Get complete zone records from DNS, DNSJava doesn't return all records
Good afternoon,
I'm working on a network discovery effort, and need to get all records for a domain. When I use DNSJava, its not the complete set. CNAME's aren't present, and not all TXT records, or A records.
Is there a better way to go about this?
Here's my code:
package iMCDNS;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.xbill.DNS.Lookup;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
public class iMCDNS {
public static void main(String args) {
System.out.println("Running iMCDNS");
try {
//this returned no records
// DirContext ctx = new InitialDirContext(env);
// Attributes atts = ctx.getAttributes("iditsecurity.com", new String {"CNAME"});
//
// System.out.println("Attributes size: " + atts.size());
//
// NamingEnumeration<? extends Attribute> e = atts.getAll();
//
//
// while(e.hasMore()) {
// System.out.println(e.next().get());
// }
//this also returns no CNAME records
Record rs = new Lookup("iditsecurity.com", Type.ANY).run();
if (rs!=null)
{
int javaDNSLen = rs.length;
for (int i = 0;i < javaDNSLen; i++)
{
System.out.println("record: " + rs[i].toString());
}
} else {
System.out.println("No records found");
}
} catch (Exception ex) {
System.out.println("Exception occurred: " + ex.toString());
}
}
}
And the results provided:
Should have 2 A records, 4 CNAME and 5 TXT records...
Running iMCDNS
record: iditsecurity.com. 4503 IN TXT "google-site-verification=VvXfVc-hr0dK3pzjc3yiAaDsK-tlFAMX7Xt3soYXByc"
record: iditsecurity.com. 4503 IN TXT "google-site-verification=8W17El_6uLvJ0WLxEsgIKt9hKRPuz6yN9U_ke9l0i7E"
record: iditsecurity.com. 4360 IN MX 10 mx1.netsolmail.net.
java dns
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
add a comment |
Good afternoon,
I'm working on a network discovery effort, and need to get all records for a domain. When I use DNSJava, its not the complete set. CNAME's aren't present, and not all TXT records, or A records.
Is there a better way to go about this?
Here's my code:
package iMCDNS;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.xbill.DNS.Lookup;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
public class iMCDNS {
public static void main(String args) {
System.out.println("Running iMCDNS");
try {
//this returned no records
// DirContext ctx = new InitialDirContext(env);
// Attributes atts = ctx.getAttributes("iditsecurity.com", new String {"CNAME"});
//
// System.out.println("Attributes size: " + atts.size());
//
// NamingEnumeration<? extends Attribute> e = atts.getAll();
//
//
// while(e.hasMore()) {
// System.out.println(e.next().get());
// }
//this also returns no CNAME records
Record rs = new Lookup("iditsecurity.com", Type.ANY).run();
if (rs!=null)
{
int javaDNSLen = rs.length;
for (int i = 0;i < javaDNSLen; i++)
{
System.out.println("record: " + rs[i].toString());
}
} else {
System.out.println("No records found");
}
} catch (Exception ex) {
System.out.println("Exception occurred: " + ex.toString());
}
}
}
And the results provided:
Should have 2 A records, 4 CNAME and 5 TXT records...
Running iMCDNS
record: iditsecurity.com. 4503 IN TXT "google-site-verification=VvXfVc-hr0dK3pzjc3yiAaDsK-tlFAMX7Xt3soYXByc"
record: iditsecurity.com. 4503 IN TXT "google-site-verification=8W17El_6uLvJ0WLxEsgIKt9hKRPuz6yN9U_ke9l0i7E"
record: iditsecurity.com. 4360 IN MX 10 mx1.netsolmail.net.
java dns
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
add a comment |
Good afternoon,
I'm working on a network discovery effort, and need to get all records for a domain. When I use DNSJava, its not the complete set. CNAME's aren't present, and not all TXT records, or A records.
Is there a better way to go about this?
Here's my code:
package iMCDNS;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.xbill.DNS.Lookup;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
public class iMCDNS {
public static void main(String args) {
System.out.println("Running iMCDNS");
try {
//this returned no records
// DirContext ctx = new InitialDirContext(env);
// Attributes atts = ctx.getAttributes("iditsecurity.com", new String {"CNAME"});
//
// System.out.println("Attributes size: " + atts.size());
//
// NamingEnumeration<? extends Attribute> e = atts.getAll();
//
//
// while(e.hasMore()) {
// System.out.println(e.next().get());
// }
//this also returns no CNAME records
Record rs = new Lookup("iditsecurity.com", Type.ANY).run();
if (rs!=null)
{
int javaDNSLen = rs.length;
for (int i = 0;i < javaDNSLen; i++)
{
System.out.println("record: " + rs[i].toString());
}
} else {
System.out.println("No records found");
}
} catch (Exception ex) {
System.out.println("Exception occurred: " + ex.toString());
}
}
}
And the results provided:
Should have 2 A records, 4 CNAME and 5 TXT records...
