You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice to have a knob to control whether the RD (Recursion Desired) bit is set.
I'm in a situation where I am talking to an internal DNS server that is authoritative for some zones, but I do not know which. It has upstream forwarders configured, however those upstreams will not actually answer the questions it is forwarding on my behalf.
To Reproduce
...You probably can't, without this strange setup, but here's an example of how unsetting RD makes a huge difference:
# time dig -x 10.0.1.2
;; communications error to 10.3.1.37#53: timed out
;; communications error to 10.3.1.37#53: timed out
;; communications error to 10.3.1.37#53: timed out
;; communications error to 10.3.1.37#53: timed out
; <<>> DiG 9.20.1-1-Debian <<>> -x 10.0.1.2
;; global options: +cmd
;; no servers could be reached
real 0m20.035s
user 0m0.010s
sys 0m0.011s
A ~20s timeout between requests is also reflected in dnsrecon's performance (albeit with multiple parallel queries timing out at once).
It would be nice if there was a flag to dnsrecon to expose this / turn off RD; AFAIK there isn't one. There is a --disable_check_recursion but that is different.
The text was updated successfully, but these errors were encountered:
Feature Request
It would be nice to have a knob to control whether the RD (Recursion Desired) bit is set.
I'm in a situation where I am talking to an internal DNS server that is authoritative for some zones, but I do not know which. It has upstream forwarders configured, however those upstreams will not actually answer the questions it is forwarding on my behalf.
To Reproduce
...You probably can't, without this strange setup, but here's an example of how unsetting RD makes a huge difference:
A ~20s timeout between requests is also reflected in
dnsrecon
's performance (albeit with multiple parallel queries timing out at once).OTOH, turning off RD fails quickly:
The
dns.message.make_query
call does support passing flags, and there's an example of settingflags=0
to turn off RD here:https://github.com/rthalley/dnspython/blob/main/examples/query_specific.py
It would be nice if there was a flag to
dnsrecon
to expose this / turn off RD; AFAIK there isn't one. There is a--disable_check_recursion
but that is different.The text was updated successfully, but these errors were encountered: