search

blechschmidt / massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
GNU General Public License v3.0
3.08k stars 460 forks source link

Emtpy results.txt MACOSX #98

Closed Ncoder2 closed 3 years ago

Ncoder2 commented 3 years ago

Hello,

I installed massdns via brew in MacosX. It installed successfully, but when i run any command the results.txt is empty. I have tried the --root option as well.

massdns -r resolvers.txt -t AAAA -w results.txt urls.txt massdns -r resolvers.txt -t AAAA -w results.txt urls.txt --root massdns -r resolvers.txt -t AAAA -w results.txt urls.txt --root --error-log error.txt --busy-poll

resolvers.txt contains only 8.8.8.8 urls.txt contains only google.com

OUTPUT:

Processed queries: 1 Received packets: 0 Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec) Current incoming rate: 0 pps, average: 0 pps Current success rate: 0 pps, average: 0 pps Finished total: 1, success: 0 (0.00%) Mismatched domains: 0 (0.00%), IDs: 0 (0.00%) Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 100.00%, Response: | Success: | Total: OK: | 0 ( 0.00%) | 0 ( 0.00%) NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%) SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%) REFUSED: | 0 ( 0.00%) | 0 ( 0.00%) FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)

blechschmidt commented 3 years ago

I cannot reproduce this on Linux with the build configuration for macOS. Can you run Wireshark? Do you see the outgoing DNS request and the corresponding reply?

Ncoder2 commented 3 years ago

Ok. Yes, i just ran wireshark. The query gets re-transmitted multiple times and does not get a response. so does this mean there is something wrong with my installation or settings ?

blechschmidt commented 3 years ago

If the request packet is not corrupted, it means that this is likely not a massdns issue. My guess would be that your firewall, router or ISP is blocking UDP packets to 8.8.8.8:53. Can you try to see if it works with your system's default resolver (the nameserver as defined in /etc/resolv.conf) instead of 8.8.8.8 and maybe use a second tool like dig to verify the firewall assumption (dig -t AAAA @8.8.8.8 google.com)?

Ncoder2 commented 3 years ago

Ok Thank you for the information. i believe its something that's got to do with the resolver file. Its either the firewall or ISP that's blocking it. However, dig works well for me, i tried to use the -f file option, but its not going to be fast though.

blechschmidt commented 3 years ago

Does dig work for you with @8.8.8.8? If no, it is probably not a massdns issue. If dig works with 8.8.8.8, the firewall/ISP assumption is wrong.

Ncoder2 commented 3 years ago

I got one issue sorted, the ISP probably blocks DNS resolve unless you change it in your router. Until then, it's better to use the the ISP's DNS from the /etc/resolv.conf. But on the other hand the number of domains present in the list and the response received do not match, anything that can be done to ensure i receive a response for them all ?

Ncoder2 commented 3 years ago

Does dig work for you with @8.8.8.8? If no, it is probably not a massdns issue. If dig works with 8.8.8.8, the firewall/ISP assumption is wrong.

dig -t AAAA @8.8.8.8 google.com. This one does not work for me. So it's an ISP issue. When i change the resolver to the ISP's DNS it worked for me.

blechschmidt commented 3 years ago

But on the other hand the number of domains present in the list and the response received do not match, anything that can be done to ensure i receive a response for them all ?

In order to achieve a better success rate, I would suggest to dramatically decrease the value of concurrent lookups through the -s parameter (maybe start with something like 10 and move your way up), especially when using massdns on low-bandwidth networks, as massdns currently does not implement congestion control. Massdns just iterates over the domains and attempts to resolve them x times until a successful response, where x is specified by the -c parameter, so it cannot guarantee that all domains are resolved. In practice, when choosing a reasonable -s value, it should however be possible to resolve all domains unless the used resolvers employ some kind of rate-limiting mechanism.

Ncoder2 commented 3 years ago

Thank you for the information @blechschmidt ! Also, i just noticed that MAC has a "DNS server" settings in the System Preferences. I am assuming you will not be able to other domains servers until you add their IP there. This is an additional information which can help MAC users.