Don't create DNS cached resolver on every test, because it'll exhaust the OS's resources

Author: smashery

lib/msf/core/framework.rb

@@ -81,7 +81,11 @@ def initialize(options={})
     # Configure the SSL certificate generator
     require 'msf/core/cert_provider'
     Rex::Socket::Ssl.cert_provider = Msf::Ssl::CertProvider
-    initialize_dns_resolver
+
+    if options.include?('CustomDnsResolver')
+      self.dns_resolver = options['CustomDnsResolver']
+      Rex::Socket._install_global_resolver(self.dns_resolver)
+    end
 
     subscriber = FrameworkEventSubscriber.new(self)
     events.add_exploit_subscriber(subscriber)
@@ -91,13 +95,6 @@ def initialize(options={})
     events.add_ui_subscriber(subscriber)
   end
 
-  def initialize_dns_resolver
-    self.dns_resolver = Rex::Proto::DNS::CachedResolver.new
-    self.dns_resolver.extend(Rex::Proto::DNS::CustomNameserverProvider)
-    self.dns_resolver.load_config
-    Rex::Socket._install_global_resolver(self.dns_resolver)
-  end
-
   def dns_resolver
     self.dns_resolver
   end

lib/msf/ui/console/command_dispatcher/dns.rb

@@ -44,6 +44,8 @@ def commands
   # @param words [Array<String>] the previously completed words on the command line.  words is always
   # at least 1 when tab completion has reached this stage since the command itself has been completed
   def cmd_dns_tabs(str, words)
+    return if driver.framework.dns_resolver.nil?
+
     if words.length == 1
       options = ['add','del','remove','flush','print']
       return options.select { |opt| opt.start_with?(str) }
@@ -132,6 +134,8 @@ def cmd_dns_help
   # Manage Metasploit's DNS resolution rules
   #
   def cmd_dns(*args)
+    return if driver.framework.dns_resolver.nil?
+
     args << 'print' if args.length == 0
     # Short-circuit help
     if args.delete("-h") || args.delete("--help")

lib/msf/ui/console/driver.rb

@@ -80,8 +80,16 @@ def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {
 
     # Initialize attributes
 
+    dns_resolver = Rex::Proto::DNS::CachedResolver.new
+    dns_resolver.extend(Rex::Proto::DNS::CustomNameserverProvider)
+    dns_resolver.load_config
+
     # Defer loading of modules until paths from opts can be added below
-    framework_create_options = opts.merge('DeferModuleLoads' => true)
+    framework_create_options = opts.merge({
+                                            'DeferModuleLoads' => true,
+                                            'CustomDnsResolver' => dns_resolver
+                                          }
+                                         )
     self.framework = opts['Framework'] || Msf::Simple::Framework.create(framework_create_options)
 
     if self.framework.datastore['Prompt']

lib/rex/proto/dns/resolver.rb

@@ -15,7 +15,7 @@ class Resolver < Net::DNS::Resolver
 
     Defaults = {
       :config_file => "/etc/resolv.conf",
-      :log_file => "/dev/null", # formerly $stdout, should be tied in with our loggers
+      :log_file => File::NULL, # formerly $stdout, should be tied in with our loggers
       :port => 53,
       :searchlist => [],
       :nameservers => [IPAddr.new("127.0.0.1")],

spec/lib/rex/proto/dns/custom_nameserver_provider_spec.rb

@@ -111,4 +111,14 @@ def packet_for(name)
      expect(ns).to eq([[ruled_nameserver, {}], [ruled_nameserver2, {}]])
    end
   end
+
+  context 'When a packet contains multiple questions that have different nameserver results' do
+   it 'Throws an error' do
+     packet = packet_for('subdomain.metasploit.com')
+     q = Dnsruby::Question.new('subdomain.notmetasploit.com', Dnsruby::Types::A, Dnsruby::Classes::IN)
+
+     packet.question.append(q)
+     expect {many_ruled_provider.nameservers_for_packet(packet)}.to raise_error(ResolverError)
+   end
+  end
 end