Score:0

iptables: can't drop incoming DNS responses containing a specific IP address

cy flag

I want to drop incoming DNS responses that contain 10.10.34.35. How can I do that?

I tried to it this way:

iptables -I INPUT -m udp -p udp --sport 53 -m string --algo kmp --hex-string '|31 30 02 31 30 02 33 34 02 33 35|' -j DROP

But it simply doesn't drop them and I still receive them. However simply doing iptables -I INPUT -m udp -p udp --sport 53 -j DROP blocks all of them coming from port 53, but I want to select a portion of them which contain 10.10.34.35 as a response.

Score:4
cn flag

First, DNS uses UDP and TCP.

Second, the wire representation of an A record is defined in RFC 1035 as such:

3.4.1. A RDATA format

    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
    |                    ADDRESS                    |
    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

where:

ADDRESS         A 32 bit Internet address.

So an IPv4 address is not encoded as a string as you are attempting to match, but as a 32bits integer, so with the values 10, 10, 34, 35

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.