search

domainr / dnsr

Iterative DNS resolver for Go (golang).
MIT License
125 stars 23 forks source link

Partial or empty TXT answers #111

Closed Miniwoffer closed 11 months ago

Miniwoffer commented 11 months ago

First off great lib, okay so when I do resolver.ResolveCtx(ctx, "google.com.", "TXT") I get 6 TXT records:

Resolver settings:

var resolver *dnsr.Resolver = dnsr.NewResolver(dnsr.WithTimeout(5*time.Second), dnsr.WithCache(10000), dnsr.WithExpiry())
==================== Test output for //ogcode/services/certificate-bot/lib/resolver:resolver_test:
╭─── resolve("google.com.", "TXT", 1)
│   ╭─── resolve("google.com.", "NS", 2)
│   │   ╭─── resolve("com.", "NS", 3)
    X    29ms (T- 4999ms): dig +norecurse @b.root-servers.net. com. NS  # rmsg: NOERROR Answer: 0 NS: 13 Extra: 12 == CANCELED ==
X    26ms (T- 4990ms): dig +norecurse @a.gtld-servers.net. one.com. NS  # rmsg: NOERROR Answer: 0 NS: 2 Extra: 0 == CANCELED ==
│   │   │    9ms (T- 4999ms): dig +norecurse @e.root-servers.net. com. NS  # rmsg: NOERROR Answer: 0 NS: 13 Extra: 15
│   │   ╰─── 9ms: resolve("com.", "NS", 3) # [26]RR = NS(com.)=a.gtld-servers.net. NS(com.)=b.gtld-servers.net. ...
│   │    7ms (T- 4990ms): dig +norecurse @b.gtld-servers.net. google.com. NS  # rmsg: NOERROR Answer: 0 NS: 4 Extra: 8
│   ╰─── 17ms: resolve("google.com.", "NS", 2) # [8]RR = NS(google.com.)=ns2.google.com. NS(google.com.)=ns1.google.com. ...
        X    29ms (T- 4999ms): dig +norecurse @b.root-servers.net. com. NS  # rmsg: NOERROR Answer: 0 NS: 13 Extra: 12 == CANCELED ==
    X    26ms (T- 4990ms): dig +norecurse @a.gtld-servers.net. google.com. NS  # rmsg: NOERROR Answer: 0 NS: 4 Extra: 8 == CANCELED ==
│    36ms (T- 4982ms): dig +norecurse @ns1.google.com. google.com. TXT  # rmsg: NOERROR Answer: 6 NS: 0 Extra: 0
╰─── 54ms: resolve("google.com.", "TXT", 1) # [10]RR = TXT(google.com.)=google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o TXT(google.com.)=MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB ...
TXT google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o
TXT MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB
TXT facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95
TXT globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=
TXT docusign=1b0a6754-49b1-4db5-8540-d2c12664b289
TXT apple-domain-verification=30afIBcvSuDV2PLX
NS ns2.google.com.
NS ns1.google.com.
NS ns3.google.com.
NS ns4.google.com.

but if i try dig i get a lot more TXT records

> dig +norecurse +short @ns2.google.com. google.com. TXT
"docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
"docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
"globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
"MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
"webexdomainverification.8YX6G=6e6922db-e3e6-4a36-904e-a805c28087fa"
"facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
"google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
"atlassian-domain-verification=5YjTmWmjI92ewqkx2oXmBaD60Td9zWon9r6eakvHX6B77zzkFQto8PQ9QsKnbf4I"
"v=spf1 include:_spf.google.com ~all"
"apple-domain-verification=30afIBcvSuDV2PLX"
"google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
"onetrust-domain-verification=de01ed21f2fa4d8781cbc3ffb89cf4ef"

I also tried with cloudflare.com. it should have a bunch of TXT records but dnsr returns 0 TXT records.

Miniwoffer commented 11 months ago

I wrote some tests: https://github.com/domainr/dnsr/pull/112

Miniwoffer commented 11 months ago

I found out that changing from TCP to UDP in exchangeIP seems to fix the issue

Miniwoffer commented 11 months ago

Looks like tc bit is set on the response, so it should discard and retry on TCP.

Miniwoffer commented 11 months ago

Il write a fix