zdns
zdns copied to clipboard
Published
20 hours ago •
zmap
zmap
"nslookup" doesn't provide final answer
"nslookup" doesn't provide the final answer while it queries some domains (e.g. cmu.edu).
$ echo "cmu.edu,8.8.8.8" | ./zdns nslookup --result-verbosity trace
{
"class": "IN",
"data": {
"servers": [
{
"name": "NSAUTH1.NET.cmu.edu",
"ttl": 21600,
"type": "NS"
},
{
"name": "NSAUTH2.NET.cmu.edu",
"ttl": 21600,
"type": "NS"
},
{
"name": "NY-SERVER-03.NET.cmu.edu",
"ttl": 21600,
"type": "NS"
}
]
},
"name": "cmu.edu",
"status": "NOERROR",
"timestamp": "2022-04-27T11:27:08+08:00",
"trace": [
{
"cached": false,
"class": 1,
"depth": 1,
"layer": "cmu.edu",
"name": "cmu.edu",
"name_server": "8.8.8.8:53",
"results": {
"answers": [
{
"answer": "NSAUTH1.NET.cmu.edu.",
"class": "IN",
"name": "cmu.edu",
"ttl": 21600,
"type": "NS"
},
{
"answer": "NSAUTH2.NET.cmu.edu.",
"class": "IN",
"name": "cmu.edu",
"ttl": 21600,
"type": "NS"
},
{
"answer": "NY-SERVER-03.NET.cmu.edu.",
"class": "IN",
"name": "cmu.edu",
"ttl": 21600,
"type": "NS"
}
],
"flags": {
"authenticated": false,
"authoritative": false,
"checking_disabled": false,
"error_code": 0,
"opcode": 0,
"recursion_available": true,
"recursion_desired": true,
"response": true,
"truncated": false
},
"protocol": "udp",
"resolver": "8.8.8.8:53"
},
"try": 1,
"type": 2
},
{
"cached": false,
"class": 1,
"depth": 1,
"layer": "NSAUTH1.NET.cmu.edu",
"name": "NSAUTH1.NET.cmu.edu",
"name_server": "8.8.8.8:53",
"results": {
"answers": [
{
"answer": "128.2.1.8",
"class": "IN",
"name": "NSAUTH1.NET.cmu.edu",
"ttl": 14441,
"type": "A"
}
],
"flags": {
"authenticated": false,
"authoritative": false,
"checking_disabled": false,
"error_code": 0,
"opcode": 0,
"recursion_available": true,
"recursion_desired": true,
"response": true,
"truncated": false
},
"protocol": "udp",
"resolver": "8.8.8.8:53"
},
"try": 1,
"type": 1
},
{
"cached": false,
"class": 1,
"depth": 1,
"layer": "NSAUTH2.NET.cmu.edu",
"name": "NSAUTH2.NET.cmu.edu",
"name_server": "8.8.8.8:53",
"results": {
"answers": [
{
"answer": "128.237.148.168",
"class": "IN",
"name": "NSAUTH2.NET.cmu.edu",
"ttl": 21600,
"type": "A"
}
],
"flags": {
"authenticated": false,
"authoritative": false,
"checking_disabled": false,
"error_code": 0,
"opcode": 0,
"recursion_available": true,
"recursion_desired": true,
"response": true,
"truncated": false
},
"protocol": "udp",
"resolver": "8.8.8.8:53"
},
"try": 1,
"type": 1
},
{
"cached": false,
"class": 1,
"depth": 1,
"layer": "NY-SERVER-03.NET.cmu.edu",
"name": "NY-SERVER-03.NET.cmu.edu",
"name_server": "8.8.8.8:53",
"results": {
"answers": [
{
"answer": "38.96.147.4",
"class": "IN",
"name": "NY-SERVER-03.NET.cmu.edu",
"ttl": 300,
"type": "A"
}
],
"flags": {
"authenticated": false,
"authoritative": false,
"checking_disabled": false,
"error_code": 0,
"opcode": 0,
"recursion_available": true,
"recursion_desired": true,
"response": true,
"truncated": false
},
"protocol": "udp",
"resolver": "8.8.8.8:53"
},
"try": 1,
"type": 1
}
]
}
From the trace infomation, we know that zdns have queried the NS record for A record, but it didn't provide in final result.
Thanks. This certainly looks like a bug since the point of nslookup is to also provide the actual IP addresses. @spencerdrak, @vishalmohanty, I know we recently made changes to this module. Any initial thoughts on what might be happening?
Thanks for pointing out the bug. Here's the fix: https://github.com/zmap/zdns/pull/303
