Skip to content

Implement Reverse DNS Annotation #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zakird merged 13 commits into from
Sep 30, 2025
Merged

Implement Reverse DNS Annotation #38

zakird merged 13 commits into from
Sep 30, 2025

Conversation

@phillip-stephens
Copy link
Contributor

@phillip-stephens phillip-stephens commented Sep 25, 2025
edited
Loading

Adds:

  • reverse DNS lookup annotations to ZAnnotate
  • README instructions on Input/Output formats to expect/use with zannotate

Example

$ echo "1.1.1.1" | ./zannotate --rdns
{"ip":"1.1.1.1","rdns":{"domain_names":["one.one.one.one"]}}

Notes/Caveats

I noted 2 implementation choices to make here

  • CNAME Handling

    • Some IPs like 12.8.130.35 have CNAMEs returned.

      • Opt. 1 - Return both CNAMEs and PTRs. Would need to return a data structure that contains qname, dns record type, and answer.
      • Opt 2 - Return only PTR records. I went with this option. It follows what Go's native net.LookupAddr does, and I figure if people wanted to study the DNS ecosystem, they'd use the more verbose output from ZDNS.
$  dig -x 12.8.130.35
...
;; ANSWER SECTION:
35.130.8.12.in-addr.arpa. 83000 IN      CNAME   35.0/25.130.8.12.in-addr.arpa.
35.0/25.130.8.12.in-addr.arpa. 86400 IN PTR     pm2-26.btconline.net.
  • Error handling
    - **Opt 1 - Quiet errors - We return an empty list for errors
echo "127.0.0.1" | ./zannotate --rdns                                                                                                                                                                                                                                                                                         15:54:05
{"ip":"127.0.0.1","rdns":{}}
  • Opt 2 - Verbose error in-output- ZDNS will always return the error encountered into the output. This felt too chatty, especially since a lot of IPs don't have a PTR record. I ended up going with Option 1 even if that means that some sort of network issue will just result in a bunch of null entries BUT I do log errors at a DEBUG level for observability.

Performance

As a naive comparison, I replaced the annotation with ZDNS with net.LookupAddr, Go's std. lib. function for reverse PTR lookups. On a set of 10k IPs and a VM with plenty of compute/network bandwidth, ZDNS was 5x faster at 30 sec. for all lookups vs. 2 min, 30 sec.

Related Issues

Resolves #4

@phillip-stephens phillip-stephens marked this pull request as ready for review September 25, 2025 21:47
@phillip-stephens phillip-stephens changed the title Phillip/implement rdns Implement Reverse DNS Annotation Sep 25, 2025
@zakird zakird merged commit b6be97f into master Sep 30, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zakird zakird zakird approved these changes

Assignees

@zakird zakird

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add ZDNS reverse ptr record lookup

3 participants

@phillip-stephens @zakird