: 261

NS alias chain (nschain)

Respond with an incremented NS record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the NS record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:nschain<NUMBER>.yourdomain.com
example:dig nschain.yourdomain.com @127.0.0.1
example:dig nschain100.yourdomain.com @127.0.0.1

Sample:

# dig nschain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> nschain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47034
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nschain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
nschain100.yourdomain.com. 60	IN	NS	nschain101.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Jul 11 11:53:03 +04 2024
;; MSG SIZE  rcvd: 82

NS alias loop (nsloop)

Respond with a NS record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the NS record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:nsloop.<NUMBER>.yourdomain.com
example:dig nsloop.yourdomain.com @127.0.0.1
example:dig nsloop.5.yourdomain.com @127.0.0.1
example:dig nsloop.10.yourdomain.com @127.0.0.1

Sample:

# dig nsloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> nsloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65006
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nsloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
nsloop.yourdomain.com.	60	IN	NS	nsloop.yourdomain.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Jul 11 11:53:03 +04 2024
;; MSG SIZE  rcvd: 74

SPF (Sender Policy Framework)

SPF (TXT) random N aliases (spfalias1)

Respond with single or multiple SPF (Sender Policy Framework) entries, with each entry in a separate TXT record. Each SPF entry contains a single include: parameter with a randomly generated alias/domain name in the format spfalias1#####.yourdomain.com where ##### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the TXT record for the generic alias feature.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:spfalias1.<NUMBER>.yourdomain.com
example:dig spfalias1.yourdomain.com @127.0.0.1
example:dig spfalias1.1.yourdomain.com @127.0.0.1
example:dig spfalias1.5.yourdomain.com @127.0.0.1

Sample:

# dig spfalias1.5.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> spfalias1.5.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60985
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;spfalias1.5.yourdomain.com.	IN	A

;; ANSWER SECTION:
spfalias1.5.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias110591.5.yourdomain.com ~all"
spfalias1.5.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias141406.5.yourdomain.com ~all"
spfalias1.5.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias129292.5.yourdomain.com ~all"
spfalias1.5.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias114609.5.yourdomain.com ~all"
spfalias1.5.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias13328.5.yourdomain.com ~all"

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 12 01:33:31 +04 2024
;; MSG SIZE  rcvd: 363

SPF (TXT) random N aliases (spfalias2)

Respond with single or multiple SPF (Sender Policy Framework) entries within one or more TXT records. Each SPF record includes multiple include: parameters with randomly generated alias/domain names in the format spfalias2#####.yourdomain.com where ##### represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that the number of SPF aliases per TXT record is limited by the maximum TXT label size of 255 bytes. If the specified number of aliases cannot fit within a single TXT record, multiple TXT records will be produced to accomodate all aliases.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:spfalias2.<NUMBER>.yourdomain.com
example:dig spfalias2.yourdomain.com @127.0.0.1
example:dig spfalias2.1.yourdomain.com @127.0.0.1
example:dig spfalias2.100.yourdomain.com @127.0.0.1
example:dig spfalias2.11.yourdomain.com @127.0.0.1

Sample:

# dig spfalias2.11.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> spfalias2.11.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55061
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;spfalias2.11.yourdomain.com.	IN	A

;; ANSWER SECTION:
spfalias2.11.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias297648.11.yourdomain.com include:spfalias292301.11.yourdomain.com include:spfalias271263.11.yourdomain.com include:spfalias280110.11.yourdomain.com include:spfalias248974.11.yourdomain.com ~all"
spfalias2.11.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias247152.11.yourdomain.com include:spfalias288375.11.yourdomain.com include:spfalias295587.11.yourdomain.com include:spfalias257159.11.yourdomain.com include:spfalias235140.11.yourdomain.com ~all"
spfalias2.11.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfalias224904.11.yourdomain.com ~all"

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 12 10:06:38 +04 2024
;; MSG SIZE  rcvd: 568

SPF (TXT) alias chain (spfchain)

Respond with a TXT record containing an SPF (Sender Policy Framework) record with an incremented index, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the TXT record for the generic chain feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:spfchain<NUMBER>.yourdomain.com
example:dig spfchain.yourdomain.com @127.0.0.1
example:dig spfchain100.yourdomain.com @127.0.0.1

Sample:

# dig spfchain100.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> spfchain100.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24557
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;spfchain100.yourdomain.com.	IN	A

;; ANSWER SECTION:
spfchain100.yourdomain.com. 60	IN	TXT	"v=spf1 include:spfchain101.yourdomain.com ~all"

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Jul 11 11:53:03 +04 2024
;; MSG SIZE  rcvd: 103

SPF (TXT) alias loop (spfloop)

Respond with a TXT record with an SPF (Sender Policy Framework) record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the TXT record for the generic loop feature.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:spfloop.<NUMBER>.yourdomain.com
example:dig spfloop.yourdomain.com @127.0.0.1
example:dig spfloop.5.yourdomain.com @127.0.0.1
example:dig spfloop.10.yourdomain.com @127.0.0.1

Sample:

# dig spfloop.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> spfloop.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56063
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;spfloop.yourdomain.com.		IN	A

;; ANSWER SECTION:
spfloop.yourdomain.com.	60	IN	TXT	"v=spf1 include:spfloop.yourdomain.com ~all"

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Jul 11 11:53:03 +04 2024
;; MSG SIZE  rcvd: 95

PTR (Pointer)

PTR random N aliases (10.0.0.0/8)

Requesting a reverse DNS record for any IP address within the 10.0.0.0/8 network range (e.g., a PTR record for z.y.x.10.in-addr.arpa). The 10.0.0.0/8 range is a private network range used exclusively for internal purposes. We will respond with x number of PTR records containing domains in the format 10.x.*.*.in-addr.arpa (within the same range). This implies that if the client/resolver attempts to resolve any of these records, it will loop back to this process, generating even more PTR records from the same range.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:<0-255>.<0-255>.<0-255>.10.in-addr.arpa
example:dig -x 10.1.0.0 @127.0.0.1
example:dig -x 10.5.0.0 @127.0.0.1
example:dig -x 10.10.123.123 @127.0.0.1
example:dig -x 10.15.123.123 @127.0.0.1
example:dig PTR 0.0.1.10.in-addr.arpa @127.0.0.1
example:dig PTR 0.0.5.10.in-addr.arpa @127.0.0.1
example:dig PTR 123.123.10.10.in-addr.arpa @127.0.0.1
example:dig PTR 123.123.15.10.in-addr.arpa @127.0.0.1

Sample:

# dig -x 10.5.0.0 @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> -x 10.5.0.0 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30634
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0.0.5.10.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
0.0.5.10.in-addr.arpa.	60	IN	PTR	170.72.5.10.in-addr.arpa.
0.0.5.10.in-addr.arpa.	60	IN	PTR	212.179.5.10.in-addr.arpa.
0.0.5.10.in-addr.arpa.	60	IN	PTR	42.124.5.10.in-addr.arpa.
0.0.5.10.in-addr.arpa.	60	IN	PTR	8.207.5.10.in-addr.arpa.
0.0.5.10.in-addr.arpa.	60	IN	PTR	52.140.5.10.in-addr.arpa.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 12 10:36:31 +04 2024
;; MSG SIZE  rcvd: 229

PTR alias loop 1 (192.0.2.0/24)

Requesting a reverse DNS record for any IP address within the 192.0.2.0/24 network range (e.g., a PTR record for x.2.0.192.in-addr.arpa). The 192.0.2.0/24 range, known as TEST-NET-1, is typically used for documentation and examples. We will respond with the same exact domain name, effectively creating an immediate loop.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:<0-255>.2.0.192.in-addr.arpa
example:dig -x 192.0.2.0 @127.0.0.1
example:dig -x 192.0.2.100 @127.0.0.1
example:dig PTR 0.2.0.192.in-addr.arpa @127.0.0.1
example:dig PTR 255.2.0.192.in-addr.arpa @127.0.0.1
example:dig -x 192.0.2.200 @127.0.0.1

Sample:

# dig -x 192.0.2.200 @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> -x 192.0.2.200 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5212
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;200.2.0.192.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
200.2.0.192.in-addr.arpa. 60	IN	PTR	200.2.0.192.in-addr.arpa.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 12 10:58:36 +04 2024
;; MSG SIZE  rcvd: 56

