From 012081eed2c6b859fb515eb719006811df5a30c7 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Mon, 1 May 2017 17:28:56 -0400
Subject: [PATCH 1/2] Added support for ANY queries. Silently ignore
 unsupported queries instead of spamming stdout.

---
 .../auxiliary/spoof/llmnr/llmnr_response.rb   | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/spoof/llmnr/llmnr_response.rb b/modules/auxiliary/spoof/llmnr/llmnr_response.rb
index 136f0963cf..304c784987 100644
--- a/modules/auxiliary/spoof/llmnr/llmnr_response.rb
+++ b/modules/auxiliary/spoof/llmnr/llmnr_response.rb
@@ -98,8 +98,27 @@ attr_accessor :sock, :thread
           :type => ::Net::DNS::AAAA,
           :address => (spoof.ipv6? ? spoof : spoof.ipv4_mapped).to_s
         )
+      when ::Net::DNS::ANY
+        # For ANY queries, respond with both an A record as well as an AAAA.
+        dns_pkt.answer << ::Net::DNS::RR::A.new(
+          :name => name,
+          :ttl => datastore['TTL'],
+          :cls => ::Net::DNS::IN,
+          :type => ::Net::DNS::A,
+          :address => spoof.to_s
+        )
+        dns_pkt.answer << ::Net::DNS::RR::AAAA.new(
+          :name => name,
+          :ttl => datastore['TTL'],
+          :cls => ::Net::DNS::IN,
+          :type => ::Net::DNS::AAAA,
+          :address => (spoof.ipv6? ? spoof : spoof.ipv4_mapped).to_s
+        )
+      when ::Net::DNS::PTR
+        # Sometimes PTR queries are received. We will silently ignore them.
+        next
       else
-        print_warning("#{rhost.to_s.ljust 16} llmnr - Unknown RR type, this shouldn't happen. Skipping")
+        print_warning("#{rhost.to_s.ljust 16} llmnr - Unknown RR type (#{question.qType.to_i}), this shouldn't happen. Skipping")
         next
       end
     end

From cf74cb81a731bfa098dfbf83b5051885d84b7d47 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Wed, 3 May 2017 09:02:05 -0400
Subject: [PATCH 2/2] Removed unnecessary 'msf/core' include.

---
 modules/auxiliary/spoof/llmnr/llmnr_response.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/auxiliary/spoof/llmnr/llmnr_response.rb b/modules/auxiliary/spoof/llmnr/llmnr_response.rb
index 304c784987..74fd90ac66 100644
--- a/modules/auxiliary/spoof/llmnr/llmnr_response.rb
+++ b/modules/auxiliary/spoof/llmnr/llmnr_response.rb
@@ -3,7 +3,6 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-require 'msf/core'
 require 'socket'
 require 'ipaddr'
 require 'net/dns'