Flag to not discard valid SERVFAIL subdomains

d3mondev / puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

GNU General Public License v3.0

1.61k stars 151 forks source link

Flag to not discard valid SERVFAIL subdomains #22

Closed marcelo321 closed 2 years ago

marcelo321 commented 2 years ago

Wanted to ask if it would be possible to add a flag to not discard subdomains that respond to SERVFAIL? but are unique and not wildcards?

The reason is, a subdomain can be vulnerable to takeover while responding to SERVFAIL, and wanted to not discard those subdomains with puredns

d3mondev commented 2 years ago

Unfortunately the algorithm used by puredns to detect wildcards does not work when SERVFAIL is returned. This is the reason why SERVFAIL answers are discarded. I'd probably just use massdns directly to keep all SERVFAIL domains.

marcelo321 commented 2 years ago

SERVFAIL follow the same pattern that any other wildcard, if abc.domain.com is a servfail, then *.abc.domain.com will probably give servfail too, so only the first one to respond servfail should be in the output.

Would be awesome to solve it here but I understand if it goes against how puredns was built

marcelo321 commented 1 year ago

@d3mondev,

With the last version of massdns there isn't a reliable way of doing it even with massdns directly. Do you have any reccomendations?