From 05ec4b3123696e3fbbc57ab38cbea9d45374708e Mon Sep 17 00:00:00 2001 From: Ivan Jedek Date: Tue, 24 Sep 2024 15:59:56 +0400 Subject: [PATCH] New features and updates --- changelog | 13 ++ docs/catalogue/aliases-loops-and-chains.md | 134 ++++++++++++++++----- modules/alias.toml | 2 +- modules/cnalias.toml | 2 +- modules/dnalias.toml | 2 +- modules/htalias.toml | 2 +- modules/mxalias.toml | 2 +- modules/nptenumalias.toml | 65 ++++++++++ modules/nptenumloop.toml | 48 ++++++++ modules/nsalias.toml | 2 +- modules/spfalias1.toml | 2 +- modules/spfalias2.toml | 2 +- modules/sralias.toml | 6 +- modules/srchain.toml | 2 +- modules/srloop.toml | 2 +- modules/svalias.toml | 6 +- modules/svchain.toml | 2 +- modules/svloop.toml | 2 +- polardns.py | 4 +- test/test.sh | 57 +++++---- 20 files changed, 280 insertions(+), 77 deletions(-) create mode 100644 modules/nptenumalias.toml create mode 100644 modules/nptenumloop.toml diff --git a/changelog b/changelog index f13bda5..e3906f4 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,16 @@ +24/Sep/2024 +- release version 1.5.0 +- adopting the semantic versioning (SemVer) +- added the `nptenumalias` and `nptenumloop` features returning NAPTR records in response to ENUM (E.164) phone number queries +- updated the catalogue documentation +- added tests (total test count: 750) + +19/Sep/2024 +- send only one alias by default, ensuring uniform behavior across all `alias*` feature (CNAME/DNAME/HTTPS/SVCB/SRV/MX/NS/TXT) + +06/Aug/2024 +- small fix in matching of underscored domain names for the SRV and SVCB alias/chain/loop features + 15/Jul/2024 - added the `add` modifier for appending arbitrary bytes to the end of the packet - added the `rl` modifier for recalculating the length in TCP in case `cut` or `add` modifiers were used during a request diff --git a/docs/catalogue/aliases-loops-and-chains.md b/docs/catalogue/aliases-loops-and-chains.md index 01d875d..6ffba9b 100644 --- a/docs/catalogue/aliases-loops-and-chains.md +++ b/docs/catalogue/aliases-loops-and-chains.md @@ -42,6 +42,9 @@ - [PTR random N aliases (10.0.0.0/8)](#ptr-random-n-aliases-100008) - [PTR alias loop 1 (192.0.2.0/24)](#ptr-alias-loop-1-19202024) - [PTR alias loop 2 (198.51.100.0/24)](#ptr-alias-loop-2-19851100024) + - [NAPTR (Name Authority Pointer)](#naptr-pointer) + - [NAPTR ENUM random N aliases (1...e164.arpa)](#naptr-enum-random-n-aliases-1e164arpa) + - [NAPTR ENUM alias loop (2...e164.arpa)](#naptr-enum-alias-loop-2e164arpa) 1. [Response modifiers](response-modifiers.md) 1. [CNAME fuzzing](cname-fuzzing.md) 1. [Bad compression](bad-compression.md) @@ -51,7 +54,7 @@ ## # Generic ### Random N aliases (alias) -Respond with multiple (3 by default) random aliases in the format `alias######.yourdomain.com`. This feature supports `CNAME`, `DNAME`, `HTTPS`, `SVCB`, `SRV`, `MX`, `NS` and `SPF` (`TXT`) resource types. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated alias in the format `alias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. This feature supports `CNAME`, `DNAME`, `HTTPS`, `SVCB`, `SRV`, `MX`, `NS` and `SPF` (`TXT`) resource types. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS). @@ -95,7 +98,7 @@ alias.5.yourdomain.com. 60 IN CNAME alias323773.5.yourdomain.com. ``` ### Alias chain (chain) -Respond with an incremented alias record, creating an infinite alias chain that continues to increment indefinitely. This feature supports `CNAME`, `DNAME`, `HTTPS`, `SVCB`, `SRV`, `MX`, `NS` and `SPF` (`TXT`) resource types. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented alias record, creating an infinite alias chain that continues to increment indefinitely. This feature supports `CNAME`, `DNAME`, `HTTPS`, `SVCB`, `SRV`, `MX`, `NS` and `SPF` (`TXT`) resource types. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:alias.<NUMBER>.yourdomain.com
@@ -134,7 +137,7 @@ chain100.yourdomain.com. 60 IN CNAME chain101.yourdomain.com. ``` ### Alias loop (loop) -Respond with the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. This feature supports `CNAME`, `DNAME`, `HTTPS`, `SVCB`, `SRV`, `MX`, `NS` and `SPF` (`TXT`) resource types. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. This feature supports `CNAME`, `DNAME`, `HTTPS`, `SVCB`, `SRV`, `MX`, `NS` and `SPF` (`TXT`) resource types. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:chain<NUMBER>.yourdomain.com
@@ -174,7 +177,7 @@ loop.yourdomain.com. 60 IN CNAME loop.yourdomain.com. ``` # CNAME (Canonical Name) ### CNAME random N aliases (cnalias) -Respond with multiple (3 by default) random `CNAME` records in the format `cnalias######.yourdomain.com`. Note that this provides the same functionality as requesting the `CNAME` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `CNAME` record in the format `cnalias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `CNAME` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:loop.<NUMBER>.yourdomain.com
@@ -210,7 +213,7 @@ cnalias.5.yourdomain.com. 60 IN CNAME cnalias304807.5.yourdomain.com. ``` ### CNAME alias chain (cnchain) -Respond with an incremented `CNAME` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `CNAME` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `CNAME` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `CNAME` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:cnalias.<NUMBER>.yourdomain.com
@@ -241,7 +244,7 @@ cnchain100.yourdomain.com. 60 IN CNAME cnchain101.yourdomain.com. ``` ### CNAME alias loop (cnloop) -Respond with a `CNAME` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `CNAME` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `CNAME` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `CNAME` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:cnchain<NUMBER>.yourdomain.com
@@ -274,7 +277,7 @@ cnloop.yourdomain.com. 60 IN CNAME cnloop.yourdomain.com. ``` # DNAME (Delegation Name) ### DNAME random N aliases (dnalias) -Respond with multiple (3 by default) random `DNAME` records in the format `dnalias######.yourdomain.com`. Note that this provides the same functionality as requesting the `DNAME` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `DNAME` record in the format `dnalias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `DNAME` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:cnloop.<NUMBER>.yourdomain.com
@@ -310,7 +313,7 @@ dnalias.5.yourdomain.com. 60 IN DNAME dnalias753117.5.yourdomain.com. ``` ### DNAME alias chain (dnchain) -Respond with an incremented `DNAME` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `DNAME` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `DNAME` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `DNAME` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:dnalias.<NUMBER>.yourdomain.com
@@ -341,7 +344,7 @@ dnchain100.yourdomain.com. 60 IN DNAME dnchain101.yourdomain.com. ``` ### DNAME alias loop (dnloop) -Respond with a `DNAME` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `DNAME` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `DNAME` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `DNAME` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:dnchain<NUMBER>.yourdomain.com
