nothing is logged when querying a non-existing domain
hapablanha opened this issue · 1 comments
hapablanha commented
Steps to reproduce:
- build and run
git checkout clientquery --force
make clean
make debug
./passivedns -i ens192
- query a non-existing domain
nslookup magicshield.test
Expected Result:
DNS request and answer can be found in /var/log/passivedns.log
Actual Result:
nothing can be found in /var/log/passivedns.log
Additional Info:
Error messages are seen in passivedns debug mode
[root@localhost src]# ./passivedns -i ens192
[*] PassiveDNS 1.1.3
[*] By Edward Bjarte Fjellsk?l <edward.fjellskaal@gmail.com>
[*] Using libpcap version 1.5.3
[*] Using ldns version 1.6.16
[*] Device: ens192
[*] Sniffing...
[passivedns.c:359(parse_udp)] [D] Parsing UDP packet...
[dns.c:180(dns_parser)] [D] New DNS Query
[dns.c:192(dns_parser)] [D] DNS Query with TID = 29148
[dns.c:228(update_query_cxt)] [*] rrcount_query: 1
[dns.c:236(update_query_cxt)] [D] rdf_data: 0x131ede0
[dns.c:252(update_query_cxt)] QUERY DOMAIN: magicshield.test.
[dns.c:204(dns_parser)] [D] DNS Query for domain: magicshield.test.
[passivedns.c:359(parse_udp)] [D] Parsing UDP packet...
[dns.c:109(dns_parser)] [D] DNS Answer
[dns.c:112(dns_parser)] [D] DNS Query TID match Answer TID: 29148
[dns.c:129(dns_parser)] [D] DNS packet with Recursion Desired (RD) bit set!
[dns.c:273(process_dns_answer)] [*] rrcount_query: 1
[dns.c:281(process_dns_answer)] [D] rdf_data: 0x131ede0
[dns.c:319(cache_dns_objects)] [D] domain_name: magicshield.test.
[dns.c:320(cache_dns_objects)] [D] dns_answer_domain_cnt: 0
[dns.c:328(cache_dns_objects)] [D] DNS client query deleted from pi->cxt->pquery
[dns.c:335(cache_dns_objects)] [D] Error return code: 3
[dns.c:369(cache_dns_objects)] [D] Error return code 4 was not processed:0
[passivedns.c:359(parse_udp)] [D] Parsing UDP packet...
[dns.c:180(dns_parser)] [D] New DNS Query
[dns.c:192(dns_parser)] [D] DNS Query with TID = 46880
[dns.c:228(update_query_cxt)] [*] rrcount_query: 1
[dns.c:236(update_query_cxt)] [D] rdf_data: 0x131ef10
[dns.c:252(update_query_cxt)] QUERY DOMAIN: magicshield.test.
[dns.c:204(dns_parser)] [D] DNS Query for domain: magicshield.test.
[passivedns.c:359(parse_udp)] [D] Parsing UDP packet...
[dns.c:109(dns_parser)] [D] DNS Answer
[dns.c:112(dns_parser)] [D] DNS Query TID match Answer TID: 46880
[dns.c:129(dns_parser)] [D] DNS packet with Recursion Desired (RD) bit set!
[dns.c:273(process_dns_answer)] [*] rrcount_query: 1
[dns.c:281(process_dns_answer)] [D] rdf_data: 0x131ef10
[dns.c:319(cache_dns_objects)] [D] domain_name: magicshield.test.
[dns.c:320(cache_dns_objects)] [D] dns_answer_domain_cnt: 0
[dns.c:328(cache_dns_objects)] [D] DNS client query deleted from pi->cxt->pquery
[dns.c:335(cache_dns_objects)] [D] Error return code: 3
[dns.c:369(cache_dns_objects)] [D] Error return code 4 was not processed:0
[dns.c:1048(expire_all_dns_records)] [D] Expiring all domain records
[passivedns.c:533(end_all_sessions)] CXT in list before cleaning: 2
[passivedns.c:534(end_all_sessions)] CXT in list after cleaning: 0
-- Total DNS records allocated : 0
-- Total DNS assets allocated : 0
-- Total DNS packets over IPv4/TCP : 0
-- Total DNS packets over IPv6/TCP : 0
-- Total DNS packets over TCP decoded : 0
-- Total DNS packets over TCP failed : 0
-- Total DNS packets over IPv4/UDP : 4
-- Total DNS packets over IPv6/UDP : 0
-- Total DNS packets over UDP decoded : 4
-- Total DNS packets over UDP failed : 0
-- Total packets received from libpcap : 4
-- Total Ethernet packets received : 4
-- Total VLAN packets received : 0
[*] passivedns ended.
hapablanha commented
It has turned to be clear that non-existing domain can be supported, just need turn on it in the config.
config.dnsfe |= DNS_SE_CHK_NXDOMAIN;