Repeated DNS Discovery Chain #1635
Assignees
Labels
bug
Something isn't working
Comments
|
What is causing the same DNS and IP to be produced again and again? |
Merged
|
Could it be because the main host event got evicted from the cache? I think so. |
|
But even in the case of a cache miss, our code is searching through the parents. But....it's still emitting the children even if the parent was previously resolved. We should be able to solve this by just marking the parent as resolved to make sure we're only doing it once. |
|
Fixed in #1617. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{ "type": "DNS_NAME", "id": "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "scope_description": "in-scope", "data": "celonsprdapp01.us.dell.com", "host": "celonsprdapp01.us.dell.com", "resolved_hosts": [ "143.166.44.11" ], "dns_children": {}, "web_spider_distance": 0, "scope_distance": 0, "scan": "SCAN:835534a502062cf458f846f6c231d6eef65b547f", "timestamp": "2024-08-04T01:24:48.595637+00:00", "parent": "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "tags": [ "in-scope", "subdomain" ], "module": "PTR", "module_sequence": "PTR", "discovery_context": "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com", "discovery_path": [ [ "DNS_NAME:11dca2ba55f53ae34d3e2fe2506417047b8f28dd", "Scan dell.com-6 seeded with DNS_NAME: dell.com" ], [ "DNS_NAME:2da4a786201c882a3b51484450fb7b2ff5a23195", "crt searched crt API for \"dell.com\" and found DNS_NAME: ecomm2.dell.com" ], [ "OPEN_TCP_PORT:7e98d11526f2b1fb17c39c21a6f44c373723b619", "internetdb queried Shodan's InternetDB API for \"ecomm2.dell.com (143.166.28.131)\" and found OPEN_TCP_PORT: ecomm2.dell.com:443" ], [ "DNS_NAME:448c4fd4990512e84d583f206f50566dfd7c9ab6", "sslcert parsed SSL certificate at ecomm2.dell.com:443 and found DNS_NAME: carparking.us.dell.com" ], [ "IP_ADDRESS:6c7dea82c0ddece819d5511acf98bd39b8168c8b", "A record for carparking.us.dell.com contains IP_ADDRESS: 143.166.44.12" ], [ "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "ipneighbor produced IP_ADDRESS: 143.166.44.11" ], [ "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com" ], [ "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "A record for celonsprdapp01.us.dell.com contains IP_ADDRESS: 143.166.44.11" ], [ "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com" ], [ "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "A record for celonsprdapp01.us.dell.com contains IP_ADDRESS: 143.166.44.11" ], [ "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com" ], [ "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "A record for celonsprdapp01.us.dell.com contains IP_ADDRESS: 143.166.44.11" ], [ "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com" ], [ "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "A record for celonsprdapp01.us.dell.com contains IP_ADDRESS: 143.166.44.11" ], [ "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com" ], [ "IP_ADDRESS:b94c53889cc688723761283774d2ede2f2f5936c", "A record for celonsprdapp01.us.dell.com contains IP_ADDRESS: 143.166.44.11" ], [ "DNS_NAME:d271b15945803d725811af219f373d996ec6e13c", "PTR record for 143.166.44.11 contains DNS_NAME: celonsprdapp01.us.dell.com" ] ] }The text was updated successfully, but these errors were encountered: