When running amass enum in a semi-isolated network, it might not be able to get out to just any DNS server.
The documentation for the resolver = config-file entry and/or the -r or -tr command-line parameters seems to suggest that using them will cause amass to confine itself to the addresses specified, but apparently that does not mean what I think it means. amass enum will attempt to send queries to 8.8.8.8 and many other addresses regardless of those settings. It doesn't seem like it's making any queries that couldn't be satisfied by any recursive nameserver.
Is it possible to get amass to talk to only specific nameservers? Even better if you could configure it to use whatever the system resolver is set for (which of course necessitates that the host system is configured to resolve names via DNS, that's fine), but if -r and/or -tr was sufficient, that'd be easy to do with a wrapper script.
When running
amass enumin a semi-isolated network, it might not be able to get out to just any DNS server.The documentation for the
resolver =config-file entry and/or the-ror-trcommand-line parameters seems to suggest that using them will causeamassto confine itself to the addresses specified, but apparently that does not mean what I think it means.amass enumwill attempt to send queries to8.8.8.8and many other addresses regardless of those settings. It doesn't seem like it's making any queries that couldn't be satisfied by any recursive nameserver.Is it possible to get
amassto talk to only specific nameservers? Even better if you could configure it to use whatever the system resolver is set for (which of course necessitates that the host system is configured to resolve names via DNS, that's fine), but if-rand/or-trwas sufficient, that'd be easy to do with a wrapper script.