@@ -374,7 +377,7 @@ dnloop.yourdomain.com. 60 IN DNAME dnloop.yourdomain.com. ``` # HTTPS (HTTPS Binding) ### HTTPS random N aliases (htalias) -Respond with multiple (3 by default) random `HTTPS` records in the format `htalias######.yourdomain.com`. Note that this provides the same functionality as requesting the `HTTPS` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `HTTPS` record in the format `htalias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `HTTPS` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:dnloop.<NUMBER>.yourdomain.com
@@ -410,7 +413,7 @@ htalias.5.yourdomain.com. 60 IN HTTPS 0 htalias939599.5.yourdomain.com. ``` ### HTTPS alias chain (htchain) -Respond with an incremented `HTTPS` alias record (SvcPriority 0), creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `HTTPS` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `HTTPS` alias record (SvcPriority 0), creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `HTTPS` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:htalias.<NUMBER>.yourdomain.com
@@ -441,7 +444,7 @@ htchain100.yourdomain.com. 60 IN HTTPS 0 htchain101.yourdomain.com. ``` ### HTTPS alias loop (htloop) -Respond with a `HTTPS` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `HTTPS` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `HTTPS` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `HTTPS` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:htchain<NUMBER>.yourdomain.com
@@ -474,7 +477,7 @@ htloop.yourdomain.com. 60 IN HTTPS 0 htloop.yourdomain.com. ``` # SVCB (Service Binding) ### SVCB random N aliases (svalias) -Respond with multiple (3 by default) random `SVCB` records in the format `svalias######.yourdomain.com`. Note that this provides the same functionality as requesting the `SVCB` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `SVCB` record in the format `svalias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `SVCB` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:htloop.<NUMBER>.yourdomain.com
@@ -514,7 +517,7 @@ svalias.5.yourdomain.com. 60 IN SVCB 0 svalias123344.5.yourdomain.com. ``` ### SVCB alias chain (svchain) -Respond with an incremented `SVCB` alias record (SvcPriority 0), creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `SVCB` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `SVCB` alias record (SvcPriority 0), creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `SVCB` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:svalias.<NUMBER>.yourdomain.com
@@ -549,7 +552,7 @@ svchain100.yourdomain.com. 60 IN SVCB 0 svchain101.yourdomain.com. ``` ### SVCB alias loop (svloop) -Respond with a `SVCB` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `SVCB` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `SVCB` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `SVCB` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:svchain<NUMBER>.yourdomain.com
@@ -586,7 +589,7 @@ svloop.yourdomain.com. 60 IN SVCB 0 svloop.yourdomain.com. ``` # SRV (Service Locator) ### SRV random N aliases (sralias) -Respond with multiple (3 by default) random `SRV` records in the format `sralias######.yourdomain.com`. Note that this provides the same functionality as requesting the `SRV` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `SRV` record in the format `sralias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `SRV` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:svloop.<NUMBER>.yourdomain.com
@@ -626,7 +629,7 @@ sralias.5.yourdomain.com. 60 IN SRV 0 0 60876 sralias37220.5.yourdomain.com. ``` ### SRV alias chain (srchain) -Respond with an incremented `SRV` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `SRV` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `SRV` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `SRV` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:sralias.<NUMBER>.yourdomain.com
@@ -661,7 +664,7 @@ srchain100.yourdomain.com. 60 IN SRV 0 0 25008 srchain101.yourdomain.com. ``` ### SRV alias loop (srloop) -Respond with a `SRV` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `SRV` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `SRV` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `SRV` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:srchain<NUMBER>.yourdomain.com
@@ -698,7 +701,7 @@ srloop.yourdomain.com. 60 IN SRV 0 0 38882 srloop.yourdomain.com. ``` # MX (Mail Exchange) ### MX random N aliases (mxalias) -Respond with multiple (3 by default) random `MX` records in the format `mxalias######.yourdomain.com`. Note that this provides the same functionality as requesting the `MX` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `MX` record in the format `mxalias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `MX` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:srloop.<NUMBER>.yourdomain.com
@@ -734,7 +737,7 @@ mxalias.5.yourdomain.com. 60 IN MX 0 mxalias861718.5.yourdomain.com. ``` ### MX alias chain (mxchain) -Respond with an incremented `MX` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `MX` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `MX` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `MX` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:mxalias.<NUMBER>.yourdomain.com
@@ -765,7 +768,7 @@ mxchain100.yourdomain.com. 60 IN MX 0 mxchain101.yourdomain.com. ``` ### MX alias loop (mxloop) -Respond with a `MXx` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `MX` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `MXx` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `MX` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:mxchain<NUMBER>.yourdomain.com
@@ -798,7 +801,7 @@ mxloop.yourdomain.com. 60 IN MX 0 mxloop.yourdomain.com. ``` # NS (Name Server) ### NS random N aliases (nsalias) -Respond with multiple (3 by default) random `NS` records in the format `nsalias######.yourdomain.com`. Note that this provides the same functionality as requesting the `NS` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with a randomly generated `NS` record in the format `nsalias######.yourdomain.com` where `######` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `NS` record for the generic [alias](#random-n-aliases-alias) feature. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:mxloop.<NUMBER>.yourdomain.com
@@ -834,7 +837,7 @@ nsalias.5.yourdomain.com. 60 IN NS nsalias694309.5.yourdomain.com. ``` ### NS alias chain (nschain) -Respond with an incremented `NS` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `NS` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with an incremented `NS` record, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `NS` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:nsalias.<NUMBER>.yourdomain.com
@@ -865,7 +868,7 @@ nschain100.yourdomain.com. 60 IN NS nschain101.yourdomain.com. ``` ### NS alias loop (nsloop) -Respond with a `NS` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `NS` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `NS` record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `NS` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:nschain<NUMBER>.yourdomain.com
