Encountering error tying to connect: DNS query timing out when connecting to the database

[alexander-bauer]

Hi all, I am encountering the below error message in attempting to use any sn0int command aside from --help. It's not clear to me whether this is a fault elsewhere on the internet, or something wrong with my network. I'm new to the tool, and further debugging steps aren't obvious to me.

I've attached the rest of my session at the bottom: my regular pinging and DNS look fine, and I'm able to connect to sn0int.com, so I would imagine that's not the DNS query that's timing out, but I'm not sure how to find which one is.

[+] Connecting to database
Error: Failed to download public suffix list
Because: http request failed
Because: error trying to connect: DNS query timed out

---

Versions

• rustc --version: not available for docker
• cargo --version: not available for docker
• sn0int --version: sn0int 0.11.2
• uname -a: Linux a55f7c14de82 3.10.0-693.5.2.el7.centos.plus.x86_64 #1 SMP Fri Oct 20 14:50:03 UTC 2017 x86_64 GNU/Linux

Environment

• Operating System/Distro: CentOS 7 host
• Installed from (source/apt/pacman/brew/docker): Docker

[sasha@malaria sn0int]$ docker run --rm --init -it -v /home/sasha/sn0int/.cache:/cache -v /home/sasha/sn0int/.data:/data kpcyrd/sn0int

                   ___/           .
     ____ , __   .'  /\ ` , __   _/_
    (     |'  `. |  / | | |'  `.  |
    `--.  |    | |,'  | | |    |  |
   \___.' /    | /`---' / /    |  \__/

        osint | recon | security
      irc.hackint.org:6697/#sn0int

[+] Connecting to database
Error: Failed to download public suffix list
Because: http request failed
Because: error trying to connect: DNS query timed out
[sasha@malaria sn0int]$ docker run --rm --entrypoint "/bin/bash" --init -it -v /home/sasha/sn0int/.cache:/cache -v /home/sasha/sn0int/.data:/data kpcyrd/sn0int
root@a55f7c14de82:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
405: eth0@if406: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@a55f7c14de82:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=1.71 ms
^C
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.714/1.714/1.714/0.000 ms
root@a55f7c14de82:/# ping sn0int.com
PING sn0int.com (159.69.213.0) 56(84) bytes of data.
64 bytes from static.0.213.69.159.clients.your-server.de (159.69.213.0): icmp_seq=1 ttl=51 time=145 ms
64 bytes from static.0.213.69.159.clients.your-server.de (159.69.213.0): icmp_seq=2 ttl=51 time=146 ms
^C
--- sn0int.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 145.969/146.007/146.046/0.384 ms
root@a55f7c14de82:/# 

[kpcyrd]

Wow, thanks for the very detailed bug report!

The public suffix list is downloaded from https://publicsuffix.org/list/public_suffix_list.dat so there might've been an issue with the publicsuffix.org nameservers. Another possible issue is that the dns query timeout is too low for you.

The list currently loads successfully for me, just to rule out the chance of a temporary issue with their nameservers, can you retry?

If it still doesn't work you can try downloading the files manually, your cache folder that is mounted into the container should look like this (missing files are usually downloaded automatically):

% ls -la .cache/sn0int 
drwxr-xr-x    - root root 21 May  0:47 .
drwxr-xr-x    - root root 21 May  0:47 ..
.rw-r--r-- 6.5M root root 21 May  0:47 GeoLite2-ASN.mmdb
.rw-r--r--  60M root root 21 May  0:47 GeoLite2-City.mmdb
.rw-r--r-- 211k root root 21 May  0:47 public_suffix_list.dat

The URLs (note that the GeoLite files need to be extracted):

https://publicsuffix.org/list/public_suffix_list.dat
https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz

In case you have irc setup you're also welcome to join the channel at ircs://irc.hackint.org:6697/#sn0int

Some things I noticed that I could do to improve the situation:

• improve error reporting so it's obvious which url is used for the request
• increase the default dns timeout
• possibly preload those files into the container, but this may hide issues with dns resolution since you almost always need that to work

[alexander-bauer]

I'm still seeing the same symptoms from the container, though I'm able to download those files from the host without issue. The container is also able to ping the hosts, but I don't yet know whether I can download them manually through the container, because it doesn't have curl or wget.

[sasha@malaria sn0int]$ ./sn0int

                   ___/           .
     ____ , __   .'  /\ ` , __   _/_
    (     |'  `. |  / | | |'  `.  |
    `--.  |    | |,'  | | |    |  |
   \___.' /    | /`---' / /    |  \__/

        osint | recon | security
      irc.hackint.org:6697/#sn0int

[+] Connecting to database
Error: Failed to download public suffix list
Because: http request failed
Because: error trying to connect: DNS query timed out
[sasha@malaria sn0int]$ docker run --rm --entrypoint "/bin/bash" --init -it -v /home/sasha/sn0int/.cache:/cache -v /home/sasha/sn0int/.data:/data kpcyrd/sn0int
root@45468759c27d:/# ping publicsuffix.org
PING publicsuffix.org (99.84.239.128) 56(84) bytes of data.
64 bytes from server-99-84-239-128.sfo5.r.cloudfront.net (99.84.239.128): icmp_seq=1 ttl=246 time=1.20 ms
64 bytes from server-99-84-239-128.sfo5.r.cloudfront.net (99.84.239.128): icmp_seq=2 ttl=246 time=1.12 ms
^C
--- publicsuffix.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.125/1.163/1.201/0.038 ms
root@45468759c27d:/# ping geolite.maxmind.com
PING geolite.maxmind.com (104.17.201.89) 56(84) bytes of data.
64 bytes from 104.17.201.89: icmp_seq=1 ttl=59 time=0.756 ms
64 bytes from 104.17.201.89: icmp_seq=2 ttl=59 time=0.895 ms
^C
--- geolite.maxmind.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.756/0.825/0.895/0.075 ms
root@45468759c27d:/#

./sn0int in the above is a script that runs docker run --rm --init -it -v /home/sasha/sn0int/.cache:/cache -v /home/sasha/sn0int/.data:/data kpcyrd/sn0int.

It's been a few years since I've been active on IRC, but I'll see if I can resurrect my old habits and join you all soon.

[hackdefendr]

This happens on MacOS latest versions as well. Compiled from source, not docker. sn0int will not start.

./sn0int

                   ___/           .
     ____ , __   .'  /\ ` , __   _/_
    (     |'  `. |  / | | |'  `.  |
    `--.  |    | |,'  | | |    |  |
   \___.' /    | /`---' / /    |  \__/

        osint | recon | security
      irc.hackint.org:6697/#sn0int

[+] Connecting to database
Error: Failed to download public suffix list
Because: http request failed
Because: error trying to connect: DNS query timed out

Versions

rustc --version: rustc 1.40.0 (73528e339 2019-12-16) cargo --version: cargo 1.40.0 (bc8e4c8be 2019-11-22) sn0int --version: sn0int 0.14.0 uname -a: Darwin Jeffs-MacBook-Pro.local 19.2.0 Darwin Kernel Version 19.2.0: Sat Nov 9 03:47:04 PST 2019; root:xnu-6153.61.1~20/RELEASE_X86_64 x86_64

[genevera]

still happening in macos