search

d3mondev / puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
GNU General Public License v3.0
1.73k stars 160 forks source link

PureDNS stucks at "Validating domains against trusted resolvers" #16

Closed proabiral closed 3 years ago

proabiral commented 3 years ago

PureDNS stucks at Validating domains against trusted resolvers when all domains from the list are filtered out by wildcard detection or no domain resolves .

Examples :

echo "nxdomain.facebook.com" | puredns resolve

echo "wildcard.paypal.com" | puredns resolve

d3mondev commented 3 years ago

I'm unable to reproduce on my side. Do you have any additional information to repro the issue?

$ echo "nxdomain.facebook.com" | puredns resolve
                          _
                         | |
 _ __  _   _ _ __ ___  __| |_ __  ___
| '_ \| | | | '__/ _ \/ _` | '_ \/ __|
| |_) | |_| | | |  __/ (_| | | | \__ \
| .__/ \__,_|_|  \___|\__,_|_| |_|___/
| |
|_|                     puredns v2.0.1

Fast and accurate DNS resolving and bruteforcing

Crafted with <3 by @d3mondev
https://github.com/sponsors/d3mondev

------------------------------------------------------------
[+] Mode                 : resolve
[+] File                 : stdin
[+] Resolvers            : resolvers.txt
[+] Rate Limit           : unlimited
[+] Rate Limit (Trusted) : 500 qps
[+] Wildcard Threads     : 100
[+] Wildcard Tests       : 3
------------------------------------------------------------

Resolving domains with public resolvers
Processed: 1 Rate: 1 Elapsed: 00:00:00

Detecting wildcard root subdomains
[ETA 00:00:00] |░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░| 0/0 queries: 0 (time: 00:00:00)

Validating domains against trusted resolvers
Processed: 0 Rate: 0 Elapsed: 00:00:00

No valid domains remaining.

Same thing with wildcard.paypal.com (and wildcard.paypal.cn).

d3mondev commented 3 years ago

Does dig @8.8.8.8 nxdomain.facebook.com work for you? puredns uses 8.8.8.8 as a trusted resolver by default. If the IP is banned or blocked from accessing 8.8.8.8, it's possible that the wildcard detection and validation doesn't work as expected.

The solution would be to specify a file containing alternative trusted resolvers with --resolvers-trusted and adjust the rate limit with --rate-limit-trusted. 9.9.9.10 would be a viable alternative, with a much lower rate limit (I would guess with a maximum of 20-50 queries per second).

d3mondev commented 3 years ago

I was able to simulate a hang of ~20-30 seconds against paypal.cn by blocking access to 8.8.8.8 and 8.8.4.4 with a firewall. This could point toward the IP being banned by Google's DNS servers. In my experience, this is usually a temporary ban.

If you run multiple instances of puredns at the same time, make sure to lower the default --rate-limit-trusted value to avoid hitting the hard limit of queries per second accepted by Google, which seem to be about 1500 QPS according to https://developers.google.com/speed/public-dns/docs/isp. The default value in puredns is 500.

Let me know if there's anything else I can do to help.

proabiral commented 3 years ago

@d3mondev ,

Thank you for such a quick and detailed response.

Seems like this was caused by a bug in massdns rather than puredns. Updating the massdns to latest version fixed the issue.

Thank you once again for the help and creating such an awesome tool.

d3mondev commented 3 years ago

Good to know! Thanks for linking the original issue!