On the tcpreplay FAQ, Why doesn't my application see packets replayed over loopback?, it is explained that a lot of people have a tough time of replaying traffic to the loopback interface for a variety of reasons (OS dependent). The *BSD world typically use tap0 instead to send traffic to, but there is not much out there explaining how to do this on a Linux box. These instructions explain how to do just this.

Firstly, no one should be in the business of spamming the LAN/Internet with spoofed packets, so we need a mechanism to route reply traffic safely to a blackholing interface (dummy0). It turns out that using DROP in an iptables OUTPUT chain results in userland seeing EPERM. This can be done rather straight forwardly with:

ORIGIP=1.2.3.4
ip addr add $ORIGIP/32 dev lo
ip link set dev dummy0 up

tc qdisc add dev eth0 handle 1:0 root prio
tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 match ip src $ORIGIP action mirred egress redirect dev dummy0
tcpdump -i dummy0 -n -p

N.B. if you do not mind spamming the local LAN (do not let this traffic leak onto the Internet!) then you can skip the step above

Now, finally to send packets out over the loopback interface you need to have zero'd out the ethernet addresses (as this is L2, there is no need to redo the checksum in L3):

tcpreplay-edit --enet-dmac=00:00:00:00:00:00 --enet-smac=00:00:00:00:00:00 dns.queries.pcap

You should now see traffic going 'out' into the lo interface and the reply traffic appearing on dummy0.