different a-records for same domain

[talelbaz]

Why, after running the same command 2 times in a row, get different values ​​of dns_a for the same permutation domain? I used the 'all' argument and got 2 nameservers, but got different DNS-a records each time(maybe even though the 'all' argument, it takes a-records only from one ns?) thanks!

[talelbaz]

for example

{'fuzzer': 'bitsquatting', 'domain': 'toiota.com', 'dns_ns': ['ns1.namebrightdns.com', 'ns2.namebrightdns.com'], 'dns_a': ['52.71.57.184', '54.209.32.212'], 'ssdeep': 0} (with 'all' arg)

{'fuzzer': 'bitsquatting', 'domain': 'toiota.com', 'dns_ns': ['ns1.namebrightdns.com'], 'dns_a': ['52.71.57.184'], 'ssdeep': 0} (without 'all' arg)

{'fuzzer': 'bitsquatting', 'domain': 'toiota.com', 'dns_ns': ['ns1.namebrightdns.com'], 'dns_a': ['3.130.204.160'], 'ssdeep': 0} (withut 'all' arg)

[elceef]

Load balancing! The answer section contains IN CNAME traff-N.hugedomains.com (where N is a digit) which resolves to different IP addresses.

[talelbaz]

thanks !! so when I put the 'all' argument I get a few IPs- it's because of the load balancing? it's the IPs from the same nameserver? can you explain whats the difference between putting the 'all' argument and without putting it?

THANKS!!

[elceef]

DNS answer section can have more than one record. By default, the tool sorts them in ascending order and displays the first one, while with --all it displays all of them.

[elceef]

When it comes to load balancing, in this particular case we have two layers. First layer is when the authoritative DNS server responds with IN CNAME traff-N.hugedomains.com. This CNAME is further resolved to two IN A records which is the second layer because obviously you need to pick one of them - usually the one at the first position. The order of IN A records is pretty much random or round-robin.