fixed bug where NSLookup didn't respect iterative lookups

zmap · May 14, 2024 · b64e9cc · b64e9cc
1 parent 6086c6a
commit b64e9cc
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 14 deletions.
diff --git a/pkg/modules/nslookup/ns_lookup.go b/pkg/modules/nslookup/ns_lookup.go
@@ -81,7 +81,7 @@ func (nsMod *NSLookupModule) Lookup(r *zdns.Resolver, lookupName string, nameSer
 		log.Warn("iterative lookup requested with lookupName server, ignoring lookupName server")
 	}
 
-	res, trace, status, err := r.DoNSLookup(lookupName, nameServer)
+	res, trace, status, err := r.DoNSLookup(lookupName, nameServer, nsMod.IsIterative)
 	if trace == nil {
 		trace = &zdns.Trace{}
 	}

diff --git a/pkg/zdns/lookup.go b/pkg/zdns/lookup.go
@@ -86,7 +86,7 @@ func (r *Resolver) LookupAllNameservers(q *Question, nameServer string) (*Combin
 	var curServer string
 
 	// Lookup both ipv4 and ipv6 addresses of nameservers.
-	nsResults, nsTrace, nsStatus, nsError := r.DoNSLookup(q.Name, nameServer)
+	nsResults, nsTrace, nsStatus, nsError := r.DoNSLookup(q.Name, nameServer, false)
 
 	// Terminate early if nameserver lookup also failed
 	if nsStatus != STATUS_NOERROR {

diff --git a/pkg/zdns/lookup_test.go b/pkg/zdns/lookup_test.go
@@ -1359,7 +1359,7 @@ func TestNsAInAdditional(t *testing.T) {
 		IPv4Addresses: []string{"192.0.2.3"},
 		IPv6Addresses: nil,
 	}
-	res, _, _, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, _, _ := resolver.DoNSLookup("example.com", ns1, false)
 	verifyNsResult(t, res.Servers, expectedServersMap)
 }
 
@@ -1420,7 +1420,7 @@ func TestTwoNSInAdditional(t *testing.T) {
 		IPv4Addresses: []string{"192.0.2.4"},
 		IPv6Addresses: nil,
 	}
-	res, _, _, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, _, _ := resolver.DoNSLookup("example.com", ns1, false)
 	verifyNsResult(t, res.Servers, expectedServersMap)
 }
 
@@ -1470,7 +1470,7 @@ func TestAandQuadAInAdditional(t *testing.T) {
 		IPv4Addresses: []string{"192.0.2.3"},
 		IPv6Addresses: []string{"2001:db8::4"},
 	}
-	res, _, _, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, _, _ := resolver.DoNSLookup("example.com", ns1, false)
 	verifyNsResult(t, res.Servers, expectedServersMap)
 }
 
@@ -1520,7 +1520,7 @@ func TestNsMismatchIpType(t *testing.T) {
 		IPv4Addresses: nil,
 		IPv6Addresses: nil,
 	}
-	res, _, _, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, _, _ := resolver.DoNSLookup("example.com", ns1, false)
 	verifyNsResult(t, res.Servers, expectedServersMap)
 }
 
@@ -1582,7 +1582,7 @@ func TestAandQuadALookup(t *testing.T) {
 		IPv4Addresses: []string{"192.0.2.3"},
 		IPv6Addresses: []string{"2001:db8::4"},
 	}
-	res, _, _, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, _, _ := resolver.DoNSLookup("example.com", ns1, false)
 	verifyNsResult(t, res.Servers, expectedServersMap)
 }
 
@@ -1593,7 +1593,7 @@ func TestNsNXDomain(t *testing.T) {
 
 	ns1 := net.JoinHostPort(config.ExternalNameServers[0], "53")
 
-	_, _, status, _ := resolver.DoNSLookup("nonexistentexample.com", ns1)
+	_, _, status, _ := resolver.DoNSLookup("nonexistentexample.com", ns1, false)
 
 	assert.Equal(t, status, STATUS_NXDOMAIN)
 }
@@ -1610,7 +1610,7 @@ func TestNsServFail(t *testing.T) {
 	mockResults[domain_ns_1] = SingleQueryResult{}
 	protocolStatus[domain_ns_1] = STATUS_SERVFAIL
 
-	res, _, status, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, status, _ := resolver.DoNSLookup("example.com", ns1, false)
 	serversLength := len(res.Servers)
 
 	assert.Equal(t, status, protocolStatus[domain_ns_1])
@@ -1644,7 +1644,7 @@ func TestErrorInTargetedLookup(t *testing.T) {
 
 	protocolStatus[domain_ns_1] = STATUS_ERROR
 
-	res, _, status, _ := resolver.DoNSLookup("example.com", ns1)
+	res, _, status, _ := resolver.DoNSLookup("example.com", ns1, false)
 	assert.Equal(t, len(res.Servers), 0)
 	assert.Equal(t, status, protocolStatus[domain_ns_1])
 }

diff --git a/pkg/zdns/nslookup.go b/pkg/zdns/nslookup.go
@@ -15,6 +15,7 @@ package zdns
 
 import (
 	"github.com/pkg/errors"
+	log "github.com/sirupsen/logrus"
 	"github.com/zmap/dns"
 	"strings"
 )
@@ -38,9 +39,10 @@ type NSResult struct {
 }
 
 // DoNSLookup performs a DNS NS lookup on the given name against the given name server.
-func (r *Resolver) DoNSLookup(lookupName, nameServer string) (*NSResult, *Trace, Status, error) {
-	if len(nameServer) == 0 {
-		return nil, nil, "", errors.New("no name server provided for NS lookup")
+func (r *Resolver) DoNSLookup(lookupName, nameServer string, isIterative bool) (*NSResult, *Trace, Status, error) {
+	if !isIterative && len(nameServer) == 0 {
+		nameServer = r.randomExternalNameServer()
+		log.Info("no name server provided for external NS lookup, using random external name server: ", nameServer)
 	}
 	if len(lookupName) == 0 {
 		return nil, nil, "", errors.New("no name provided for NS lookup")
@@ -50,7 +52,12 @@ func (r *Resolver) DoNSLookup(lookupName, nameServer string) (*NSResult, *Trace,
 	var ns *SingleQueryResult
 	var status Status
 	var err error
-	ns, trace, status, err = r.ExternalLookup(&Question{Name: lookupName, Type: dns.TypeNS, Class: dns.ClassINET}, nameServer)
+	if isIterative {
+		ns, trace, status, err = r.IterativeLookup(&Question{Name: lookupName, Type: dns.TypeNS, Class: dns.ClassINET})
+	} else {
+		ns, trace, status, err = r.ExternalLookup(&Question{Name: lookupName, Type: dns.TypeNS, Class: dns.ClassINET}, nameServer)
+
+	}
 
 	var retv NSResult
 	if status != STATUS_NOERROR || err != nil {