Problem with multiple filter option.

[0xd0m7]

Hi ! i am seeing that filter option does not return any result for some states, by other hand it's not possible to choose multiple filters. For example, how can filter NXDOMAIN,SERVFAIL and REFUSED only ignoring OK or NOERROR status and dump them into a file?. What i am missing?

Thanks in advance.

[blechschmidt]

You can either use the --filter option multiple times, i. e. --filter NXDOMAIN --filter SERVFAIL --filter REFUSED to only output packets with these response codes or you can use --ignore NOERROR in order to output all packets except those with a NOERROR code (NOERROR is the canonical name of the status code for packets considered to be OK). I don't see any case in which you would want to use --filter and --ignore at the same time.

[0xd0m7]

@blechschmidt thanks for your quick response! But it seems that i missing something yet. For example when i add --filter NOERROR option massdns generated a 0byte output file. And it seems that does not me show me domains with SERVFAIL, NXDOMAIN, or REFUSED state in this file. This is that i am waiting when i add this option. How can I extract these domains in a list?

This is the command that i am using: cat domains | dnsgen - | massdns -r resolver.txt -t A -o S -w output.txt --ignore NOERROR

Output

-rw-r--r--  1 root root      0 ago 21 09:05 output.txt

Thanks in advance

[blechschmidt]

I think I can see the problem now. By default, the simple text output mode only outputs records, not full packets. For this reason, if you ignore NOERROR responses, your responses will probably consist of packets without DNS records. In this case, nothing will printed.

Consider using the ndjson output format or -o Srni (or any other combination of flags for the simple output mode causing the DNS question to be printed) instead of -o S.

Unfortunately, the "simple" output mode ended up being not simple at all.