darkoperator / dnsrecon

DNS Enumeration Script
GNU General Public License v2.0
2.65k stars 543 forks source link

[Bug] dnspython error while running against sites with DNSSEC enabled #267

Open elkhvn opened 8 months ago

elkhvn commented 8 months ago

Feature Request or Bug or Other The error message: dns.message.TrailingJunk: The DNS packet passed to from_wire() has extra junk at the end of it.

The system information:

> uname -a
Linux kali 6.6.9-arm64 #1 SMP Kali 6.6.9-1kali1 (2024-01-08) aarch64 GNU/Linux

The version of dnsrecon and dnspython:

> dnsrecon --version
DNSRecon version 1.1.5 ( http://www.darkoperator.com )

> dpkg -l | grep dnspython
ii  python3-dnspython                                           2.6.1-1                                   all          DNS toolkit for Python 3

The reproduction of the bug:

> dnsrecon -d hackersploit.org
[*] std: Performing General Enumeration against: hackersploit.org...
[*] DNSSEC is configured for hackersploit.org
Traceback (most recent call last):
  File "/usr/bin/dnsrecon", line 7, in <module>
    __main__.main()
  File "/usr/share/dnsrecon/dnsrecon/cli.py", line 1885, in main
    std_enum_records = general_enum(res, domain, xfr, bing, yandex,
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/dnsrecon/dnsrecon/cli.py", line 1154, in general_enum
    dns_sec_check(domain, res)
  File "/usr/share/dnsrecon/dnsrecon/cli.py", line 1050, in dns_sec_check
    nsectype = get_nsec_type(domain, res)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/dnsrecon/dnsrecon/cli.py", line 1035, in get_nsec_type
    answer = get_a_answer(res, target, res._res.nameservers[0], res._res.timeout)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/dnsrecon/dnsrecon/cli.py", line 1428, in get_a_answer
    answer = res.query(query, ns, timeout)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/dnsrecon/dnsrecon/lib/dnshelper.py", line 113, in query
    return dns.query.udp(q, target_server, timeout, port, af, source, source_port, False, one_rr_per_rrset)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/.local/lib/python3.11/site-packages/dns/query.py", line 721, in udp
    (r, received_time) = receive_udp(
                         ^^^^^^^^^^^^
  File "/home/kali/.local/lib/python3.11/site-packages/dns/query.py", line 633, in receive_udp
    r = dns.message.from_wire(
        ^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/.local/lib/python3.11/site-packages/dns/message.py", line 1367, in from_wire
    m = reader.read()
        ^^^^^^^^^^^^^
  File "/home/kali/.local/lib/python3.11/site-packages/dns/message.py", line 1266, in read
    raise TrailingJunk
dns.message.TrailingJunk: The DNS packet passed to from_wire() has extra junk at the end of it.
L1ghtn1ng commented 8 months ago

Will have a look at this tomorrow

L1ghtn1ng commented 8 months ago

I cannot reproduce this with the installed kali version version or from what is in git, the only thing I can think of is this is a local issue with either your network or ISP. image