@@ -898,7 +901,7 @@ nsloop.yourdomain.com. 60 IN NS nsloop.yourdomain.com. ``` # SPF (Sender Policy Framework) ### SPF (TXT) random N aliases (spfalias1) -Respond with multiple (3 by default) `SPF` (Sender Policy Framework) entries, with each entry in a separate `TXT` record. Each `SPF` entry contains a single `include:` parameter with a randomly generated alias/domain name in the format `spfalias1#####.yourdomain.com`. Note that this provides the same functionality as requesting the `TXT` record for the generic `alias` feature. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with single or multiple `SPF` (Sender Policy Framework) entries, with each entry in a separate `TXT` record. Each `SPF` entry contains a single `include:` parameter with a randomly generated alias/domain name in the format `spfalias1#####.yourdomain.com` where `#####` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that this provides the same functionality as requesting the `TXT` record for the generic `alias` feature. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:nsloop.<NUMBER>.yourdomain.com
@@ -934,7 +937,7 @@ spfalias1.5.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias13328.5.yourdomain ``` ### SPF (TXT) random N aliases (spfalias2) -Respond with multiple (3 by default) `SPF` (Sender Policy Framework) entries within one or more `TXT` records. Each `SPF` record includes multiple `include:` parameters with randomly generated alias/domain names in the format `spfalias2#####.yourdomain.com`. The number of `SPF` aliases per `TXT` record is limited by the maximum `TXT` label size of 255 bytes. If the specified number of aliases cannot fit within a single `TXT` record, multiple `TXT` records will be produced to accomodate all aliases. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Respond with single or multiple `SPF` (Sender Policy Framework) entries within one or more `TXT` records. Each `SPF` record includes multiple `include:` parameters with randomly generated alias/domain names in the format `spfalias2#####.yourdomain.com` where `#####` represents a random number. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. Note that the number of `SPF` aliases per `TXT` record is limited by the maximum `TXT` label size of 255 bytes. If the specified number of aliases cannot fit within a single `TXT` record, multiple `TXT` records will be produced to accomodate all aliases. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:spfalias1.<NUMBER>.yourdomain.com
@@ -969,7 +972,7 @@ spfalias2.11.yourdomain.com. 60 IN TXT "v=spf1 include:spfalias224904.11.yourdom ``` ### SPF (TXT) alias chain (spfchain) -Respond with a `TXT` record containing an `SPF` (Sender Policy Framework) record with an incremented index, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `TXT` record for the generic `chain` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `TXT` record containing an `SPF` (Sender Policy Framework) record with an incremented index, creating an infinite alias chain that continues to increment indefinitely. Note that this provides the same functionality as requesting the `TXT` record for the generic `chain` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:spfalias2.<NUMBER>.yourdomain.com
@@ -1000,7 +1003,7 @@ spfchain100.yourdomain.com. 60 IN TXT "v=spf1 include:spfchain101.yourdomain.com ``` ### SPF (TXT) alias loop (spfloop) -Respond with a `TXT` record with an `SPF` (Sender Policy Framework) record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `TXT` record for the generic `loop` feature. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Respond with a `TXT` record with an `SPF` (Sender Policy Framework) record containing the exact same domain name as in the query, effectively creating a direct infinite loop. Optionally, respond with a domain name that leads to an infinite loop with an arbitrary number of elements. Note that this provides the same functionality as requesting the `TXT` record for the generic `loop` feature. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:spfchain<NUMBER>.yourdomain.com
@@ -1033,7 +1036,7 @@ spfloop.yourdomain.com. 60 IN TXT "v=spf1 include:spfloop.yourdomain.com ~all" ``` # PTR (Pointer) ### PTR random N aliases (10.0.0.0/8) -Requesting a reverse DNS record for any IP address within the `10.0.0.0/8` network range (e.g., a PTR record for `z.y.x.10.in-addr.arpa`). The `10.0.0.0/8` range is a private network range used exclusively for internal purposes. We will respond with `x` number of `PTR` records containing domains in the format `10.x.*.*.in-addr.arpa` (within the same range). This implies that if the client/resolver attempts to resolve any of these records, it will loop back to this process, generating even more `PTR` records from the same range. :exclamation:**BEWARE**:exclamation:This can potentially lead to amplification effect (DoS). +Requesting a reverse DNS record for any IP address within the `10.0.0.0/8` network range (e.g., a PTR record for `z.y.x.10.in-addr.arpa`). The `10.0.0.0/8` range is a private network range used exclusively for internal purposes. We will respond with `x` number of `PTR` records containing domains in the format `10.x.*.*.in-addr.arpa` (within the same range). This implies that if the client/resolver attempts to resolve any of these records, it will loop back to this process, generating even more `PTR` records from the same range. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS).
format:spfloop.<NUMBER>.yourdomain.com
@@ -1074,7 +1077,7 @@ Sample: ``` ### PTR alias loop 1 (192.0.2.0/24) -Requesting a reverse DNS record for any IP address within the `192.0.2.0/24` network range (e.g., a `PTR` record for `x.2.0.192.in-addr.arpa`). The `192.0.2.0/24` range, known as TEST-NET-1, is typically used for documentation and examples. We will respond with the same exact domain name, effectively creating an immediate loop. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Requesting a reverse DNS record for any IP address within the `192.0.2.0/24` network range (e.g., a `PTR` record for `x.2.0.192.in-addr.arpa`). The `192.0.2.0/24` range, known as TEST-NET-1, is typically used for documentation and examples. We will respond with the same exact domain name, effectively creating an immediate loop. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:<0-255>.<0-255>.<0-255>.10.in-addr.arpa
@@ -1108,7 +1111,7 @@ Sample: ``` ### PTR alias loop 2 (198.51.100.0/24) -Requesting a reverse DNS record for any IP address within the `198.51.100.0/24` network range (e.g., a `PTR` record for `x.100.51.198.in-addr.arpa`). The `198.51.100.0/24` range, known as TEST-NET-2, is typically used for documentation and examples. We will respond with incremented domain name, cycling through addresses from `198.51.100.0` to `198.51.100.255` indefinitely, effectively creating a loop. :exclamation:**BEWARE**:exclamation:This could potentially lead to a domain lock-up (DoS). +Requesting a reverse DNS record for any IP address within the `198.51.100.0/24` network range (e.g., a `PTR` record for `x.100.51.198.in-addr.arpa`). The `198.51.100.0/24` range, known as TEST-NET-2, is typically used for documentation and examples. We will respond with incremented domain name, cycling through addresses from `198.51.100.0` to `198.51.100.255` indefinitely, effectively creating a loop. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS).
