Comments (8)
Thanks much for reporting this issue. What do you think about using drill
instead of dig
?
from spf-tools.
@jcbf what do you think about replacing dig
for drill
?
from spf-tools.
@jsarenik I forgot to say: I am on a Mac, and dig is available by default.
from spf-tools.
@lacostej sure. I have Mac too. drill
can be installed using http://brew.sh/ by running brew install ldns
.
The thing with +tcp
in dig
is that some servers (particularly cloudflare.com) do not answer TCP DNS request at all so I think we do not want to use +tcp
by default with dig.
As for drill
I will need to add option -a
by default (from man 1 drill
):
-a Use the resolver structure's fallback mechanism if the answer is truncated (TC=1). If a truncated packet is received and this option is set, drill will first send a new query with EDNS0 buffer size 4096. If the EDNS0 buffer size was already set to 512+ bytes, or the above retry also results in a truncated answer, the resolver structure will fall back to TCP.
from spf-tools.
Another idea: by default dig
shouldn't need +tcp
argument. It retries with TCP upon truncated.
The dig output looks like this:
;; Truncated, retrying in TCP mode.
dns14.ovh.net.
ns14.ovh.net.
HI: dns14.ovh.net.
ns14.ovh.net.
And the following patch fixes it:
@@ -24,7 +25,7 @@ findns() {
break 1
}
done
- echo "$ns" | grep .
+ echo "$ns" | grep -v "retrying in TCP mode" | grep .
}
# printip <<EOF
The filtering could be more focused on the comments maybe and moved to a different place in the code.
Maybe better to support this auto-retry mode than to add dependency to a new tool ?
from spf-tools.
Hi all, sorry I was away and here is my delayed 0.02€.
-
Regarding drill vs dig. I think drill is not broadly available by default or minimal Linux distros. I would stay away for that unless it is really necessary.
-
Regarding the TCP issue I think supporting tcp should be considered carefully. RFC strongly discourages the use of TCP in SPF records by keep them bellow 512 bytes ( http://tools.ietf.org/html/rfc7208#section-3.4 ). I think @lacostej is doing too many tests against google servers and is being throttled* . If you hit directly a resolver instead of a authoritative that shouldn't happen.
That said I would consider the following:
a) add an option to hit the default resolver instead of going to the authoritative
b) force a specific resolver
c) use
- echo "$ns" | grep .
+ echo "$ns" | grep NS
*to prevent ddos and/or amplifications attacks rate limiting dns requests on authoritative servers is done by activating the TC flag. That causes retries in TCP and explains why only fails 1 out of 3 tries.
from spf-tools.
+1 to using dig over drill. dig is far more widely distributed, and since I have a project that is dependent on spf-tools, I'd prefer to avoid an additional dependency.
from spf-tools.
Thank you all for feed-back! I appreciate it. Anyway, the experiment on the drill
branch was worth I think and I will backport the changes to dig
version. I will also incorporate the change to allow for seamless output even when TCP is used.
from spf-tools.
Related Issues (20)
- Support more DNS providers HOT 4
- Any way to eliminate "exists:" from results? HOT 5
- Missing CIDR Notation, no Recursion HOT 8
- No record for sportssystems.com HOT 3
- despf does not consolidate cidrs HOT 7
- How to make a test for iprange ? HOT 2
- Tests are failing on energystan.com HOT 2
- Handle macros in spf entries HOT 3
- SFP Qualifiers are removed HOT 9
- Any way to handle ptr: results, like with Yahoo? HOT 6
- allow the possibility to keep untouched includes in the first SPF HOT 9
- .spf-toolsrc ignored? HOT 31
- mkblocks.sh -l creates TXT record longer than 255 characters. It COULD split them HOT 20
- Simplify download install and setup instructions HOT 4
- Prevent overwrite of other TXT records HOT 10
- jq error HOT 15
- Use shellcheck
- Allow custom prefix from config file HOT 1
- Not sure where to post this HOT 1
- despf.sh google.com gives no output HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spf-tools.