search

zmap / zdns

Fast DNS Lookup Library and CLI Tool
Apache License 2.0
912 stars 120 forks source link

zdns cannot connect to loopback resolvers without also specifying a loopback local-addr #337

Closed paul-pearce closed 2 months ago

paul-pearce commented 1 year ago

zdns will attempt to connect to loopback using a non-loopback IP if you don't either manually specify local-addr or interface=lo. This is due to selecting a random address from gc.LocalAddrs, which by default is only populated with non-loopback IPs. This results in attempting to dial a connection from non-loopback->loopback, which fails.

This is especially problematic in environments where a loopback resolver exists and no arguments are specified, as it auto detects a loopback resolver but not a loopback source IP.

See the following output. 

$:~/zdns$ echo example.com | ./zdns A --verbosity=5 --timeout=1 --retries=0
INFO[0000] No name servers specified. will use: 127.0.0.53:53 
DEBU[0000] THREADID 000005,DEPTH 01:    [****WIRE LOOKUP***  A   example.com   127.0.0.53:53] 
INFO[0001] Err is: read udp 67.x.x.x:36916: i/o timeout 
{"data":{"protocol":"udp","resolver":"127.0.0.53:53"},"name":"example.com","status":"TIMEOUT","timestamp":"2023-06-29T11:31:38-07:00"}

$:~/zdns$ echo example.com | ./zdns A --verbosity=5 --timeout=1 --retries=0 --local-interface=lo
INFO[0000] No name servers specified. will use: 127.0.0.53:53 
INFO[0000] using local interface: 0xc24d10              
DEBU[0000] THREADID 000003,DEPTH 01:    [****WIRE LOOKUP***  A   example.com   127.0.0.53:53] 
INFO[0000] Err is: <nil>                                
{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":65494,"version":0}],"answers":[{"answer":"93.184.216.34","class":"IN","name":"example.com","ttl":6634,"type":"A"}],"protocol":"udp","resolver":"127.0.0.53:53"},"name":"example.com","status":"NOERROR","timestamp":"2023-06-29T11:31:45-07:00"}

$:~/zdns$ echo example.com | ./zdns A --verbosity=5 --timeout=1 --retries=0 --local-addr=127.0.0.1
INFO[0000] No name servers specified. will use: 127.0.0.53:53 
INFO[0000] using local address: 0xc24d00                
DEBU[0000] THREADID 000005,DEPTH 01:    [****WIRE LOOKUP***  A   example.com   127.0.0.53:53] 
INFO[0000] Err is: <nil>                                
{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":65494,"version":0}],"answers":[{"answer":"93.184.216.34","class":"IN","name":"example.com","ttl":6624,"type":"A"}],"protocol":"udp","resolver":"127.0.0.53:53"},"name":"example.com","status":"NOERROR","timestamp":"2023-06-29T11:31:54-07:00"}

Note I added the INFO logging above to identify the actual true error under the timeout... That's probably another bug.

zakird commented 1 year ago

It might be worth just stupidly patching if resolver is localhost then use localhost

paul-pearce commented 1 year ago

Agreed. This could get complicated if there's a mix of resolvers, but I'm fine warning in that circumstance.