Running iMCDNS
record: iditsecurity.com. 4503 IN TXT "google-site-verification=VvXfVc-hr0dK3pzjc3yiAaDsK-tlFAMX7Xt3soYXByc"
record: iditsecurity.com. 4503 IN TXT "google-site-verification=8W17El_6uLvJ0WLxEsgIKt9hKRPuz6yN9U_ke9l0i7E"
record: iditsecurity.com. 4360 IN MX 10 mx1.netsolmail.net.
java dns
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
Good afternoon,
I'm working on a network discovery effort, and need to get all records for a domain. When I use DNSJava, its not the complete set. CNAME's aren't present, and not all TXT records, or A records.
Is there a better way to go about this?
Here's my code:
package iMCDNS;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.xbill.DNS.Lookup;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
public class iMCDNS {
public static void main(String args) {
System.out.println("Running iMCDNS");
try {
//this returned no records
// DirContext ctx = new InitialDirContext(env);
// Attributes atts = ctx.getAttributes("iditsecurity.com", new String {"CNAME"});
//
// System.out.println("Attributes size: " + atts.size());
//
// NamingEnumeration<? extends Attribute> e = atts.getAll();
//
//
// while(e.hasMore()) {
// System.out.println(e.next().get());
// }
//this also returns no CNAME records
Record rs = new Lookup("iditsecurity.com", Type.ANY).run();
if (rs!=null)
{
int javaDNSLen = rs.length;
for (int i = 0;i < javaDNSLen; i++)
{
System.out.println("record: " + rs[i].toString());
}
} else {
System.out.println("No records found");
}
} catch (Exception ex) {
System.out.println("Exception occurred: " + ex.toString());
}
}
}
And the results provided:
Should have 2 A records, 4 CNAME and 5 TXT records...
Running iMCDNS
record: iditsecurity.com. 4503 IN TXT "google-site-verification=VvXfVc-hr0dK3pzjc3yiAaDsK-tlFAMX7Xt3soYXByc"
record: iditsecurity.com. 4503 IN TXT "google-site-verification=8W17El_6uLvJ0WLxEsgIKt9hKRPuz6yN9U_ke9l0i7E"
record: iditsecurity.com. 4360 IN MX 10 mx1.netsolmail.net.
java dns
java dns
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
asked Nov 13 '18 at 17:54
Steve MansfieldSteve Mansfield
64
64
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
First, you should define "get all records for a domain" more precisely.
Also, in passing, if you are at apex of a zone, you can not have CNAME records because they can not coexist with any other ones, and apex already has NS and SOA records by design.
Second, do not use type ANY to do your DNS queries. For whatever reasons this is read as ALL but it does not have this semantic at all and will not produce the results you expect. ANY towards a recursive caching nameserver will get you back the list of current records in the resolver cache, which is NOT all records related to the domain. There is in fact work to deprecate completely this (virtual) type, see: https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ (and more explanations in non technical terms at https://nelsonslog.wordpress.com/2016/09/07/dns-any-requests-are-deprecated/ or https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/)
So then you will ask: This is fine, but then how to do it?
It then loops back to first point. You will need to define with record types you want (A, AAAA, TXT, etc.) and then loop over them to retrieve all of them.
It is not always simple as that for at least two reasons:
* TXT is becoming nowadays a catch all and transports a lot of things: SPF, DKIM, DMARC, etc.
* and specifically for DKIM or the same for SRV in fact, you need to query domains with a specific structure (like _service._transport.example.com for SRV) so you can not "auto-discover" all records, you need to know which one you need (or start with a list to test)
I would also recommend that you specify which nameservers you are using, because if it is a recursive one you will gain get results from its cache, with the associated TTL which may or may not be what you want/need. So you may be better querying the (one) authoritative nameserver of the domain.
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53286891%2fget-complete-zone-records-from-dns-dnsjava-doesnt-return-all-records%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
First, you should define "get all records for a domain" more precisely.
Also, in passing, if you are at apex of a zone, you can not have CNAME records because they can not coexist with any other ones, and apex already has NS and SOA records by design.
Second, do not use type ANY to do your DNS queries. For whatever reasons this is read as ALL but it does not have this semantic at all and will not produce the results you expect. ANY towards a recursive caching nameserver will get you back the list of current records in the resolver cache, which is NOT all records related to the domain. There is in fact work to deprecate completely this (virtual) type, see: https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ (and more explanations in non technical terms at https://nelsonslog.wordpress.com/2016/09/07/dns-any-requests-are-deprecated/ or https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/)
So then you will ask: This is fine, but then how to do it?
It then loops back to first point. You will need to define with record types you want (A, AAAA, TXT, etc.) and then loop over them to retrieve all of them.
It is not always simple as that for at least two reasons:
* TXT is becoming nowadays a catch all and transports a lot of things: SPF, DKIM, DMARC, etc.
