search

yassineaboukir / sublert

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
MIT License
988 stars 166 forks source link

Performance gain? #33

Closed melardev closed 4 years ago

melardev commented 4 years ago

Hi, I was looking at the code when I saw the following:

...
for qtype in ['A','CNAME']:
                dns_output = dns.resolver.query(domain,qtype, raise_on_no_answer = False)
                if dns_output.rrset is None:
....

I wonder if it is really needed to make two DNS queries (A and CNAME) A query would suffice, am I wrong? I am not a DNS guru, this is why I didn't want to make a pull request. But from my tests using dig it seems obvious CNAME query is redundant. Anyways, you know a lot more hackers than I do, you could ask them to confirm.

melardev commented 4 years ago

By the way, if you confirm what I am saying, I would ask you to let me make the pull request, contributing to open source projects would help me in my "career", offers, etc.

yassineaboukir commented 4 years ago

Hi @melardev,

Thanks for your interest! We are interested in both CNAME and A record for the sake of the tool's purpose. Some servers have CNAME record, others point to an A record, so we need to obtain any of them.

Regards.