I passed parsing compressed DNS without actually implementing it

So I passed parsing compressed DNS without actually implementing it. I tried many ways to send compressed DNS packets to my server. But nothing seems to work. My best try was this script.

from scapy.all import *
from scapy.layers.dns import DNS, DNSQR

dns_server = '127.0.0.1'
port = 2053


dns_questions = DNSQR(qname='google.com', qtype='A') / DNSQR(qname='google.com', qtype='MX')


compressed_packet = DNS(rd=1, qdcount=3, qd=dns_questions).compress()

stack = (
    IP(dst=dns_server) /
    UDP(sport=RandShort(), dport=port) /
    compressed_packet
)

response = sr1(stack)

response.show()

Please help if anyone were able to send compressed packet for testing purpose.

Also, scapy is not parsing my response as DNS packet

CleanShot 2025-01-12 at 18.27.25@2x964×162 5.61 KB

I’ll take a look and get back to you by Monday.

Hi @sjsakib, thanks for highlighting the issue! It seems an oversight on our end.

We’ll work on improving our tester to better handle this scenario and keep you updated once it’s fixed.

If you still need to test your implementation, here are the exact bytes for the request:

b’q\xa5\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x03abc\x11longassdomainname\x03com\x00\x00\x01\x00\x01\x03def\xc0\x10\x00\x01\x00\x01’

I had the same thoughts. Is it really possible to send a compressed query? (Perhaps in advanced cases, but I’m not sure.)

In a single question, there is only one domain name, so there’s nothing to compress. I believe compression applies only to DNS responses. When sending a response, both the Question and Answer sections are present, and the domain name is repeated across them, creating an opportunity for compression. However, since this stage doesn’t require sending a compressed response, it’s possible to pass it without actually implementing compression.