Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

the premise of ettu seems not to always hold true #23

Open
jakobhuss opened this issue Jul 9, 2020 · 2 comments
Open

the premise of ettu seems not to always hold true #23

jakobhuss opened this issue Jul 9, 2020 · 2 comments

Comments

@jakobhuss
Copy link

Hi Tom,

I wanted to confirm the idea ettu is built on. So I created a A record at a.b.c.veracious.se with aws route 53. The command host c.veracious.se returns NXDOMAIN which to me suggests that this behaviour is not the same for all dns servers. My plan was to build something using the idea of empty dns responses. But if it is an implementation detail of the dns server and not a specification, then I guess it would be quite a fragile tool.

I would gladly be informed if I'm getting something wrong or there is even more nuance to this quirk.

Thank you Tom for all inspiration, and don't feel obliged to respond to this if you don't have the time.

Kind regards
Jakob

@tomnomnom
Copy link
Owner

Hi Jakob, thanks for your message :)

The tool is in my hacks repo for good reason! It's really an experiment to find things like this out; so thank you for letting me know :)

I'm not super surprised that AWS would do things a little differently to others. Perhaps the tool should have a way to test on a known subdomain for the behaviour to help the user figure out if the tool will work for them... That would rely on there being a suitable subdomain to test with of course so it's kinda tricky.

Thanks for the heads up!

@jakobhuss
Copy link
Author

jakobhuss commented Jul 10, 2020

Thx for responding. And I think the idea of a hack repo great, I just wanted to discuss the idea.

I guess a tool could start using this trick when it has a confirmation of the behaviour like you get with knowing about one.two.three.tomnomnom.uk and executing host three.tomnomnom.uk. I don't know of any other way of probing the server for its behaviour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants