Mzack9999
commented
1 week ago @pdelteil Thanks for reporting this, I found the same indirectly while during long running dnsx. It should be fixed in https://github.com/projectdiscovery/dnsx/pull/740
Closed pdelteil closed 6 days ago
Mzack9999
commented
1 week ago @pdelteil Thanks for reporting this, I found the same indirectly while during long running dnsx. It should be fixed in https://github.com/projectdiscovery/dnsx/pull/740
dnsx version:
1.2.1
Current Behavior:
Running dnsx with 200 threads and 2 MM domains crashed my server several times, using a total of 14 GB of RAM + 10 GB of swap. When the SWAP was filled completely, the server entered in an unrecoverable state. I couldn't find the reason for around a week, but today I found a domain with infinite recursion.
This domain gives
SERVFAILand theCNAMEdefinition was recursive. The trace keeps running until 32767 steps in the recursion are completed or until the RAM and SWAP gets to 100%. I think the default value is too high:-trace-max-recursion int Max recursion for dns trace (default 32767)I haven't found cases that are not recursive that have more than 10 steps in the trace recursion.
Expected Behavior:
With a considerable lower default max recursion value is very unlikely a server resources will be exhausted.
Steps To Reproduce:
echo lb.devicemanager.central.arubanetworks.com|dnsx -rc servfail -r 1.1.1.1 -trace -j -debugIt keeps running for a long time. No debug info is shown.
echo lb.devicemanager.central.arubanetworks.com|dnsx -rc servfail -r 1.1.1.1 -trace -j -debug -trace-max-recursion 10The second case returns in a couple of seconds.