Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Retry with different resolvers #708

Open
pdelteil opened this issue Jul 26, 2024 · 6 comments
Open

Retry with different resolvers #708

pdelteil opened this issue Jul 26, 2024 · 6 comments
Labels
Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@pdelteil
Copy link

Please describe your feature request:

Often times while scanning domains you will get many false positives or REFUSED states. It would be useful to define a retry flag that retries with N resolvers. I'm assuming the current retry flag uses the same resolver every time.

Describe the use case of this feature:

Let's say we are looking for resolving domains (NOERROR status code), due to resolvers being blocked or malfunctioning (or rate limited?) the result might be REFUSED. I would like then to have this conditions matched:

  • Only give NOERROR if at least 1 resolver gave NOERROR.
  • Give REFUSED if N resolvers gave REFUSED. This means dnsx choosing N different resolvers from the -r parameter.
  • Give SERVFAIL if N resolvers gave SERVFAIL.

Show a warning if N is greater than the resolvers defined in the -r parameter.

Thank you.

@pdelteil pdelteil added the Type: Enhancement Most issues will probably ask for additions or changes. label Jul 26, 2024
@GeorginaReeder
Copy link

Thanks so much for your feature request @pdelteil , we'll take a look into it!

@calab33p
Copy link

@pdelteil , I believe the behavior you are looking for is already there via

-retry int number of dns attempts to make (must be at least 1) (default 2)

It seems to work that way from my read onf the retryabledns code. N would be the retry count. Every retry I believe goes to a new resolver from the list you gave it.

CC @GeorginaReeder

@pdelteil
Copy link
Author

pdelteil commented Aug 31, 2024 via email

@calab33p
Copy link

Yeah, it's a little confusing how retryable has both the Do() and QueryMultiple() functions, but I don't believe the code you are referencing will run. Looks like dnsx is using QueryMultiple() instead and that code retries if Rcode isn't NOERROR:

https://github.com/projectdiscovery/retryabledns/blob/main/client.go#L417

Maybe give it a try @pdelteil

@calab33p
Copy link

Also note https://github.com/projectdiscovery/retryabledns/blob/main/client.go#L327 where the next resolver is chosen. Personally, given the way the code is written, I believe the optimal number for retries is a multiple of the number of resolvers configured. So, if you have 50 resolvers, then 50 or 100 or ....

@pdelteil
Copy link
Author

pdelteil commented Sep 1, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Development

No branches or pull requests

3 participants