format:<0-255>.2.0.192.in-addr.arpa
@@ -1140,6 +1143,75 @@ Sample: ;; WHEN: Fri Jul 12 10:58:36 +04 2024 ;; MSG SIZE rcvd: 86 +``` +# NAPTR (Name Authority Pointer) +### NAPTR ENUM random N aliases (1...e164.arpa) +Requesting to translate an `E.164` telephone number ending with the digit `1` (e.g., a `NAPTR` record for `1.2.3.4.5.6.7.8.e164.arpa` in reverse). The response will be a `SIP` service `URI` pointing to another random `E.164` telephone number, also ending with the digit `1`. If the resolver/client chooses to resolve this further, it will result in the generation of yet another alias. While `NAPTR` `ENUM` records do not contain aliases like `CNAME` records, this could achieve similar results by prompting the client to perform consecutive queries to resolve it. Responding with multiple records (aliases) at once is also supported. :warning:**BEWARE**:warning:This can potentially lead to amplification effect (DoS) or domain lock-up (DoS). + +
format:<0-255>.100.51.198.in-addr.arpa
+ + + + +
format:1.<NUMBER>.*.e164.arpa
example:dig NAPTR 1.e164.arpa @127.0.0.1
example:dig NAPTR 1.1.2.3.4.5.e164.arpa @127.0.0.1
example:dig NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1
+ +Sample: +``` +# dig NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1 + +; <<>> DiG 9.18.10-2-Debian <<>> NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1 +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29740 +;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;1.5.2.3.4.5.6.7.8.e164.arpa. IN NAPTR + +;; ANSWER SECTION: +1.5.2.3.4.5.6.7.8.e164.arpa. 60 IN NAPTR 0 0 "U" "E2U+sip" "!^.*$!1.5.4.1.4.8.0.0.4.7.1.e164.arpa!" . +1.5.2.3.4.5.6.7.8.e164.arpa. 60 IN NAPTR 0 0 "U" "E2U+sip" "!^.*$!1.5.9.8.1.3.1.8.9.5.2.e164.arpa!" . +1.5.2.3.4.5.6.7.8.e164.arpa. 60 IN NAPTR 0 0 "U" "E2U+sip" "!^.*$!1.5.5.0.3.7.6.0.3.4.3.e164.arpa!" . +1.5.2.3.4.5.6.7.8.e164.arpa. 60 IN NAPTR 0 0 "U" "E2U+sip" "!^.*$!1.5.9.7.9.1.4.1.0.3.5.e164.arpa!" . +1.5.2.3.4.5.6.7.8.e164.arpa. 60 IN NAPTR 0 0 "U" "E2U+sip" "!^.*$!1.5.3.0.9.4.3.3.9.5.9.e164.arpa!" . + +;; Query time: 0 msec +;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) +;; WHEN: Tue Sep 24 10:24:56 +04 2024 +;; MSG SIZE rcvd: 375 + +``` +### NAPTR ENUM alias loop (2...e164.arpa) +Requesting to translate an `E.164` telephone number ending with the digit `2` (e.g., a `NAPTR` record for `2.3.4.5.6.7.8.9.e164.arpa` in reverse). The response will be a `SIP` service `URI` pointing to the same exact `E.164` telephone number, effectively creating a direct loop. While `NAPTR` `ENUM` records do not contain aliases like `CNAME` records, this could achieve similar results by prompting the client to perform consecutive queries to resolve it. :warning:**BEWARE**:warning:This could potentially lead to a domain lock-up (DoS). + + + + + + +
format:2.*.e164.arpa
example:dig NAPTR 2.e164.arpa @127.0.0.1
example:dig NAPTR 2.1.2.3.4.5.e164.arpa @127.0.0.1
example:dig NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1
+ +Sample: +``` +# dig NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1 + +; <<>> DiG 9.18.10-2-Debian <<>> NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa @127.0.0.1 +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 169 +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;2.5.2.3.4.5.6.7.8.e164.arpa. IN NAPTR + +;; ANSWER SECTION: +2.5.2.3.4.5.6.7.8.e164.arpa. 60 IN NAPTR 0 0 "U" "E2U+sip" "!^.*$!2.5.2.3.4.5.6.7.8.e164.arpa!" . + +;; Query time: 0 msec +;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) +;; WHEN: Tue Sep 24 10:24:56 +04 2024 +;; MSG SIZE rcvd: 107 + ``` ## diff --git a/modules/alias.toml b/modules/alias.toml index 8fe676e..a64f714 100644 --- a/modules/alias.toml +++ b/modules/alias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("alias"): # Send multiple random aliases in any of CNAME/DNAME/HTTPS/SVCB/SRV/MX/NS/SPF(TXT) record types # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/cnalias.toml b/modules/cnalias.toml index 3918d1b..d27fa46 100644 --- a/modules/cnalias.toml +++ b/modules/cnalias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("cnalias"): # Send multiple random CNAME aliases # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/dnalias.toml b/modules/dnalias.toml index befe18a..649c82e 100644 --- a/modules/dnalias.toml +++ b/modules/dnalias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("dnalias"): # Send multiple random DNAME aliases # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/htalias.toml b/modules/htalias.toml index dcbba99..d4ecc6b 100644 --- a/modules/htalias.toml +++ b/modules/htalias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("htalias"): # Send multiple random HTTPS aliases (RFC 9460). # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/mxalias.toml b/modules/mxalias.toml index eceeec3..e28fb62 100644 --- a/modules/mxalias.toml +++ b/modules/mxalias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("mxalias"): # Send multiple random MX aliases # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/nptenumalias.toml b/modules/nptenumalias.toml new file mode 100644 index 0000000..4173522 --- /dev/null +++ b/modules/nptenumalias.toml @@ -0,0 +1,65 @@ +[module] +name = "nptenumalias" +type = "feature" +info = "NAPTR ENUM random N aliases" +desc = "Respond with N number of NAPTR ENUM records containing random E.164 phone numbers (aliases) in SIP service URI. BEWARE: This could result in multiplication." +author = "ivan.jedek@oryxlabs.com" +category = "Aliases, loops and chains" + +code = ''' + elif req.first_subdomain == "1" and req.full_domain.endswith(".e164.arpa"): + # Requesting to translate an E.164 telephone number ending with the digit 1 (e.g., a NAPTR + # record for 1..e164.arpa in reverse). The response will be a SIP service URI + # pointing to another random E.164 telephone number also ending with the digit 1 (leading + # here again, producing another alias). While NAPTR ENUM records do not contain aliases + # like CNAME records, this could achieve similar results by prompting the client to + # perform consecutive queries to resolve it. + # BEWARE: This could result in multiplication + + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 + + # figure out the ending part of the domain which is not a number any more + # in order to preserve the parameters if any + for i, part in enumerate(req.subdomains): + if not part.isnumeric(): + dom_end = '.' + '.'