Add a proper `--all-nameservers` implementation #485

phillip-stephens · 2024-12-16T19:32:08Z

Resolves #352 , #302, and #362

Overview

Starting with the set of all root nameservers, query all nameservers with an NS query and collect their responses.
From these responses, gather the next layer's unique nameservers
Query the next layer's nameservers. Repeat steps 1-3 until we no longer get any new new servers (are at the leaf nodes)
Do one final query with the caller's query type to the set of leaf nameservers

This allows us to handle cases where the leaf nameservers store additional nameservers for the given domain, as was pointed out in #352 with dumalinao.gov.ph.

Limitations

Cannot handle CNAMEs where the names point to by the CNAME is in a different zone. In this way, we'd be similar to dig +trace

$ dig -t A cname-chain-10.zdns-testing.com +trace +nodnssec  

; <<>> DiG 9.10.6 <<>> -t A cname-chain-10.zdns-testing.com +trace +nodnssec
;; global options: +cmd
.                       506109  IN      NS      f.root-servers.net.
.                       506109  IN      NS      j.root-servers.net.
.                       506109  IN      NS      b.root-servers.net.
.                       506109  IN      NS      c.root-servers.net.
.                       506109  IN      NS      g.root-servers.net.
.                       506109  IN      NS      a.root-servers.net.
.                       506109  IN      NS      k.root-servers.net.
.                       506109  IN      NS      d.root-servers.net.
.                       506109  IN      NS      h.root-servers.net.
.                       506109  IN      NS      i.root-servers.net.
.                       506109  IN      NS      m.root-servers.net.
.                       506109  IN      NS      l.root-servers.net.
.                       506109  IN      NS      e.root-servers.net.
;; Received 823 bytes from 192.168.254.254#53(192.168.254.254) in 24 ms

com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
;; Received 859 bytes from 202.12.27.33#53(m.root-servers.net) in 81 ms

zdns-testing.com.       172800  IN      NS      ns-cloud-c1.googledomains.com.
zdns-testing.com.       172800  IN      NS      ns-cloud-c2.googledomains.com.
zdns-testing.com.       172800  IN      NS      ns-cloud-c3.googledomains.com.
zdns-testing.com.       172800  IN      NS      ns-cloud-c4.googledomains.com.
;; Received 354 bytes from 192.42.93.30#53(g.gtld-servers.net) in 42 ms

cname-chain-10.zdns-testing.com. 300 IN CNAME   cname-chain-11.esrg.stanford.edu.
;; Received 106 bytes from 216.239.36.108#53(ns-cloud-c3.googledomains.com) in 34 ms

We don't currently have the CNAME following as you would have with the normal --iterative mode

$ dig -t A cname-chain-10.zdns-testing.com +nodnssec  

;; ANSWER SECTION:
cname-chain-10.zdns-testing.com. 187 IN CNAME   cname-chain-11.esrg.stanford.edu.
cname-chain-11.esrg.stanford.edu. 83935 IN CNAME cname-chain-12.zdns-testing.com.
cname-chain-12.zdns-testing.com. 187 IN A       1.2.3.4

Testing

Sanity-checked with test domains - example.com, google.com, zdns-testing.com, and dumalinao.gov.ph (per #352)

Ran larger scan with decent success rate -

00h:02m:01s; Scan Complete; 1000 names scanned; 8.25 names/sec; 91.9% success rate; NOERROR: 919, ERROR: 45, TIMEOUT: 36

Github Gist for example.com

… query type

…e IPv4/v6 addr for a given nameserver

phillip-stephens added 29 commits November 26, 2024 18:06

add domain name to root servers default

96a721e

start the all nameservers, for a single layer

0461fe9

working for google.com

aae77d0

example.com working

6b90b7a

external lookups working

1ee507c

gate --all-nameservers for all specialty CLI modules and add comments

539a89e

Clarify behavior in --help for all-nameservers and --name-servers

3560621

handle endless loop with next layer

0a95c87

add integration test

04d3dec

fixed up comments

7c5bda9

fixed up comments

ff63bd6

added context to function defs

c179870

First unit test passing

4adff9f

added another unit test, 2 .com NSes and one fails

501dafc

fixed up another test

a7f3798

handle the extra sibling NS case that issue 352 brings up

45a7842

remove comment

6cff29f

bug fixes, query for all leaf NSes first, then followup with original…

2882d83

… query type

lint/tests

6b6e93d

integration tests

12ba0ae

fix over-zealous replace operation

e065f93

sort for consistent unit test

524dc06

add timeout error to all-nameservers

d2d8625

handle de-duplicating nameservers by name, ensureing we only query on…

6583c6f

…e IPv4/v6 addr for a given nameserver

Merge branch 'main' into phillip/362-all-nameservers

05179af

PR cleanup

a1c4e8b

don't error for CNAME referrals, we won't implement this

d4885d2

cleanup

657ddf7

up timeouts on integration tests

82f146e

phillip-stephens linked an issue Dec 18, 2024 that may be closed by this pull request

all-nameservers flag weird output #302

Closed

phillip-stephens linked an issue Dec 18, 2024 that may be closed by this pull request

Fix LookupAllNameservers to look up all name servers at all levels, not just the top-most level #362

Closed

phillip-stephens marked this pull request as ready for review December 18, 2024 18:47

phillip-stephens requested a review from a team as a code owner December 18, 2024 18:47

phillip-stephens requested a review from zakird December 18, 2024 18:48

zakird approved these changes Dec 18, 2024

View reviewed changes

zakird merged commit bf4aac1 into main Dec 18, 2024
3 checks passed

zakird deleted the phillip/362-all-nameservers branch December 18, 2024 19:28

phillip-stephens mentioned this pull request Dec 20, 2024

[Bug] Using ZDNS with --all-nameservers --iterative produces empty output #482

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a proper `--all-nameservers` implementation #485

Add a proper `--all-nameservers` implementation #485

phillip-stephens commented Dec 16, 2024 •

edited

Loading

Add a proper --all-nameservers implementation #485

Add a proper --all-nameservers implementation #485

Conversation

phillip-stephens commented Dec 16, 2024 • edited Loading

Overview

Limitations

Testing

Add a proper `--all-nameservers` implementation #485

Add a proper `--all-nameservers` implementation #485

phillip-stephens commented Dec 16, 2024 •

edited

Loading