some subdomain contains "?." via using recon.py

blechschmidt / massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

GNU General Public License v3.0

3.03k stars 456 forks source link

some subdomain contains "?." via using recon.py #154

Closed RaiderZP closed 2 days ago

RaiderZP commented 1 week ago

Hi,

When I used recon.py to brute force the subdomain, I found that the some subdomains of results contain "?.", for example: "?.xxx.xxx.com". I think it is not a vilid subdomain, it should be a bug. My command is: python recon.py -d xxxxx.com -l /dicts/subdomains_dicts/n0kovo_subdomains_large.txt >../../results/booking_large.txt

blechschmidt commented 1 week ago

This is a limitation of the recon.py script, which is documented inside the script:

Limitation: Zone delegation is only handled up to the delegation point. For example, if example.org is enumerated and sub.example.org is delegated to another name server, abc.sub.example.org will not be found by this script if "abc.sub" is contained in the word list. However, this script will report this fact as ?.sub.example.org in this case.

RaiderZP commented 2 days ago

noted and thanks!