.join(req.subdomains[i:]) + break + else: + dom_end = req.full_domain + + ### DNS header ######## + buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) + ### QUESTION SECTION ######## + if resp.noq: buffer += convDom2Bin(req.full_domain) + req.type_bin + req.class_bin + ### ANSWER SECTION ######## + doms = [] + for i in range(answers): + random_number = random.getrandbits(30) % 1000000000 + new_dom = '1.' + str(answers) + '.' + '.'.join(str(random_number)) + dom_end + order = 0 + pref = 0 + flags = b'U' # Flags = "U" (URI) + service = b'E2U+sip' # Service = SIP + regex = bytes("!^.*$!" + new_dom + "!", "utf-8") + replacement = b'\x00' + + data_len = 2+2+1+len(flags)+1+len(service)+1+len(regex)+len(replacement) + buffer += b'\xc0\x0c' if resp.compress else convDom2Bin(req.full_domain) ## Name + buffer += getTypeBin("NAPTR") + getClassBin("IN") + buffer += struct.pack(">L", resp.TTL) ## TTL + buffer += struct.pack(">H", data_len) ## Data length (2B) + buffer += struct.pack(">H", order) ## Order (2B) + buffer += struct.pack(">H", pref) ## Preference (2B) + buffer += struct.pack(">B", len(flags)) ## Flags Length (1B) + buffer += flags ## Flags + buffer += struct.pack(">B", len(service)) ## Service Length (1B) + buffer += service ## Service + buffer += struct.pack(">B", len(regex)) ## Regex Length (1B) + buffer += regex ## Regex + buffer += replacement ## Replacement + doms.append(new_dom) + # log and send + log("%d NAPTR ENUM aliases: %s" % (answers, ', '.join(map(str, doms[:3])) + (', ...' if answers > 3 else ''))) + send_buf(self, buffer) + ##################################################################### +''' diff --git a/modules/nptenumloop.toml b/modules/nptenumloop.toml new file mode 100644 index 0000000..4054f9b --- /dev/null +++ b/modules/nptenumloop.toml @@ -0,0 +1,48 @@ +[module] +name = "nptenumloop" +type = "feature" +info = "NAPTR ENUM alias loop" +desc = "Respond with N number of NAPTR ENUM records containing random E.164 phone numbers (aliases) in SIP service URI. BEWARE: This could result in multiplication." +author = "ivan.jedek@oryxlabs.com" +category = "Aliases, loops and chains" + +code = ''' + elif req.first_subdomain == "2" and req.full_domain.endswith(".e164.arpa"): + # Requesting to translate an E.164 telephone number ending with the digit 2 (e.g., a NAPTR + # record for 2..e164.arpa in reverse). The response will be a SIP service URI + # pointing to the same exact E.164 telephone number, effectively creating a direct loop. + # While NAPTR ENUM records do not contain aliases like CNAME records, this could achieve + # similar results by prompting the client to perform consecutive queries to resolve it. + # BEWARE: This could potentially lead to a domain lock-up (DoS) + + ### DNS header ######## + buffer = prep_dns_header(b'\x84\x00', req.QURR, 1, 0, 0) + ### QUESTION SECTION ######## + if resp.noq: buffer += convDom2Bin(req.full_domain) + req.type_bin + req.class_bin + ### ANSWER SECTION ######## + order = 0 + pref = 0 + flags = b'U' # Flags = "U" (URI) + service = b'E2U+sip' # Service = SIP + regex = bytes("!^.*$!" + req.full_domain + "!", "utf-8") + replacement = b'\x00' + + data_len = 2+2+1+len(flags)+1+len(service)+1+len(regex)+len(replacement) + buffer += b'\xc0\x0c' if resp.compress else convDom2Bin(req.full_domain) ## Name + buffer += getTypeBin("NAPTR") + getClassBin("IN") + buffer += struct.pack(">L", resp.TTL) ## TTL + buffer += struct.pack(">H", data_len) ## Data length (2B) + buffer += struct.pack(">H", order) ## Order (2B) + buffer += struct.pack(">H", pref) ## Preference (2B) + buffer += struct.pack(">B", len(flags)) ## Flags Length (1B) + buffer += flags ## Flags + buffer += struct.pack(">B", len(service)) ## Service Length (1B) + buffer += service ## Service + buffer += struct.pack(">B", len(regex)) ## Regex Length (1B) + buffer += regex ## Regex + buffer += replacement ## Replacement + # log and send + log("NAPTR ENUM loop %s" % (req.full_domain)) + send_buf(self, buffer) + ##################################################################### +''' diff --git a/modules/nsalias.toml b/modules/nsalias.toml index 0a8eae2..7cbeea0 100644 --- a/modules/nsalias.toml +++ b/modules/nsalias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("nsalias"): # Send multiple random NS aliases # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/spfalias1.toml b/modules/spfalias1.toml index d04c004..028e2ab 100644 --- a/modules/spfalias1.toml +++ b/modules/spfalias1.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("spfalias1"): # Send multiple SPF (TXT) records with a random alias in the include parameter # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/spfalias2.toml b/modules/spfalias2.toml index 1babdc2..b0ecb5f 100644 --- a/modules/spfalias2.toml +++ b/modules/spfalias2.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("spfalias2"): # Send a single SPF (TXT) record with multiple random aliases included one by one # BEWARE: This could result in multiplication - aliases = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + aliases = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 buffer = b'' answers = [] doms = [] diff --git a/modules/sralias.toml b/modules/sralias.toml index 42b8c07..aba292e 100644 --- a/modules/sralias.toml +++ b/modules/sralias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("sralias"): # Send multiple random SRV aliases (RFC 2782). # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## @@ -36,7 +36,7 @@ code = ''' log("%d SRV aliases: %s" % (answers, ', '.join(map(str, doms[:3])) + (', ...' if answers > 3 else ''))) send_buf(self, buffer) ##################################################################### - elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("sralias") or req.subdomains_lc[2].startswith("sralias") or