jdrowell / jdresolve Goto Github PK
View Code? Open in Web Editor NEWA fast and recursive DNS name resolver for log files
License: GNU General Public License v2.0
A fast and recursive DNS name resolver for log files
License: GNU General Public License v2.0
Resolving 193.172.6.10 results in the following error:
Use of uninitialized value $type in string eq at /usr/local/src/jdresolve/jdresolve line 750, line 1.
Use of uninitialized value $query in exists at /usr/local/src/jdresolve/jdresolve line 754, line 1.
Use of uninitialized value $query in concatenation (.) or string at /usr/local/src/jdresolve/jdresolve line 754, line 1.
It appears $socks{fileno($socket)} is empty at this point.
This IP address returns multiple PTR records.
I think most people would expect that when a database is specified, it would be read before performing lookups. That is, the --dbfirst
behavior would be the default. In fact, the default is a confusing mix where neither the database nor the DNS is authoritative: If you are doing recursive resolution, it first tries the DNS for the full address, but if it fails it turns to the database before trying the DNS for parent classes. I suppose this behavior makes a certain sense (PTR records change more often than NS records), but it should be documented.
I would make --dbfirst
the default or at least document that you probably want this option. I would also add a --dnsfirst
option that would try the full recursive DNS lookup (not just the PTR lookup) before checking the database.
jdresolve's recursive resolution is really clever, I love it! I'm not a DNS expert, but I wonder if it could be extended to CIDR (and if this would have any practical benefit). It looks like CIDR reverse DNS methods do not allow for simple discovery of the subnet delegations. You would have to guess at them, and you might have to try several naming conventions (http://faq.he.net/index.php/Reverse_DNS). So it would be inefficient, but it's doable. Does it make sense? I defer to you on that question!
I stumbled upon a crash that I hunted down to echo '196.29.35.79' | jdresolve --debug=3 --timeout=10 -
.
I can see in my improved debug the trace that freesocket uses a different $fileno than the corresponding query. The tcpdump trace shows an UDP query and a subsequent TCP query. This specific IP address resolves to 34 names...
My solution was to add $res->igntc(1);
just after the resolver instanciation, which prevents TCP retries and the added socket:
347 my $res = new Net::DNS::Resolver; # used for sending dns requests
348 $res->igntc(1); # If true, truncated packets will be ignored. If false, the query will be retried using TCP.
349 my $sel = new IO::Select; # controls the open sockets
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.