UNPKG

@layered/dns-records

Version:

Discover publicly available DNS Records for a domain

github.com/LayeredStudio/dns-records

LayeredStudio/dns-records

228 lines (227 loc) 8.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
import { getDnsRecords } from './get-dns-records.js'; import { subdomainsRecords } from './subdomains.js'; import { validatedDomain } from './utils.js'; /** * Discover all DNS records for a domain name and stream each record as a text line. * * @param domain Valid domain name, without subdomain or protocol. * @param options Options for DNS resolver, extra subdomains to check, etc. * @returns ReadableStream of DNS records. */ export function getAllDnsRecordsStream(domain, options) { options = { subdomains: [], commonSubdomainsCheck: true, ...(options || {}), }; domain = validatedDomain(domain); const encoder = new TextEncoder(); const { readable, writable } = new TransformStream(); const writer = writable.getWriter(); // List of unique records sent, to avoid duplicates const recordsHashes = new Set(); // records that can expose subdomains const subdomainsChecked = []; const subdomainsExtra = []; if (options.subdomains) { subdomainsExtra.push(...options.subdomains); } if (options.commonSubdomainsCheck) { subdomainsExtra.push(...subdomainsRecords); } const sendRecord = (record) => { const hash = `${record.name}-${record.type}-${record.data}`; if (!recordsHashes.has(hash) && record.name.endsWith(domain)) { recordsHashes.add(hash); writer.write(encoder.encode([record.name, record.ttl, 'IN', record.type, record.data].join('\t'))); } }; let runningChecks = 5; const sendRecords = (records) => { records.forEach(r => sendRecord(r)); reqDone(); }; const reqDone = () => { // if we have all the records, check for subdomains if (--runningChecks === 0) { // check for A,AAAA,CNAME subdomains while (subdomainsExtra.length) { const subdomain = subdomainsExtra.shift(); if (subdomain && !subdomainsChecked.includes(subdomain)) { runningChecks++; subdomainsChecked.push(subdomain); getDnsRecords(`${subdomain}.${domain}`, 'A', options.resolver).then(sendRecords); } } //todo check for txt records for subdomains } if (runningChecks === 0) { writer.close(); } }; const addSubdomain = (value) => { value = value.endsWith('.') ? value.slice(0, -1) : value; if (value.endsWith(`.${domain}`)) { const subdomain = value.replace(`.${domain}`, ''); if (!subdomainsExtra.includes(subdomain)) { subdomainsExtra.push(subdomain); } } }; // first check - NS records getDnsRecords(domain, 'NS', options.resolver).then(nsRecords => { if (nsRecords.length) { nsRecords.forEach(r => { sendRecord(r); if (r.data.includes(domain)) { addSubdomain(r.data); } }); getDnsRecords(domain, 'SOA', options.resolver).then(sendRecords); //getDnsRecords(domain, 'CAA').then(sendRecords) getDnsRecords(domain, 'A', options.resolver).then(sendRecords); getDnsRecords(domain, 'AAAA', options.resolver).then(sendRecords); getDnsRecords(domain, 'MX', options.resolver).then(records => { records.forEach(r => { if (r.data.includes(domain)) { const parts = r.data.split(' '); if (parts.length > 1) { addSubdomain(String(parts[1])); } } }); sendRecords(records); }); getDnsRecords(domain, 'TXT', options.resolver).then(records => { records.forEach(r => { // extract subdomains from SPF records // https://datatracker.ietf.org/doc/html/rfc7208 if (r.data.includes('v=spf1') && r.data.includes(domain)) { r.data.split(' ').forEach(spf => { if (spf.startsWith('include:') && spf.endsWith(domain)) { addSubdomain(spf.replace('include:', '')); } else if (spf.startsWith('a:') && spf.endsWith(domain)) { addSubdomain(spf.replace('a:', '')); } else if (spf.startsWith('mx:') && spf.endsWith(domain)) { addSubdomain(spf.replace('mx:', '')); } }); } }); sendRecords(records); }); } else { writer.close(); } }); return readable; } /** * Discover all DNS records for a domain name and return an array of records. * * @param domain Valid domain name. * @param options Options for DNS resolver, extra subdomains to check, etc. * @returns Array of all `DnsRecord` discovered for the domain, with wildcard record added. * * @example Get all DNS records for example.com with best-for-runtime DNS resolver * ```js * import { getAllDnsRecords } from '@layered/dns-records' * * const records = await getAllDnsRecords('example.com') * ``` * * @example Get all DNS records from `cloudflare-dns` DNS resolver * ```js * import { getAllDnsRecords } from '@layered/dns-records' * * const records = await getAllDnsRecords('example.com', { * resolver: 'cloudflare-dns', * }) * ``` */ export async function getAllDnsRecords(domain, options) { const records = []; const dnsRecordsStream = getAllDnsRecordsStream(domain, options); const reader = dnsRecordsStream.getReader(); return new Promise((resolve, reject) => { const read = () => { reader.read().then(({ done, value }) => { if (done) { resolve(detectWildcardRecords(domain, records)); } else { records.push(parseDnsRecord(value)); read(); } }).catch(reject); }; read(); }); } /** * Parse a DNS record string into a DnsRecord object. * * @param record DNS record string. * @returns `DnsRecord` object. */ export function parseDnsRecord(record) { if (record instanceof Uint8Array) { record = new TextDecoder().decode(record); } const parts = record.split('\t'); if (parts.length < 5 || parts[2] !== 'IN') { throw new Error(`Invalid DNS record: ${record}`); } return { name: String(parts[0]), ttl: Number(parts[1]), type: String(parts[3]), data: String(parts[4]), }; } /** * Detect wildcard DNS records and return a new array with the wildcard record added. * * @param domain Domain name. * @param records Array of DNS records. * @param percent Percentage of records with the same data to consider a wildcard. * @returns Array of DNS records with wildcard records grouped as `*.domain`. */ export function detectWildcardRecords(domain, records, percent = 0.15) { const sameDataGroup = {}; const wildcardsFound = []; records.forEach(record => { if (['A', 'AAAA', 'CNAME'].includes(record.type)) { const key = `${record.type}-${record.data}`; sameDataGroup[key] ||= 0; sameDataGroup[key]++; } }); const recordsWithWildcard = []; records.forEach(record => { if (['A', 'AAAA', 'CNAME'].includes(record.type)) { const key = `${record.type}-${record.data}`; const sameData = sameDataGroup[key] || 0; const recordTypeLength = records.filter(r => r.type === record.type).length; // ?? make the formula easier to understand, already don't know how it works if (sameData / recordTypeLength < percent || recordTypeLength < subdomainsRecords.length / 2) { recordsWithWildcard.push(record); } else if (!wildcardsFound.includes(key)) { wildcardsFound.push(key); recordsWithWildcard.push({ ...record, name: `*.${domain}`, }); } } else { recordsWithWildcard.push(record); } }); return recordsWithWildcard; } export { getDnsRecords };