req.subdomains_lc[3].startswith("sralias")): + elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("sralias") or req.subdomains_lc[2].startswith("sralias") or (len(req.subdomains_lc) > 3 and req.subdomains_lc[3].startswith("sralias"))): # Send multiple random SRV aliases (RFC 2782) for any domain name with attribute leaves # (domains prefixed with an underscore), up to 3 levels e.g., '_sub._service._proto.sralias...' # BEWARE: This could result in multiplication @@ -45,7 +45,7 @@ code = ''' offset = 2 # _a._b.sralias.10.yourdomain.com elif req.subdomains_lc[3].startswith("sralias"): offset = 3 # _a._b._c.sralias.10.yourdomain.com - answers = int(req.subdomains[offset+1]) if req.subdomains[offset+1].isnumeric() else 3 + answers = int(req.subdomains[offset+1]) if req.subdomains[offset+1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/srchain.toml b/modules/srchain.toml index 1a54c17..8b5582b 100644 --- a/modules/srchain.toml +++ b/modules/srchain.toml @@ -31,7 +31,7 @@ code = ''' log("SRV %s" % (new_domain_name)) send_buf(self, buffer) ##################################################################### - elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("srchain") or req.subdomains_lc[2].startswith("srchain") or req.subdomains_lc[3].startswith("srchain")): + elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("srchain") or req.subdomains_lc[2].startswith("srchain") or (len(req.subdomains_lc) > 3 and req.subdomains_lc[3].startswith("srchain"))): # Send incremented SRV alias record for any domain name with attribute leaves (domains # prefixed with an underscore), up to 3 levels e.g., '_sub._service._proto.srchain...' new_domain_name = increment_chain(req.full_domain) diff --git a/modules/srloop.toml b/modules/srloop.toml index f9e4310..300f762 100644 --- a/modules/srloop.toml +++ b/modules/srloop.toml @@ -54,7 +54,7 @@ if req.first_subdomain.startswith("srloop"): log("SRV LOOP %s" % (new_domain_name)) send_buf(self, buffer) ##################################################################### -elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("srloop") or req.subdomains_lc[2].startswith("srloop") or req.subdomains_lc[3].startswith("srloop")): +elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("srloop") or req.subdomains_lc[2].startswith("srloop") or (len(req.subdomains_lc) > 3 and req.subdomains_lc[3].startswith("srloop"))): # Do an alias loop in a SRV record for any domain name with attribute leaves (domains # prefixed with an underscore), up to 3 levels e.g., '_sub._service._proto.srloop...' diff --git a/modules/svalias.toml b/modules/svalias.toml index b8151f6..5c7d509 100644 --- a/modules/svalias.toml +++ b/modules/svalias.toml @@ -10,7 +10,7 @@ code = ''' elif req.first_subdomain.startswith("svalias"): # Send multiple random SVCB aliases (RFC 9460). # BEWARE: This could result in multiplication - answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 3 + answers = int(req.subdomains[1]) if req.subdomains[1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## @@ -33,7 +33,7 @@ code = ''' log("%d SVCB aliases: %s" % (answers, ', '.join(map(str, doms[:3])) + (', ...' if answers > 3 else ''))) send_buf(self, buffer) ##################################################################### - elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("svalias") or req.subdomains_lc[2].startswith("svalias") or req.subdomains_lc[3].startswith("svalias")): + elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("svalias") or req.subdomains_lc[2].startswith("svalias") or (len(req.subdomains_lc) > 3 and req.subdomains_lc[3].startswith("svalias"))): # Send multiple random SVCB aliases (RFC 9460) for any domain name with attribute leaves # (domains prefixed with an underscore), up to 3 levels e.g., '_sub._service._proto.svalias...' # BEWARE: This could result in multiplication @@ -42,7 +42,7 @@ code = ''' offset = 2 # _a._b.svalias.10.yourdomain.com elif req.subdomains_lc[3].startswith("svalias"): offset = 3 # _a._b._c.svalias.10.yourdomain.com - answers = int(req.subdomains[offset+1]) if req.subdomains[offset+1].isnumeric() else 3 + answers = int(req.subdomains[offset+1]) if req.subdomains[offset+1].isnumeric() else 1 ### DNS header ######## buffer = prep_dns_header(b'\x84\x00', req.QURR, answers, 0, 0) ### QUESTION SECTION ######## diff --git a/modules/svchain.toml b/modules/svchain.toml index 11e14d8..c177af9 100644 --- a/modules/svchain.toml +++ b/modules/svchain.toml @@ -28,7 +28,7 @@ code = ''' log("SVCB %s" % (new_domain_name)) send_buf(self, buffer) ##################################################################### - elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("svchain") or req.subdomains_lc[2].startswith("svchain") or req.subdomains_lc[3].startswith("svchain")): + elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("svchain") or req.subdomains_lc[2].startswith("svchain") or (len(req.subdomains_lc) > 3 and req.subdomains_lc[3].startswith("svchain"))): # Send incremented SVCB alias (RFC 9460) for any domain name with attribute leaves (domains # prefixed with an underscore), up to 3 levels e.g., '_sub._service._proto.svchain...' new_domain_name = increment_chain(req.full_domain) diff --git a/modules/svloop.toml b/modules/svloop.toml index fb713ed..67f4408 100644 --- a/modules/svloop.toml +++ b/modules/svloop.toml @@ -50,7 +50,7 @@ if req.first_subdomain.startswith("svloop"): log("SVCB LOOP %s" % (new_domain_name)) send_buf(self, buffer) ##################################################################### -elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("svloop") or req.subdomains_lc[2].startswith("svloop") or req.subdomains_lc[3].startswith("svloop")): +elif req.subdomains[0][0:1] == "_" and (req.subdomains_lc[1].startswith("svloop") or req.subdomains_lc[2].startswith("svloop") or (len(req.subdomains_lc) > 3 and req.subdomains_lc[3].startswith("svloop"))): # Do an alias loop in a SVCB record (SvcPriority 0) for any domain name with attribute leaves # (domains prefixed with an underscore), up to 3 levels e.g., '_sub._service._proto.svloop...' diff --git a/polardns.py b/polardns.py index 387bc8d..c78e602 100644 --- a/polardns.py +++ b/polardns.py @@ -15,7 +15,7 @@ import time import os -polardns_version = "1.4" +polardns_version = "1.5.0" ################################ @@ -1361,7 +1361,7 @@ def process_DNS(self, req): time.sleep(resp.sleep) close_conn(self) ##################################################################### - elif req.sld_tld_domain not in OURDOMAINS and req.sld_tld_domain != "in-addr.arpa": + elif req.sld_tld_domain not in OURDOMAINS and req.tld != "arpa": # We are NOT authoritative, send Refused log("Refused") ### DNS header ######## diff --git a/test/test.sh b/test/test.sh index 3ccd9a8..0710d02 100755 --- a/test/test.sh +++ b/test/test.sh @@ -39,7 +39,8 @@ process_dig_output() { | ${SED} -E 's/(CNAME|DNAME|HTTPS|SVCB|SRV|MX|NS|TXT)(.