search

zmap / zdns

Fast DNS Lookup Library and CLI Tool
Apache License 2.0
935 stars 122 forks source link

Passing domains that have a comma as part of the string #329

Closed warwickhadley closed 1 year ago

warwickhadley commented 1 year ago

Is it possible to submit a request for a domain that has a comma as part of the domain name ie abc.edg,hij.com . When I pass this it treats the part of the string after the comma as the resolver to be used.

thanks

stklcode commented 1 year ago

Seems this is only possible in --name-server-mode for a single domain, like this:

echo my-nameserver | zdns A --name-server-mode --override-name "ex,ample.com"

Otherwise, the parser will always split the input line at the first comma: https://github.com/zmap/zdns/blob/ac6c7f30a7f5e11f87779f5275adeed117227cd6/pkg/zdns/lookup.go#L115-L125

https://github.com/zmap/zdns/blob/ac6c7f30a7f5e11f87779f5275adeed117227cd6/pkg/zdns/lookup.go#L70-L77

So echo "ex,ample.com" | zdns A will query ex at ample.com:53

Funny side effect: Is is possible to use a comma in the nameserver's domain... echo "ex,ample.com,my-nameserver" | zdns A will query ex at ample.com,my-nameserver:53

secastro commented 1 year ago

Just poking my nose on this, a comma "," is not a valid character on a domain name, seems like an error on Warwick's data.

zakird commented 1 year ago

This was certainly built under the RFC guidelines that domains don't have commas in them. We'd be happy to accept a PR that switches to a real CSV library and allows quoted strings to support this use case. Given that this is pretty far out of standard practice, I don't think that the core team will be able to prioritize the issue.

On Fri, May 5, 2023 at 8:50 AM Stefan Kalscheuer @.***> wrote:

Seems this is only possible in --name-server-mode for a single domain, like this:

echo my-nameserver | zdns A --name-server-mode --override-name "ex,ample.com"

Otherwise, the parser will always split the input line at the first comma:

https://github.com/zmap/zdns/blob/ac6c7f30a7f5e11f87779f5275adeed117227cd6/pkg/zdns/lookup.go#L115-L125

https://github.com/zmap/zdns/blob/ac6c7f30a7f5e11f87779f5275adeed117227cd6/pkg/zdns/lookup.go#L70-L77

So echo "ex,ample.com" | zdns A will query ex at ample.com:53

Funny side effect: Is is possible to use a comma in the nameserver's domain... echo "ex,ample.com,my-nameserver" | zdns A will query ex at ample.com ,my-nameserver:53

— Reply to this email directly, view it on GitHub https://github.com/zmap/zdns/issues/329#issuecomment-1536452340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABREUCEGJX65UBBRQM72JTXEUOV5ANCNFSM6AAAAAAXXFLDBE . You are receiving this because you are subscribed to this thread.Message ID: @.***>

stklcode commented 1 year ago

Just poking my nose on this, a comma "," is not a valid character on a domain name, seems like an error on Warwick's data.

It could also be intentional. While most of the time there is no practical use for it, out-of-spec requests sometimes reveal interesting stuff :wink:

dadrian commented 1 year ago

@warwickhadley can you test with https://github.com/zmap/zdns/pull/330