UDP Packet Hack

Warren Kumari warren at kumari.net
Wed Jun 22 01:46:48 UTC 2016

Sorry, but isn't this almost exactly the same question which you asked
in: https://lists.isc.org/pipermail/bind-users/2016-June/097012.html
("Append a Hard-coded Text Tuple into Additional Section of "dig"
Feature") ? And "Query "resolver" and "lwresd" via "dig"" ?

Perhaps if you explained what you are actually trying to *accomplish*,
and *why*, people here might be able to provide you with a more useful

dig simply performs DNS queries and displays the results. It provides
some knobs, like the ability to specify the server to query, to set
specific flags, etc, but fundamentally it is just a client with
performs DNS lookups and prints the results.

       dig (domain information groper) is a flexible tool for
interrogating DNS name servers. It performs DNS lookups and displays
the answers that are
       returned from the name server(s) that were queried. Most DNS
administrators use dig to troubleshoot DNS problems because of its
flexibility, ease of
       use and clarity of output. Other lookup tools tend to have less
functionality than dig."

If you want to stuff some other information into the additional
section (almost definitely a bad idea!) you will first need a good,
fundamental understanding of how the DNS works -- I'd suggest you
start of by reading "DNS and BIND" by Cricket -

There are many things you will need to know first, like, who do you
want to include this? The authoritative server or the recursive? Who
is going to consume this additional information?

As I said, a much clearer explanation of what you want to actually
accomplish, and why, will allow people to provide useful answers...


On Tue, Jun 21, 2016 at 9:06 PM, Jun Xiang X Tee <jtee at purdue.edu> wrote:
> Dear all,
>   I am working on hacking UDP packets returned to "dig" client. I wish to
> include some extra information about the "digged" domain (e.g.,
> facebook.com) at Additional Section of "dig" reply in TXT format. The ideal
> result is to be able to see the hacked UDP packets having the extra
> information using tools such as Wireshark.
>   For the past two weeks, I have searched through many articles online and
> asked many people on how to do this, but I am still confused on where "dig"
> gets the UDP packets from. Below are my questions:
>   (1) Does "dig" get its UDP packets from "named" server? Or "lwresd"
> server? Or others?
>   (2) For hacking purpose, I should work on BIND9 source codes. I don't need
> to install BIND9 using "apt-get install", right?
>   (3) Lastly, the most important question: How should I configure DNS server
> for "dig"?
>         What I am doing now is going into "bin/dig" folder and run something
> like "./dig google.com".
>         I think what I should do is "./dig @chosen_DNS_server google.com",
> but I do not know how to configure the server.
>   It will be great if someone can shed some lights on my questions. I have
> stuck for two weeks with zero progress, and have already thought about
> switching to another software. Haha. Thanks!
> Regards,
> Jun Xiang Tee
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the bind-users mailing list