Fix: Handle CNAME in Quad9 resolver and prevent DNS visualizer errors (#2959) (#3005)

PranavShukla7 · drosetti · pranavshukla · web-flow · commit 63589e5f5320 · 2025-11-04T15:52:15.000+01:00
* Fix Quad9 DNS resolver: handle A/AAAA/CNAME records properly to avoid visualizer errors (#2959) * Fix: Quad9 DNS resolver retry logic and DNS visualizer key error * Fix: DNS visualizer handle missing/empty 'resolutions' (#2959) Ensure visualizer handles analyzer reports without 'resolutions' and works with normalized records from Quad9 resolver. * Implement Quad9DNSResolver with JSON response parsing Switched the Quad9DNSResolver to use the Quad9 DoH JSON API instead of raw DNS wire parsing. This makes the analyzer simpler and aligned with maintainer’s request. The response is now parsed from the "Answer" section of the JSON to extract A record resolutions, while preserving retry and error handling logic. Also restored the missing comment for clarity. --------- Co-authored-by: Daniele Rosetti <55402684+drosetti@users.noreply.github.com> Co-authored-by: pranavshukla <shuklapranav777@gmail.com>
diff --git a/api_app/analyzers_manager/observable_analyzers/dns/dns_resolvers/quad9_dns_resolver.py b/api_app/analyzers_manager/observable_analyzers/dns/dns_resolvers/quad9_dns_resolver.py
@@ -4,7 +4,6 @@
 """Quad9 DNS resolutions"""
 import logging
 
-import dns.message
 import httpx
 
 from api_app.analyzers_manager import classes
@@ -35,21 +34,21 @@ def run(self):
         # with 2 or 3 attemps the analyzer should get the data
         attempt_number = 3
         quad9_response = None
-        for attempt in range(0, attempt_number):
+        for attempt in range(attempt_number):
             try:
                 quad9_response = httpx.Client(http2=True).get(
                     complete_url, headers=self.headers, timeout=10
                 )
             except httpx.ConnectError as exception:
-                # if the last attempt fails, raise an error
                 if attempt == attempt_number - 1:
                     raise exception
             else:
                 quad9_response.raise_for_status()
 
-        dns_response = dns.message.from_wire(quad9_response.content)
+        json_response = quad9_response.json()
         resolutions: list[str] = []
-        for answer in dns_response.answer:
-            resolutions.extend([resolution.address for resolution in answer])
+        for answer in json_response.get("Answer", []):
+            if "data" in answer:
+                resolutions.append(answer["data"])
 
         return dns_resolver_response(observable, resolutions)
diff --git a/api_app/visualizers_manager/visualizers/dns.py b/api_app/visualizers_manager/visualizers/dns.py
@@ -27,7 +27,6 @@
 from api_app.analyzers_manager.observable_analyzers.dns.dns_resolvers.quad9_dns_resolver import (  # noqa: E501
     Quad9DNSResolver,
 )
-from api_app.choices import Classification
 from api_app.models import Job
 from api_app.visualizers_manager.classes import VisualizableObject, Visualizer
 from api_app.visualizers_manager.decorators import (
@@ -68,8 +67,8 @@ def _dns_resolution(self, analyzer_report: AnalyzerReport) -> VisualizableObject
             value=[
                 self.Base(
                     value=(
-                        dns_resolution["data"]
-                        if self._job.analyzable.classification == Classification.DOMAIN
+                        dns_resolution.get("data")
+                        if isinstance(dns_resolution, dict) and "data" in dns_resolution
                         else dns_resolution
                     ),
                     disable=False,
