dnsx icon indicating copy to clipboard operation
dnsx copied to clipboard
verified publisher icon projectdiscovery

Handle domains that respond to any DNS query positively

Open ocervell opened this issue 9 months ago • 3 comments

before abruptely being closed: no, it's not the same feature as "wildcard filtering".

Explanation: Some domains will respond with DNS code noerror and fake records (A, CNAME, etc...) for any subdomain query that you throw at it.

Would be nice to be able to detect those, and abort the run if we encounter them (as it's useless to check this way for those).

Implementation:

  • Add "impossible" subdomains (e.g: string with a lot of generated characters and numbers) to check, like weird characters combinations that will never ever be a valid subdomain.
  • If all impossible subdomains seem to return noerror, then abort the run with an info message saying that DNS queries all return for this domain and doing DNS lookups is useless.
  • Add a new flag --autocalibrate/-ac that will handle this.

Example command:

For bruteforce mode:

dnsx -resp -recon -rc noerror -d example.com -json -wordlist my_wordlist.txt --autocalibrate

Note that this will also be useful for the normal operation mode:

echo "example.com" | dnsx -resp -recon -json --autocalibrate

ocervell avatar May 13 '25 09:05 ocervell

Thanks for your feature request @ocervell , we'll take a look into this!

GeorginaReeder avatar May 13 '25 12:05 GeorginaReeder

This would be a nice addition ! Looking forward to seeing this implemented.

2Dai avatar May 19 '25 14:05 2Dai

This would allow pipes that actually work for all domains by the way, instead of producing garbage results for some ;)

ocervell avatar May 26 '25 16:05 ocervell