search

GlobalCyberAlliance / domain-security-scanner

Scan domains and receive advice based on their BIMI, DKIM, DMARC, and SPF records
https://dmarcguide.globalcyberalliance.org/
Apache License 2.0
132 stars 26 forks source link

DnsBuffer default size to small #18

Closed tinohager closed 11 months ago

tinohager commented 11 months ago

I just did a test with microsoft.com here it did not show me the SPF. only after adjusting the size of the buffer it worked. Is there a reason why the default limit here is 1024?

FAILURE docker run ghcr.io/globalcyberalliance/domainsecurityscanner/domainsecurityscanner:latest scan microsoft.com -a

WORK docker run ghcr.io/globalcyberalliance/domainsecurityscanner/domainsecurityscanner:latest scan microsoft.com -a --dnsBuffer 4000

wolveix commented 11 months ago

Hey. At 1024, it's double the RFC spec's default buffer. In our own testing when using the scanner against a list of 1000 domains, the buffer ended up being too small for 3 of them.

As this value is configurable, I don't think there's any need for us to adjust the default value further

wolveix commented 11 months ago

@tinohager you can see a small discussion around it in #15

tinohager commented 11 months ago

I understand that, would it be possible to issue a warning if the buffer was too small for the answer?

wolveix commented 11 months ago

That would be great to have! I'll look into whether it's doable, thanks

wolveix commented 11 months ago

Hey @tinohager, really appreciate the suggestions! I was able to implement automatic retries with a larger buffer size (4096), along with a message when this happens. Thanks again!