jdrowell / jdresolve Goto Github PK

jdresolve's recursive resolution is really clever, I love it! I'm not a DNS expert, but I wonder if it could be extended to CIDR (and if this would have any practical benefit). It looks like CIDR reverse DNS methods do not allow for simple discovery of the subnet delegations. You would have to guess at them, and you might have to try several naming conventions (http://faq.he.net/index.php/Reverse_DNS). So it would be inefficient, but it's doable. Does it make sense? I defer to you on that question!

Resolving 193.172.6.10 results in the following error:

Use of uninitialized value $type in string eq at /usr/local/src/jdresolve/jdresolve line 750, line 1.
Use of uninitialized value $query in exists at /usr/local/src/jdresolve/jdresolve line 754, line 1.
Use of uninitialized value $query in concatenation (.) or string at /usr/local/src/jdresolve/jdresolve line 754, line 1.

It appears $socks{fileno($socket)} is empty at this point.

This IP address returns multiple PTR records.

I think most people would expect that when a database is specified, it would be read before performing lookups. That is, the --dbfirst behavior would be the default. In fact, the default is a confusing mix where neither the database nor the DNS is authoritative: If you are doing recursive resolution, it first tries the DNS for the full address, but if it fails it turns to the database before trying the DNS for parent classes. I suppose this behavior makes a certain sense (PTR records change more often than NS records), but it should be documented.

I would make --dbfirst the default or at least document that you probably want this option. I would also add a --dnsfirst option that would try the full recursive DNS lookup (not just the PTR lookup) before checking the database.

I stumbled upon a crash that I hunted down to echo '196.29.35.79' | jdresolve --debug=3 --timeout=10 -.
I can see in my improved debug the trace that freesocket uses a different $fileno than the corresponding query. The tcpdump trace shows an UDP query and a subsequent TCP query. This specific IP address resolves to 34 names...
My solution was to add $res->igntc(1); just after the resolver instanciation, which prevents TCP retries and the added socket:

347 my $res = new Net::DNS::Resolver; # used for sending dns requests
348 $res->igntc(1); # If true, truncated packets will be ignored. If false, the query will be retried using TCP.
349 my $sel = new IO::Select; # controls the open sockets