Some time ago I published a post called DNS Test Names & Resource Records which lists many different FQDNs with lots of different RRs. You can use those public available DNS names to test your DNS servers or the like. However, I was missing a packet capture showing all these resource records as they appear on the wire. So now, here it is. If you are searching for some packets to test your tools for whatever reason, feel free to download this pcap.
Some Notes
- I was basically looking up every single hostname that I listed in this blogpost.
- I was using “host” to query A and AAAA records simultaneously and “dig” for more specific RRs. (Yes, I could do everything with each of them. But now I have some variance in the trace as well.)
- However, I ran into some issues with “host”. For example,
host 64aaaa.weberdns.de 2620:fe::fe
was not working; error message “;; connection timed out; no servers could be reached”. Probably due to my intermediate firewall (Palo Alto Networks) or the used IPv6 Tunnel Broker?!? (I have looked up the counters on Palo Alto, but no drops. So probably due to the 6in4 tunnel broker?) Wireshark shows some “malformed DNS” packets. With dig, it was workingdig 64aaaa.weberdns.de @2620:fe::fe aaaa
. Anyway, I let those falsified connections in the trace as well. That’s life. ;) - Since I am generally more interested in IPv6 rather than legacy IP, I issued all queries via IPv6 and IPv4. This should give a wide range of different DNS packets in the trace file.
- I was using the recursive DNS servers from Quad9, for IPv6 (2620:fe::fe) as well as for legacy IP (9.9.9.9).
- For some reason, I had problems querying Quad9 for “RRSIG” resource records.
dig @2620:fe::fe many-rrs.weberdns.de rrsig
let to SERVFAIL responses in some situations, while others worked. Don’t know why as well. - I did not specify whether UDP or TCP shall be used. I simply let the tools decide.
- I end up with 71 queries for each Internet Protocol, that is, 142 queries in total. ;) And since “host” queries A/AAAA/MX records for each FQDN, there are even more queries in the final trace.
- I used a capture filter with tcpdump with only the hosts rather than “port 53” or the like to omit this reported filter issue in which IP fragments were not captured.
Download
This is the pcap as well as the PuTTY log during the requests, 7zipped, 35 kb:
Opening the trace with Wireshark you’ll find many different queries for many different RRs:
And, as already noted above, not everything worked without any problems:
DNS Queries
This is the full list of all queries. (You already have the complete session log from all queries, since it is within the download section above.)
###### Legacy IP ###### host ttl-0s.weberdns.de 9.9.9.9 host ttl-1s.weberdns.de 9.9.9.9 host ttl-1m.weberdns.de 9.9.9.9 host ttl-30d.weberdns.de 9.9.9.9 host ttl-52w.weberdns.de 9.9.9.9 host ttl-max.weberdns.de 9.9.9.9 dig @9.9.9.9 loop.weberdns.de dig @9.9.9.9 cnamex.weberdns.de dig @9.9.9.9 cname1.weberdns.de host 16a.weberdns.de 9.9.9.9 host 16aaaa.weberdns.de 9.9.9.9 host 16dual.weberdns.de 9.9.9.9 host 32a.weberdns.de 9.9.9.9 host 32aaaa.weberdns.de 9.9.9.9 host 32aaaa-long.weberdns.de 9.9.9.9 host 32dual.weberdns.de 9.9.9.9 host 32dual-long.weberdns.de 9.9.9.9 host 64a.weberdns.de 9.9.9.9 host 64aaaa.weberdns.de 9.9.9.9 host 64dual.weberdns.de 9.9.9.9 host many-rrs.weberdns.de 9.9.9.9 dig @9.9.9.9 many-rrs.weberdns.de aaaa dig @9.9.9.9 many-rrs.weberdns.de a dig @9.9.9.9 many-rrs.weberdns.de caa dig @9.9.9.9 many-rrs.weberdns.de nsec dig @9.9.9.9 many-rrs.weberdns.de rrsig dig @9.9.9.9 many-rrs.weberdns.de sshfp dig @9.9.9.9 many-rrs.weberdns.de apl dig @9.9.9.9 many-rrs.weberdns.de loc dig @9.9.9.9 many-rrs.weberdns.de rp dig @9.9.9.9 many-rrs.weberdns.de txt host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.weberdns.de 9.9.9.9 host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.weberdns.de 9.9.9.9 host sub1.weberdns.de 9.9.9.9 host sub2.sub1.weberdns.de 9.9.9.9 host sub3.sub2.sub1.weberdns.de 9.9.9.9 host sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9 host sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9 host sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9 host sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9 host sub8.sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9 host xn--bergrssentrger-gib5zmd.weberdns.de 9.9.9.9 host xn--heizlrckstossabdmpfung-g5b33b6e.weberdns.de 