*)(:|\s|cn|dn|ht|sv|sr|mx|ns|spf)alias[0-9]+\./\1\2\3alias\./g' \ | ${SED} -e 's/alias[0-9]\+/alias/g;s/\(\.10\.in-addr\.arpa\..*PTR\s*\)[0-9]\+\.[0-9]\+\./\1../g' \ | ${SED} -e '0,/^\([0-9a-f]\{2\} \)\{16\} /s/^\([0-9a-f]\{2\} \)\{2\}\(\([0-9a-f]\{2\} \)\{14\} *\)[^ ][^ ]/TX ID \2ID/1' \ - | ${SED} -e "s/#${target_port}/#53/g;s/${target_ip}/127\.0\.0\.1/g;s/^\(size.*127\.0\.0\.\).*$/\1/g" + | ${SED} -e "s/#${target_port}/#53/g;s/${target_ip}/127\.0\.0\.1/g;s/^\(size.*127\.0\.0\.\).*$/\1/g" \ + | ${SED} -e 's/!1\.\([0-9]\+\.\)\+\(e164\.arpa!" \.\)/!1..\2/' } # for real test @@ -239,23 +240,23 @@ runtest "TXT chain.${domain}" "02e31b6ab5075f04699529dd85f16679" runtest "TXT chain99.${domain}" "0aee55d513ec80310b908c0f1a5c456e" # alias.toml -runtest "alias.${domain}" "e6813e79a8755929823c994fd0dbce18" +runtest "alias.${domain}" "ce7bd619257e138c7db137c41d752555" runtest "alias.100.${domain}" "84fdc516a13d5121b58a1aa2b1875243" -runtest "CNAME alias.${domain}" "3bfc75f1a4f4e01f9b5efc7ba21be69c" +runtest "CNAME alias.${domain}" "244b9ebc758ea3da0a633764e976c01a" runtest "CNAME alias.100.${domain}" "9dec29c7af977b8aa7e51aefe2826885" -runtest "DNAME alias.${domain}" "6ff1547c0171229499057ba8ea2a16bf" +runtest "DNAME alias.${domain}" "bb8bc62273a7e51da884cb327c0efb74" runtest "DNAME alias.100.${domain}" "b284a5cfa1562b3ad60fe5b9301594be" -runtest "HTTPS alias.${domain}" "981ddd84d1f4132181c36423639b3a4f" +runtest "HTTPS alias.${domain}" "a639c1510f12544a9ea423fde1a3613b" runtest "HTTPS alias.100.${domain}" "93215ba787d46339d81fd0d38435127b" -runtest "SVCB alias.${domain}" "b3f364c2c0a2fff6d846325497686444" +runtest "SVCB alias.${domain}" "b21510baee880f9b76cff861c3a1b662" runtest "SVCB alias.100.${domain}" "d352bdd680eb114fbc6bfc92417b0c05" -runtest "SRV alias.${domain}" "fb55586d8482f20bda81a0e87fb10469" +runtest "SRV alias.${domain}" "431cff9e1a47a6148a91c847d798cbbe" runtest "SRV alias.100.${domain}" "958d1ee99ed5c0b6c91f3325fc680a62" -runtest "MX alias.${domain}" "c9d618ec0ef1047b8414fa8b7ddac8e1" +runtest "MX alias.${domain}" "4bcf12f0bd3e8ec54ae905e24bc53ecd" runtest "MX alias.100.${domain}" "939b6525db13ba439bf6c64d18d57610" -runtest "NS alias.${domain}" "4b14a5df15d5b9e27c8da92acc9b306b" +runtest "NS alias.${domain}" "902541423f84c2e194f0d33e837c89da" runtest "NS alias.100.${domain}" "a3d23af1371b8a386b4effeb2284c026" -runtest "TXT alias.${domain}" "8d5fed2a02748af42a23fc78a11705ba" +runtest "TXT alias.${domain}" "b4f64b343f06957da8093ca075405445" runtest "TXT alias.100.${domain}" "ad55c52f1e2dd702f05496a96d8d0eb8" # loop.toml @@ -304,7 +305,7 @@ runtest "cnloop.5.4.${domain}" "7401177fbf72e37829034425f752d141" runtest "cnloop.5.5.${domain}" "dfb44f138a4cccdb51dfec17aa38c21e" runtest "cnchain.${domain}" "a67063e1cec9c2fa48b9c439fa015ac3" runtest "cnchain12345.${domain}" "7d30f47ee21d908939aad5246184b33d" -runtest "cnalias.${domain}" "0aea760e904c554542b08946d1969e72" +runtest "cnalias.${domain}" "3b39b37468a6b2d7286301365daa3fd0" runtest "cnalias.100.${domain}" "cb72505d4254bb863429883ba298f706" # dnloop.toml dnchain.toml dnalias.toml @@ -315,7 +316,7 @@ runtest "dnloop.5.4.${domain}" "32615500d606432cc2454c36f6e6476e" runtest "dnloop.5.5.${domain}" "d25102897d7d927d64ddafd627be9c49" runtest "dnchain.${domain}" "19728a07b463d333e41154c61b530ff7" runtest "dnchain23456.${domain}" "57dbf716f171cb662624150542b53313" -runtest "dnalias.${domain}" "4746af085d58556288ff9571f858bf20" +runtest "dnalias.${domain}" "042d069e412da44da5232edd893171e8" runtest "dnalias.100.${domain}" "4fc1f84afa0cb02001a4a1ec963dd215" # htloop.toml htchain.toml htalias.toml @@ -326,7 +327,7 @@ runtest "htloop.5.4.${domain}" "1eb2a692fa4d4ad48b0c7e232ce3f11d" runtest "htloop.5.5.${domain}" "0fb16c5e7d911a156cb3d9117e3e5c68" runtest "htchain.${domain}" "eb4622c19fc31bf5b436f862231804b4" runtest "htchain34567.${domain}" "7057a745fde8ee97ec683c1d43333053" -runtest "htalias.${domain}" "68e8c08ccf0c8aae21532b1b6eb22b8f" +runtest "htalias.${domain}" "2564e324a72791e6c321e8f352767176" runtest "htalias.100.${domain}" "2989369ad8480e66a5ee8b37ce958b20" # svloop.toml svchain.toml svalias.toml @@ -337,7 +338,7 @@ runtest "svloop.5.4.${domain}" "d0d2eb5ffa7b0b41390b3be3a9c93b50" runtest "svloop.5.5.${domain}" "e9cf80e9fb6e61b12aa3d3dcc6b81556" runtest "svchain.${domain}" "96981176645f2d8e6adc4330737f4729" runtest "svchain45678.${domain}" "87d3415f8b05bc9b442ae3cbb04be122" -runtest "svalias.${domain}" "7ae73a334724d43b93c383f5eae99fee" +runtest "svalias.${domain}" "1ec7efcf94522ad411d3952766181a33" runtest "svalias.100.${domain}" "a2ad917c064ecd540855c4ac5d7bc3a2" # # # # runtest "SVCB _sip.svloop.${domain}" "28ef4b4e5ec82b1dce46c3b4dd5079c7" @@ -347,7 +348,7 @@ runtest "_sip.svloop.5.4.${domain}" "91042dfcfa2de9e15f3d90a7937a68c4" runtest "_sip.svloop.5.5.${domain}" "02128847b193f29b2ea9cb6603b3e58a" runtest "_sip.svchain.${domain}" "d8214ee893abbb2e8510b8425b845ffe" runtest "_sip.svchain45678.${domain}" "6f337b44ceb344bbf8179474e5857e0d" -runtest "_sip.svalias.${domain}" "ad5c75042ad9a7e2ab4e919391a56a65" +runtest "_sip.svalias.${domain}" "8b7ffd37f36d25d5485af996fa5ec0d6" runtest "_sip.svalias.100.${domain}" "190195c401d1e326fb3113253fc6d1a7" # # # # runtest "SVCB _sip._udp.svloop.${domain}" "5653516a466f7716068fdbeb3bffe7bd" @@ -357,7 +358,7 @@ runtest "_sip._udp.svloop.5.4.${domain}" "58b2a0ff1a4afad715f3e961384efb97" runtest "_sip._udp.svloop.5.5.${domain}" "3772bce5c88a24f135082cdc461cb77f" runtest "_sip._udp.svchain.${domain}" "3a2340cbec3cb6e1d7e44f9c702e5fa8" runtest "_sip._udp.svchain45678.${domain}" "a2a2213995fe5566822a1fafe1b9401c" -runtest "_sip._udp.svalias.${domain}" "473e6c2d9284ca6fc0831bea4ccf61a5" +runtest "_sip._udp.svalias.${domain}" "4a13d943cd622801bff9d0ab3ecd75ca" runtest "_sip._udp.svalias.100.${domain}" "8f5a60fe2ea5443b6e5ccd65828850e4" # # # # runtest "SVCB _mobile._http._tcp.svloop.${domain}" "e2d6367eba9e6b4c59e64114b5d6117e" @@ -367,7 +368,7 @@ runtest "_mobile._http._tcp.svloop.5.4.${domain}" "458c88b17880a59478d892e80ebf2 runtest "_mobile._http._tcp.svloop.5.5.${domain}" "96fbe151500f66fe1da4a900e7da9310" runtest "_mobile._http._tcp.svchain.${domain}" "392a41e1a0a21b7f13f90a887539bfbe" runtest "_mobile._http._tcp.svchain45678.${domain}" "dc46e3e527f498ca0aee732d73e94e05" -runtest "_mobile._http._tcp.svalias.${domain}" "14313d52b3e169fabcfcfbec82798549" +runtest "_mobile._http._tcp.svalias.${domain}" "3ead2ee0d30870d8b4c0a34e7ccb7e52" runtest "_mobile._http._tcp.svalias.100.${domain}" "86794ff95c461c36152d46fee859bfdd" # srloop.toml srchain.toml sralias.toml @@ -378,7 +379,7 @@ runtest "srloop.5.4.${domain}" "52dcc5eefeae27b732f0e27063718257" runtest "srloop.5.5.${domain}" "83f252ac340011ca3da1d3b68a51f615" runtest "srchain.${domain}" "3fac8c78adced121567111311a293542" runtest "srchain67890.${domain}" "efbcd4e366a86dc8351b365783da235d" -runtest "sralias.${domain}" "4b2fcd25edfc1377833c9d8022bffd09" +runtest "sralias.${domain}" "78a5dfa97ac8deeb325d162b40ac21aa" runtest "sralias.100.${domain}" "525259d72ec2ec4a94ecc7f38ba30911" # # # # runtest "SRV _sip.srloop.${domain}" "61467329b769a077ac36292d0af3ced9" @@ -388,7 +389,7 @@ runtest "_sip.srloop.5.4.${domain}" "d56ad01f86efc693c5d6f8b25d8c9d12" runtest "_sip.srloop.5.5.${domain}" "9e6285b4f21b7c49a6c9fd7622934c88" runtest "_sip.srchain.${domain}" "921fe0e3007d88881f54057bc38c9160" runtest "_sip.srchain67890.${domain}" "98da3d5a14e2b63f18f7f9c0fd48f3ec" -runtest "_sip.sralias.${domain}" "83f705669834773be7ce9d2e6c7d89bc" +runtest "_sip.sralias.${domain}" "c648dc4ff03a758351530c195c4019bc" runtest "_sip.sralias.100.${domain}" "3b849d4d384f46657505d3fde35b4cef" # # # # runtest "SRV _sip._udp.srloop.${domain}" "8c366530c61fae8a1c46d25b9ccdb902" @@ -398,7 +399,7 @@ runtest "_sip._udp.srloop.5.4.${domain}" "44e8d63291b760482138684e3b4ca171" runtest "_sip._udp.srloop.5.5.${domain}" "7f65950fde5a26985cef4536dde7558f" runtest "_sip._udp.srchain.${domain}" "a29cc4ca6056d58ca0ce976fae86d95f" runtest "_sip._udp.srchain67890.${domain}" "ed856762ff74ca70eea1ce6c7549d5a4" -runtest "_sip._udp.sralias.${domain}" "0f3afa46c6142247be37075547b2e009" +runtest "_sip._udp.sralias.${domain}" "d638a81c3b79feb79ebc11fa57db9daa" runtest "_sip._udp.sralias.100.${domain}" "84358986791be3869540f32e9f0b37c4" # # # # runtest "SRV _mobile._http._tcp.srloop.${domain}" "655f848c5e445671df7ac5ddf13feecb" @@ -408,7 +409,7 @@ runtest "_mobile._http._tcp.srloop.5.4.${domain}" "95451482997b675a80e9d822e0c6c runtest "_mobile._http._tcp.srloop.5.5.${domain}" "37e58d4392988dec253407c85b46c853" runtest "_mobile._http._tcp.srchain.${domain}" "6f3f5e9eb0ad265f497e8413cce23dd8" runtest "_mobile._http._tcp.srchain67890.${domain}" "fece124637e8c5d58d62057e9765f52e" -runtest "_mobile._http._tcp.sralias.${domain}" "b7a5db15eae3cd6f8ff043beb665d4d9" +runtest "_mobile._http._tcp.sralias.${domain}" "854070cbd3ba3a0a2f7780e49a716aa5" runtest "_mobile._http._tcp.sralias.100.${domain}" "aeee2daec33c16c2323b72eb30a239d8" # mxloop.toml mxchain.toml mxalias.toml @@ -419,7 +420,7 @@ runtest "mxloop.5.4.${domain}" "e604bee5f98e961b0f055a4e0a22e719" runtest "mxloop.5.5.${domain}" "5384133511afc17e0fae06b613737e72" runtest "mxchain.${domain}" "80818801a011930448d561d9a4fb29bf" runtest "mxchain56789.${domain}" "af61936feffe02bc166ab1851524bba7" -runtest "mxalias.${domain}" "02abc16494f5454cc84a200d652aad1c" +runtest "mxalias.${domain}" "70b8fa6e2f4c3652d77e595e5b4836bf" runtest "mxalias.100.${domain}" "da7e74c3c698711298048289db86f116" # nsloop.toml nschain.toml nsalias.toml @@ -430,7 +431,7 @@ runtest "nsloop.5.4.${domain}" "344b742e7b1eafbc587c69b0e25f977e" runtest "nsloop.5.5.${domain}" "de294db4197f064bf8c2ef6b8774a00c" runtest "nschain.${domain}" "d88ea2d2d81f79bc7634840335201590" runtest "nschain34567.${domain}" "627fea482690fa20ec2158110200f40c" -runtest "nsalias.${domain}" "1517024d6bbb3daa58357fb8b943b8b1" +runtest "nsalias.${domain}" "2c4703fefb70ce8cde84f8f586592045" runtest "nsalias.100.${domain}" "56a825b622067378fc2adca48b624ec4" # spfloop.toml spfchain.toml spfalias1.toml spfalias2.toml @@ -441,9 +442,9 @@ runtest "spfloop.5.4.${domain}" "2aa8a364964b868b45331cbeed6c9b5c" runtest "spfloop.5.5.${domain}" "44cb2530d056240bc0439825620b2e29" runtest "spfchain.${domain}" "03f65bfa3c7523b3f358b915f686fecf" runtest "spfchain34567.${domain}" "ba919bef6f1e422e3c3266483b392a29" -runtest "spfalias1.${domain}" "ad67838271de4d25e87f059b2e26e3e9" +runtest "spfalias1.${domain}" "da474718810e7f431481d7a1527a0dda" runtest "spfalias1.100.${domain}" "c1352747ced579e2c87d84e913360a08" -runtest "spfalias2.${domain}" "b85951e3aa8b49ac7a80587b25a06c9c" +runtest "spfalias2.${domain}" "da474718810e7f431481d7a1527a0dda" runtest "spfalias2.100.${domain}" "507f72a0d217e44222d9b466199a0b66" # ptralias.toml ptrloop1.toml ptrloop2.toml @@ -454,7 +455,11 @@ runtest "-x 198.51.100.255" "db2d255697d7d9bb6c4a1ea89fc2aa5a" runtest "-x 10.255.0.0" "08e1216021f668f679b3465a3f167e75" runtest "-x 10.255.255.255" "69a465ae06caa4b05111559028395ae6" - +# nptenumalias.toml nptenumloop.toml +runtest "NAPTR 1.e164.arpa" "a87010ccacf827d8f25baa25e500324c" +runtest "NAPTR 1.5.2.3.4.5.6.7.8.e164.arpa" "8a4be74c0c43bed7650b9816f36ad3e8" +runtest "NAPTR 2.e164.arpa" "189bc66bc91938ed3c762efedea9db32" +runtest "NAPTR 2.5.2.3.4.5.6.7.8.e164.arpa" "d215ffabcbe3f63088601914c5cbf7fc" # nfz / name fuzzing runtest "alias.10.nfz0.10.${domain}" "6f99464921e173b6662ce68466f18cf9"