* and specifically for DKIM or the same for SRV in fact, you need to query domains with a specific structure (like _service._transport.example.com for SRV) so you can not "auto-discover" all records, you need to know which one you need (or start with a list to test)
I would also recommend that you specify which nameservers you are using, because if it is a recursive one you will gain get results from its cache, with the associated TTL which may or may not be what you want/need. So you may be better querying the (one) authoritative nameserver of the domain.
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
add a comment |
First, you should define "get all records for a domain" more precisely.
Also, in passing, if you are at apex of a zone, you can not have CNAME records because they can not coexist with any other ones, and apex already has NS and SOA records by design.
Second, do not use type ANY to do your DNS queries. For whatever reasons this is read as ALL but it does not have this semantic at all and will not produce the results you expect. ANY towards a recursive caching nameserver will get you back the list of current records in the resolver cache, which is NOT all records related to the domain. There is in fact work to deprecate completely this (virtual) type, see: https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ (and more explanations in non technical terms at https://nelsonslog.wordpress.com/2016/09/07/dns-any-requests-are-deprecated/ or https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/)
So then you will ask: This is fine, but then how to do it?
It then loops back to first point. You will need to define with record types you want (A, AAAA, TXT, etc.) and then loop over them to retrieve all of them.
It is not always simple as that for at least two reasons:
* TXT is becoming nowadays a catch all and transports a lot of things: SPF, DKIM, DMARC, etc.
* and specifically for DKIM or the same for SRV in fact, you need to query domains with a specific structure (like _service._transport.example.com for SRV) so you can not "auto-discover" all records, you need to know which one you need (or start with a list to test)
I would also recommend that you specify which nameservers you are using, because if it is a recursive one you will gain get results from its cache, with the associated TTL which may or may not be what you want/need. So you may be better querying the (one) authoritative nameserver of the domain.
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
add a comment |
First, you should define "get all records for a domain" more precisely.
Also, in passing, if you are at apex of a zone, you can not have CNAME records because they can not coexist with any other ones, and apex already has NS and SOA records by design.
Second, do not use type ANY to do your DNS queries. For whatever reasons this is read as ALL but it does not have this semantic at all and will not produce the results you expect. ANY towards a recursive caching nameserver will get you back the list of current records in the resolver cache, which is NOT all records related to the domain. There is in fact work to deprecate completely this (virtual) type, see: https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ (and more explanations in non technical terms at https://nelsonslog.wordpress.com/2016/09/07/dns-any-requests-are-deprecated/ or https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/)
So then you will ask: This is fine, but then how to do it?
It then loops back to first point. You will need to define with record types you want (A, AAAA, TXT, etc.) and then loop over them to retrieve all of them.
It is not always simple as that for at least two reasons:
* TXT is becoming nowadays a catch all and transports a lot of things: SPF, DKIM, DMARC, etc.
* and specifically for DKIM or the same for SRV in fact, you need to query domains with a specific structure (like _service._transport.example.com for SRV) so you can not "auto-discover" all records, you need to know which one you need (or start with a list to test)
I would also recommend that you specify which nameservers you are using, because if it is a recursive one you will gain get results from its cache, with the associated TTL which may or may not be what you want/need. So you may be better querying the (one) authoritative nameserver of the domain.
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
First, you should define "get all records for a domain" more precisely.
Also, in passing, if you are at apex of a zone, you can not have CNAME records because they can not coexist with any other ones, and apex already has NS and SOA records by design.
Second, do not use type ANY to do your DNS queries. For whatever reasons this is read as ALL but it does not have this semantic at all and will not produce the results you expect. ANY towards a recursive caching nameserver will get you back the list of current records in the resolver cache, which is NOT all records related to the domain. There is in fact work to deprecate completely this (virtual) type, see: https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/ (and more explanations in non technical terms at https://nelsonslog.wordpress.com/2016/09/07/dns-any-requests-are-deprecated/ or https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/)
So then you will ask: This is fine, but then how to do it?
It then loops back to first point. You will need to define with record types you want (A, AAAA, TXT, etc.) and then loop over them to retrieve all of them.
It is not always simple as that for at least two reasons:
* TXT is becoming nowadays a catch all and transports a lot of things: SPF, DKIM, DMARC, etc.
* and specifically for DKIM or the same for SRV in fact, you need to query domains with a specific structure (like _service._transport.example.com for SRV) so you can not "auto-discover" all records, you need to know which one you need (or start with a list to test)
I would also recommend that you specify which nameservers you are using, because if it is a recursive one you will gain get results from its cache, with the associated TTL which may or may not be what you want/need. So you may be better querying the (one) authoritative nameserver of the domain.
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
answered Nov 13 '18 at 22:42
Patrick MevzekPatrick Mevzek
3,52191529
3,52191529
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53286891%2fget-complete-zone-records-from-dns-dnsjava-doesnt-return-all-records%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
