DNS response not accepted by DNS client

Question

I am working on creating a fake DNS response for my homework.

I am able to successfully send the spoofed response before the actual response of the DNS server (verified by packet capture)

Packet capture of DNS responses:

=======================================================================
MY FAKE DNS RESPONSE
--------------------
Wed Apr 20 22:04:25 2016    Ether-type: IP (0x0800) 
Source MAC Address:  00:0c:29:b6:95:c8  Destination MAC Address: 00:0c:29:0f:e9:96
Source IP Address: 192.168.88.132   Destination IP Address: 192.168.88.131 
UDP packet  Source Port: 53     Destn Port: 37837   UDP Length = 46
============
UDP PAYLOAD:
============
2d  97  81  80  00  01  00  01  00  00  00  00  02  69  6e      -............in
05  79  61  68  6f  6f  03  63  6f  6d  00  00  01  00  01      .yahoo.com.....
c0  0c  00  01  00  01  00  00  02  58  00  04  9b  21  11      .........X...!.
44      D........X...!.


=======================================================================
ACTUAL DNS RESPONSE
-------------------
Wed Apr 20 22:04:25 2016    Ether-type: IP (0x0800) 
Source MAC Address:  00:50:56:e9:cd:36  Destination MAC Address:  00:0c:29:0f:e9:96
Source IP Address: 192.168.88.2     Destination IP Address: 192.168.88.131 
UDP packet  Source Port: 53     Destn Port: 37837   UDP Length = 89
============
UDP PAYLOAD:
============
2d  97  81  80  00  01  00  03  00  00  00  00  02  69  6e      -............in
05  79  61  68  6f  6f  03  63  6f  6d  00  00  01  00  01      .yahoo.com.....
c0  0c  00  05  00  01  00  00  00  05  00  0f  06  66  64      .............fd
2d  66  70  32  03  77  67  31  01  62  c0  0f  c0  2a  00      -fp2.wg1.b...*.
01  00  01  00  00  00  05  00  04  62  8b  b7  18  c0  2a      .........b....*
00  01  00  01  00  00  00  05  00  04  62  8b  b4  95      ..........b...*


=======================================================================

As you can see my fake response is arriving before the actual DNS response. But for some reason, the DNS client always accepts the later (genuine) response.

Questions:

1. Why is my DNS response not accepted by DNS client even when it arrives before the actual one ?
2. Is it because of erroneous DNS response packet format ?
3. Is it because the IP address of fake response is different from actual one ?
4. Are there any DNS client debugs/logs which can help me find out why my response is not accepted by DNS client ?
5. Any other reason ?

The debug output is from Ubuntu 14.04

I am really stuck with this problem for 3 days and I am not able to figure out the reason. Any help is appreciated :)

Answer 1

In order for your fake DNS response to work properly, first: the UDP destination port, the DNS transaction ID, and the domain name being requested, must match the client request. I assume you already did this properly.

However, as mentioned by Stian, the DNS response source IP address must match the legitimate DNS server IP address; if not, it is dropped by the client. (AFAIK, the source MAC address does not need to match though.)

In order to set the source IP address by yourself, you need to create a RAW IP socket instead of a UDP socket, and forge a full UDP packet (fake DNS response) using a RAW IP packet. You can find here code snippets to create such a RAW IP socket and forge a UDP packet from RAW (including UDP checksum).