Handle domains that respond to any DNS query positively

[ocervell]

before abruptely being closed:
no, it's not the same feature as "wildcard filtering".

Explanation:
Some domains will respond with DNS code noerror and fake records (A, CNAME, etc...) for any subdomain query that you throw at it.

Would be nice to be able to detect those, and abort the run if we encounter them (as it's useless to check this way for those).

Implementation:

• Add "impossible" subdomains (e.g: string with a lot of generated characters and numbers) to check, like weird characters combinations that will never ever be a valid subdomain.
• If all impossible subdomains seem to return noerror, then abort the run with an info message saying that DNS queries all return for this domain and doing DNS lookups is useless.
• Add a new flag --autocalibrate/-ac that will handle this.

Example command:

For bruteforce mode:

dnsx -resp -recon -rc noerror -d example.com -json -wordlist my_wordlist.txt --autocalibrate

Note that this will also be useful for the normal operation mode:

echo "example.com" | dnsx -resp -recon -json --autocalibrate

[GeorginaReeder]

Thanks for your feature request @ocervell , we'll take a look into this!

[2Dai]

This would be a nice addition ! Looking forward to seeing this implemented.

[ocervell]

This would allow pipes that actually work for all domains by the way, instead of producing garbage results for some ;)

[dogancanbakir]

mentioning @Mzack9999 for review

[ocervell]

Any updates ?

[ocervell]

Just to piggy back on this issue, it's actually rather simple to implement:

Send simple DNS A queries to "impossible" subdomains, like <RANDOM_GENERATED_STRING>.< DOMAIN >. If the query responds with an OK status, abort the run when doing bruteforcing since all elements in the wordlist will return garbage data.