PolarDNS Tool Enables Security Research by Generating Malformed and Non-Compliant DNS Responses

by ddos · October 17, 2025

PolarDNS is a specialized authoritative DNS server written in Python 3.x, originally developed as a tool for security testing of DNS recursive resolvers from the server-side.

It allows the operator to produce custom DNS responses, making it suitable for in-depth DNS protocol testing purposes.

PolarDNS can be used for testing of:

DNS resolvers (server-side)
DNS clients
DNS libraries
DNS parsers and dissectors
any software handling DNS information

It supports both UDP and TCP protocols, and it gives the operator full control over the DNS protocol layer.

PolarDNS server can produce variety of non-standard and non-compliant DNS responses, DNS responses violating the RFC specifications, including highly abnormal and malformed DNS responses.

This can be useful for:

Functional testing
RFC compliance
Vulnerability research

PolarDNS functionalities

PolarDNS has the following main functionalities:

Features: These can produce various DNS responses. Most features have parameters, meaning that it is possible to adjust their behavior to produce variety of different DNS responses.
Response modifiers: These can further modify the DNS responses coming out from the PolarDNS server. Modifiers are independent on the selected feature and can be combined freely.

There are over 70 different features and 19 response modifiers currently implemented. By using different features and combining them together with different response modifiers, it is possible to produce countless variants of given response.

See the included catalogue of all implemented features and response modifiers.

This gives PolarDNS capacity to produce highly unusual, abnormal, and even malformed DNS responses, allowing the operator to see how the receiving side handles such situations and whether the receiving side is technically robust and mature.

Some examples of DNS responses which PolarDNS can produce contain: