the premise of ettu seems not to always hold true

[jakobhuss]

Hi Tom,

I wanted to confirm the idea ettu is built on. So I created a A record at a.b.c.veracious.se with aws route 53. The command host c.veracious.se returns NXDOMAIN which to me suggests that this behaviour is not the same for all dns servers. My plan was to build something using the idea of empty dns responses. But if it is an implementation detail of the dns server and not a specification, then I guess it would be quite a fragile tool.

I would gladly be informed if I'm getting something wrong or there is even more nuance to this quirk.

Thank you Tom for all inspiration, and don't feel obliged to respond to this if you don't have the time.

Kind regards Jakob

[tomnomnom]

Hi Jakob, thanks for your message :)

The tool is in my hacks repo for good reason! It's really an experiment to find things like this out; so thank you for letting me know :)

I'm not super surprised that AWS would do things a little differently to others. Perhaps the tool should have a way to test on a known subdomain for the behaviour to help the user figure out if the tool will work for them... That would rely on there being a suitable subdomain to test with of course so it's kinda tricky.

Thanks for the heads up!

[jakobhuss]

Thx for responding. And I think the idea of a hack repo great, I just wanted to discuss the idea.

I guess a tool could start using this trick when it has a confirmation of the behaviour like you get with knowing about one.two.three.tomnomnom.uk and executing host three.tomnomnom.uk. I don't know of any other way of probing the server for its behaviour.