Assume I am a firewall between client and server. If the client sends a DNS query with UDP, I should response this query with set the truncated flag=1. As a result, the client will be forced to use TCP instead of UDP.
Is it possible to generate such UDP responses and how?
Truncated simply means that the packet was larger then the client expected. E.g. if the client expects only 512 bytes by doing recv(fd,buf,512,0) but the message is larger the recv will fail because the message does not fit. With the flag MSG_TRUNC the client can get the truncated message, but not the full message because it does not fit in the allocated buffer.
That means truncated is not a property of the packet itself and can thus not be set at the firewall. At most you could generate a response which is larger than the client probably expects and thus trigger the truncation. But to do this you would need some application level code which generates a response which matches the DNS question, a simple packet filtering firewall can not do this.
EDIT: There is a TC flag in the message header which indicates that the message was too large for the indicated transport and was thus truncated (i.e. greater than 512 byte for UDP unless EDNS is used). Thus it should be possible to create such a packet. But to make the response packet match the request packet you still need application level filtering, that is a simple packet filter is not enough.
Apart from that the whole question sounds more like either a constructed problem without practical relevance or like an XY problem, i.e. the real problem your are trying to solve is something different.