9.9.9.9 host xn--ser-0ma.weberdns.de 9.9.9.9 host xn--fan-2na.weberdns.de 9.9.9.9 host xn--fnf-hoa.weberdns.de 9.9.9.9 host xn--dsire-bsad.weberdns.de 9.9.9.9 host xn--hr-yia.weberdns.de 9.9.9.9 host xn--yourt-l1a.weberdns.de 9.9.9.9 host xn--0cabeeefjijjmm4zxa8aa0byb0b1b6b5byc5b0cycxc6czc5c4c.weberdns.de 9.9.9.9 host xn--ddabeekggjjjx59c0ay7a7a9dtb0a6a6b4b7f2bxcwc1e0cvc8c7c.weberdns.de 9.9.9.9 host xn--ss-xja9aehhiki25gyaz3a4a6a7a3bzb4b8b5b3bzcxczc1c1c2ewc3c.weberdns.de 9.9.9.9 dig @9.9.9.9 _sip._tcp.weberdns.de srv dig @9.9.9.9 ip-documentation.weberdns.de apl dig @9.9.9.9 host-dane-self.weberdns.de rp dig @9.9.9.9 host-dnssec.weberdns.de hinfo dig @9.9.9.9 weberdns.de soa dig @9.9.9.9 weberdns.de ns dig @9.9.9.9 weberdns.de mx dig @9.9.9.9 weberdns.de caa dig @9.9.9.9 weberdns.de loc dig @9.9.9.9 weberdns.de dnskey dig @9.9.9.9 weberdns.de ds dig @9.9.9.9 a.weberdns.de +dnssec dig @9.9.9.9 a.weberdns.de nsec dig @9.9.9.9 sshfp.net nsec3param dig @9.9.9.9 foobar.sshfp.net +dnssec dig @9.9.9.9 _25._tcp.mail.weberdns.de tlsa dig @9.9.9.9 1d4b41c9db9172e5f151e4a5fe3c57ca3f98b8e6ba807450b10d1897._openpgpkey.weberdns.de openpgpkey dig @9.9.9.9 -x 1.1.1.1 dig @9.9.9.9 -x 2606:4700:4700::1111 ###### IPv6 ###### host ttl-0s.weberdns.de 2620:fe::fe host ttl-1s.weberdns.de 2620:fe::fe host ttl-1m.weberdns.de 2620:fe::fe host ttl-30d.weberdns.de 2620:fe::fe host ttl-52w.weberdns.de 2620:fe::fe host ttl-max.weberdns.de 2620:fe::fe dig @2620:fe::fe loop.weberdns.de dig @2620:fe::fe cnamex.weberdns.de dig @2620:fe::fe cname1.weberdns.de host 16a.weberdns.de 2620:fe::fe host 16aaaa.weberdns.de 2620:fe::fe host 16dual.weberdns.de 2620:fe::fe host 32a.weberdns.de 2620:fe::fe host 32aaaa.weberdns.de 2620:fe::fe host 32aaaa-long.weberdns.de 2620:fe::fe host 32dual.weberdns.de 2620:fe::fe host 32dual-long.weberdns.de 2620:fe::fe host 64a.weberdns.de 2620:fe::fe host 64aaaa.weberdns.de 2620:fe::fe host 64dual.weberdns.de 2620:fe::fe host many-rrs.weberdns.de 2620:fe::fe dig @2620:fe::fe many-rrs.weberdns.de aaaa dig @2620:fe::fe many-rrs.weberdns.de a dig @2620:fe::fe many-rrs.weberdns.de caa dig @2620:fe::fe many-rrs.weberdns.de nsec dig @2620:fe::fe many-rrs.weberdns.de rrsig dig @2620:fe::fe many-rrs.weberdns.de sshfp dig @2620:fe::fe many-rrs.weberdns.de apl dig @2620:fe::fe many-rrs.weberdns.de loc dig @2620:fe::fe many-rrs.weberdns.de rp dig @2620:fe::fe many-rrs.weberdns.de txt host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.weberdns.de 2620:fe::fe host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.weberdns.de 2620:fe::fe host sub1.weberdns.de 2620:fe::fe host sub2.sub1.weberdns.de 2620:fe::fe host sub3.sub2.sub1.weberdns.de 2620:fe::fe host sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe host sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe host sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe host sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe host sub8.sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe host xn--bergrssentrger-gib5zmd.weberdns.de 2620:fe::fe host xn--heizlrckstossabdmpfung-g5b33b6e.weberdns.de 2620:fe::fe host xn--ser-0ma.weberdns.de 2620:fe::fe host xn--fan-2na.weberdns.de 2620:fe::fe host xn--fnf-hoa.weberdns.de 2620:fe::fe host xn--dsire-bsad.weberdns.de 2620:fe::fe host xn--hr-yia.weberdns.de 2620:fe::fe host xn--yourt-l1a.weberdns.de 2620:fe::fe host xn--0cabeeefjijjmm4zxa8aa0byb0b1b6b5byc5b0cycxc6czc5c4c.weberdns.de 2620:fe::fe host xn--ddabeekggjjjx59c0ay7a7a9dtb0a6a6b4b7f2bxcwc1e0cvc8c7c.weberdns.de 2620:fe::fe host xn--ss-xja9aehhiki25gyaz3a4a6a7a3bzb4b8b5b3bzcxczc1c1c2ewc3c.weberdns.de 2620:fe::fe dig @2620:fe::fe _sip._tcp.weberdns.de srv dig @2620:fe::fe ip-documentation.weberdns.de apl dig @2620:fe::fe host-dane-self.weberdns.de rp dig @2620:fe::fe host-dnssec.weberdns.de hinfo dig @2620:fe::fe weberdns.de soa dig @2620:fe::fe weberdns.de ns dig @2620:fe::fe weberdns.de mx dig @2620:fe::fe weberdns.de caa dig @2620:fe::fe weberdns.de loc dig @2620:fe::fe weberdns.de dnskey dig @2620:fe::fe weberdns.de ds dig @2620:fe::fe a.weberdns.de +dnssec dig @2620:fe::fe a.weberdns.de nsec dig @2620:fe::fe sshfp.net nsec3param dig @2620:fe::fe foobar.sshfp.net +dnssec dig @2620:fe::fe _25._tcp.mail.weberdns.de tlsa dig @2620:fe::fe 1d4b41c9db9172e5f151e4a5fe3c57ca3f98b8e6ba807450b10d1897._openpgpkey.weberdns.de openpgpkey dig @2620:fe::fe -x 1.1.1.1 dig @2620:fe::fe -x 2606:4700:4700::1111
That’s it. God bless!