Git Product home page Git Product logo

broken-dns's Introduction

Broken DNS

Broken delegation (Also known as Lame Delegation) checking at scale!

Building

Requires go1.18+.

$ go build

Running

Usage of ./lame-dns:
  -expected-ns string
        comma-separated list of domains which we expect nameservers to be under, findings are logged otherwise
  -list string
        comma-separated list of domain lists
  -parallel uint
        number of worker threads to use (default 10)
  -verbose
        show verbose messages

Examples

$ ./lame-dns -list domain_list.txt -expected-ns googledomains.com,google.com,markmonitor.com,google

Findings

Results are printed to stdout, and any logs, errors, or debug messages are printed to stderr. You can pipe these to different files to save each independently. ex: ./lame-dns $ARGS >results.txt 2>results.log.

Findings:

  • ERROR: server: an unexpected error occurred while sending the DNS query to a specific nameserver on every retry attempt
  • varying responses: one (or more) of the nameservers did not return all of the records the other nameservers for the name returned.
  • ERROR querying authoritative: an unexpected error occurred while sending parallel requests to all authoritative nameservers. (this error will likely also include a more specific ERROR: server: as well)
  • unexpected difference in nameservers: authoritative nameservers returned different results from parent non-authoritative nameservers
    • > extra nameservers returned by authoritative NS: if any of the authoritative nameservers returned any new or unexpected nameservers, they will be printed here
  • lame delegation: a lame delegation was found, meaning a domain's NS records to not point to authoritative servers
  • unexpected nameserver: only displayed with -expected-ns and one of the input domains nameservers are not subdomains of -expected-ns

Performance

The speed will largely depend on the argument to -parallel. The only real bottleneck is network latency, so this program can be extremely fast if given enough workers. However, if there are a lot of network errors, especially for any of the apex/parent/tld nameservers, then it will slow down considerably as these requests are retried.

Verifying Findings

You can use the following dig command to roughly verify the results of this program. The +trace flag is similar, but not quite as through as the tests this program performs. To check for Authoritative responses, look for the aa flag in the dig response output.

dig +trace +question +qr +comments +nodnssec -t NS -q $DOMAIN

broken-dns's People

Contributors

techguyalex avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

lanrat cyberflamego bettsy24

broken-dns's Issues

Security Policy violation Binary Artifacts

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

  • lame-dns

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.