From d2d68c3a18a01f126e8ddfaa8adc9f2dddea22cd Mon Sep 17 00:00:00 2001 From: "Paul P." Date: Fri, 18 Oct 2024 02:51:15 -0700 Subject: [PATCH 1/2] Feature: Add flag to disable NXDOMAIN hijacking --- dnsrecon/cli.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dnsrecon/cli.py b/dnsrecon/cli.py index 118c0479..d1c3a16d 100755 --- a/dnsrecon/cli.py +++ b/dnsrecon/cli.py @@ -1622,6 +1622,11 @@ def main(): help='Continue brute forcing a domain even if a wildcard record is discovered.', action='store_true', ) + parser.add_argument( + '--disable_check_nxdomain', + help='Disables check for NXDOMAIN hijacking on name servers.', + action='store_true' + ) parser.add_argument( '--disable_check_recursion', help='Disables check for recursion on name servers', @@ -1781,8 +1786,9 @@ def main(): # Exit if we cannot resolve it print_error(f"Could not resolve NS server provided and server doesn't appear to be an IP: {entry}") - if check_nxdomain_hijack(socket.gethostbyname(entry)): - continue + if not arguments.disable_check_nxdomain: + if check_nxdomain_hijack(socket.gethostbyname(entry)): + continue if netaddr.valid_glob(entry): ns_server.append(entry) From 1eeb68fe9e3dcdb655fa5acf0cd2f44651de3ec8 Mon Sep 17 00:00:00 2001 From: "Paul P." Date: Fri, 18 Oct 2024 02:52:07 -0700 Subject: [PATCH 2/2] formatting with ruff --- dnsrecon/cli.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dnsrecon/cli.py b/dnsrecon/cli.py index d1c3a16d..96ea6fae 100755 --- a/dnsrecon/cli.py +++ b/dnsrecon/cli.py @@ -1623,9 +1623,7 @@ def main(): action='store_true', ) parser.add_argument( - '--disable_check_nxdomain', - help='Disables check for NXDOMAIN hijacking on name servers.', - action='store_true' + '--disable_check_nxdomain', help='Disables check for NXDOMAIN hijacking on name servers.', action='store_true' ) parser.add_argument( '--disable_check_recursion',