blechschmidt / massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
GNU General Public License v3.0
3.18k stars 469 forks source link

Mass DNS over HTTP #35

Open andrew-aladev opened 6 years ago

andrew-aladev commented 6 years ago

Hello. I want to tell you about DNS over HTTP. Some people ignores this theme. I want to promote it in terms of mass DNS resolutions.

Let we have an example:

curl -v -H 'accept: application/dns-json' 'https://dns.google.com/resolve?name=fit.com&type=A'

We are not limited to dns.google.com ip addresses. Google allows to proxify dns service via google.*, google.co.*, images.google.com, translate.google.com, etc.

curl -v --resolve dns.google.com:443:173.194.222.138 -H 'accept: application/dns-json' 'https://dns.google.com/resolve?name=fit.com&type=A'

You can "scan" google subnets and find that thousands of ip addresses could proxify DNS.

216.58.192.0/24, 216.58.193.0/24, ...
172.217.18.0/24, 172.217.19.0/24, ...
172.217.22.0/24, 172.217.23.0/24, ...

There are a holes in these subnets (for example 173.194.50.0/24), because dns.google.com cert is not compatible with some google services.

Now let me introduce cloudflare. Their subnets are the best gift ever. It looks like certificate for cloudflare-dns.com is compatible with at least 500 thousands of ip addresses.

curl -v --resolve cloudflare-dns.com:443:104.16.200.100 -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=fit.com&type=A'

104.16.0.0/16, 104.17.0.0/16, 104.18.0.0/16, ...

It is possible to accumulate several millions of endpoints and provide good load on google and cloudflare.


Disadvantages:

  1. Google and Cloudflare could ban client ip addresses if it will provide huge load on their network.
  2. DNS over HTTP is provided by these companies only.

PS Do not forget that we could process multiple DNS queries via single tcp connection before connection will become broken. "keep-alive" or HTTP/2 will improve this story.

Thank you.

alexey-milovidov commented 2 years ago

+1 to this feature.

Some cloud providers (like Hetzner) don't like it if you do a high number of DNS requests. But if you use DNS over HTTPS they have no choice.

alexey-milovidov commented 1 year ago

We need this feature.