PTR alias loop 2 (198.51.100.0/24)

Requesting a reverse DNS record for any IP address within the 198.51.100.0/24 network range (e.g., a PTR record for x.100.51.198.in-addr.arpa). The 198.51.100.0/24 range, known as TEST-NET-2, is typically used for documentation and examples. We will respond with incremented domain name, cycling through addresses from 198.51.100.0 to 198.51.100.255 indefinitely, effectively creating a loop.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:<0-255>.100.51.198.in-addr.arpa
example:dig -x 198.51.100.0 @127.0.0.1
example:dig -x 198.51.100.10 @127.0.0.1
example:dig PTR 0.100.51.198.in-addr.arpa @127.0.0.1
example:dig PTR 255.100.51.198.in-addr.arpa @127.0.0.1
example:dig -x 198.51.100.123 @127.0.0.1

Sample:

# dig -x 198.51.100.123 @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> -x 198.51.100.123 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13554
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;123.100.51.198.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
123.100.51.198.in-addr.arpa. 60	IN	PTR	124.100.51.198.in-addr.arpa.

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Fri Jul 12 10:58:36 +04 2024
;; MSG SIZE  rcvd: 86

NAPTR (Name Authority Pointer)

NAPTR ENUM random N aliases (1...e164.arpa)

Requesting to translate an E.164 telephone number ending with the digit 1 (e.g., a NAPTR record for 1.2.3.4.5.6.7.8.e164.arpa in reverse). The response will be a SIP service URI pointing to another random E.164 telephone number, also ending with the digit 1. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. While NAPTR ENUM records do not contain aliases like CNAME records, this could achieve similar results by prompting the client to perform consecutive queries to resolve it. Responding with multiple records (aliases) at once is also supported.

⚠️BEWARE⚠️This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).

format:1.<NUMBER>.*.e164.arpa
example:dig NAPTR 1.e164.arpa @127.0.0.1
example:dig NAPTR 1.1.2.3.4.5.e164.arpa @127.0.0.1
example:dig NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1

Sample:

# dig NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29740
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.5.2.3.4.5.6.7.8.e164.arpa.	IN	NAPTR

;; ANSWER SECTION:
1.5.2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!1.5.4.1.4.8.0.0.4.7.1.e164.arpa!" .
1.5.2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!1.5.9.8.1.3.1.8.9.5.2.e164.arpa!" .
1.5.2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!1.5.5.0.3.7.6.0.3.4.3.e164.arpa!" .
1.5.2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!1.5.9.7.9.1.4.1.0.3.5.e164.arpa!" .
1.5.2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!1.5.3.0.9.4.3.3.9.5.9.e164.arpa!" .

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Sep 24 10:24:56 +04 2024
;; MSG SIZE  rcvd: 375

NAPTR ENUM alias loop (2...e164.arpa)

Requesting to translate an E.164 telephone number ending with the digit 2 (e.g., a NAPTR record for 2.3.4.5.6.7.8.9.e164.arpa in reverse). The response will be a SIP service URI pointing to the same exact E.164 telephone number, effectively creating a direct loop. While NAPTR ENUM records do not contain aliases like CNAME records, this could achieve similar results by prompting the client to perform consecutive queries to resolve it.

⚠️BEWARE⚠️This could potentially lead to a domain lock-up (DoS).

format:2.*.e164.arpa
example:dig NAPTR 2.e164.arpa @127.0.0.1
example:dig NAPTR 2.1.2.3.4.5.e164.arpa @127.0.0.1
example:dig NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1

Sample:

# dig NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 169
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2.5.2.3.4.5.6.7.8.e164.arpa.	IN	NAPTR

;; ANSWER SECTION:
2.5.2.3.4.5.6.7.8.e164.arpa. 60	IN	NAPTR	0 0 "U" "E2U+sip" "!^.*$!2.5.2.3.4.5.6.7.8.e164.arpa!" .

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Sep 24 10:24:56 +04 2024
;; MSG SIZE  rcvd: 107

Go back to menu.