update

BUGS.txt

@@ -0,0 +1 @@
+Currently allows labels to be terminated by rdata length. This was a mistake. They should always be terminated by a null character.

CHANGELOG

@@ -0,0 +1,6 @@
+v1.3.6 - A suitable replacement for most of my uses for big
+    * Can capture dns packets in binary and JSON
+    * Parses common record types including:
+        * A,AAAA,CAA,CNAME,MX,NS,PTR,SOA,SRV,TXT
+        * Arbitrary TYPExxx support
+    * Known Bug: should error when label in rdata is not null terminated

LICENSE

@@ -0,0 +1,41 @@
+Copyright 2017 AJ ONeal
+
+This is open source software; you can redistribute it and/or modify it under the
+terms of either:
+
+   a) the "MIT License"
+   b) the "Apache-2.0 License"
+
+MIT License
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+Apache-2.0 License Summary
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.md

@@ -1,7 +1,11 @@
 dig.js
 ======
 
-| [dns-suite](https://git.daplie.com/Daplie/dns-suite) | **dig.js** | [digd.js](https://git.daplie.com/Daplie/digd.js) |
+| [dns-suite](https://git.coolaj86.com/coolaj86/dns-suite)
+| **dig.js**
+| [mdig.js](https://git.coolaj86.com/coolaj86/mdig.js)
+| [digd.js](https://git.coolaj86.com/coolaj86/digd.js)
+| Sponsored by [ppl](https://ppl.family)[.](https://dapliefounder.com)
 
 Create and capture DNS and mDNS query and response packets to disk as binary and/or JSON.
 Options are similar to the Unix `dig` command. Supports dns0x20 security checking.
@@ -13,18 +17,18 @@ Install
 
 ```bash
 # Install the latest of v1.x
-npm install -g 'git+https://git@git.daplie.com/Daplie/dig.js.git#v1'
+npm install -g 'git+https://git.coolaj86.com/coolaj86/dig.js.git#v1'
 ```
 
 ```bash
 # Install exactly v1.0.0
-npm install -g 'git+https://git@git.daplie.com/Daplie/dig.js.git#v1.0.0'
+npm install -g 'git+https://git.coolaj86.com/coolaj86/dig.js.git#v1.0.0'
 ```
 
 ### without git
 
 Don't have git? Well, you can also bow down to the gods of the centralized, monopolized, concentrated, *dictator*net
-(as we like to call it here at Daplie Labs), if that's how you roll:
+(as we like to call it here at ppl Labs), if that's how you roll:
 
 ```bash
 npm install -g dig.js
@@ -40,7 +44,7 @@ dig.js [TYPE] <domainname>
 **Example**:
 
 ```bash
-dig.js daplie.com
+dig.js coolaj86.com
 ```
 
 ### mDNS Browser Example
@@ -60,9 +64,9 @@ dig.js -p 5353 @224.0.0.251 PTR _services._dns-sd._udp.local +time=3
 ### Moar Examples
 
 ```bash
-dig.js A daplie.com
+dig.js A coolaj86.com
 
-dig.js @8.8.8.8 A daplie.com
+dig.js @8.8.8.8 A coolaj86.com
 ```
 
 Options
@@ -73,10 +77,10 @@ Options
 
 --mdns                      Use mDNS port and nameserver address, and listen for multiple packets
 
--t <type> (superfluous)     default ANY (mdns default: PTR)
+-t <type> (superfluous)     A, CNAME, MX, etc. Also supports -t type<decimal> for "unsupported" types. default ANY (mdns default: PTR)
 -c <class>                  default IN
 -p <port>                   default 53 (mdns default: 5353) (listener is random for DNS and 5353 for mDNS)
--q <query> (superfluous)    required (ex: daplie.com)
+-q <query> (superfluous)    required (ex: coolaj86.com)
 --nameserver <ns>           alias of @<nameserver>
 --timeout <ms>              alias of +time=<seconds>, but in milliseconds
 
@@ -90,3 +94,10 @@ Options
 
 --debug                     verbose output
 ```
+
+Security Concerns
+-----------------
+
+The 16-bit `id` of the query must match that of the response.
+
+Extra entropy is added by using `dns0x20`, the de facto standard for RanDOmCASiNg on the query which must be matched in the response.

bin/dig.js

@@ -4,6 +4,7 @@
 var dig = require('../dns-request');
 var cli = require('cli');
 var defaultNameservers = require('dns').getServers();
+var typeRe = /^type\d+$/i;
 
 cli.parse({
 //  'b': [ false, 'set source IP address (defaults to 0.0.0.0)', 'string' ]
@@ -21,7 +22,7 @@ cli.parse({
 , 'nameserver': [ false, 'the nameserver to use for DNS resolution (defaults to ' + defaultNameservers.join(',') + ')', 'string' ]
 //, 'serve': [ 's', 'path to json file with array of responses to issue for given queries', 'string' ]
 , 'type': [ 't', 'type (defaults to ANY for dns and PTR for mdns)', 'string' ]
-, 'query': [ 'q', 'a superfluous explicit option to set the query as a command line flag' ]
+, 'query': [ 'q', 'a superfluous explicit option to set the query as a command line flag', 'string' ]
 , 'norecase': [ false, 'Disable dns0x20 security checking (mixed casing). See https://dyn.com/blog/use-of-bit-0x20-in-dns-labels/' ]
 , 'recase': [ false, "Print the dns0x20 casing as-is rather than converting it back to lowercase. This is the default when explicitly using mixed case." ]
 });
@@ -29,14 +30,16 @@ cli.parse({
 var common = require('../common.js');
 
 cli.main(function (args, cli) {
+  cli.implicitType = cli.type;
+  cli.implicitQuery = cli.query;
   args.forEach(function (arg) {
-    if (-1 !== common.types.concat([ 'ANY' ]).indexOf(arg.toUpperCase())) {
-      if (cli.type) {
+    if (typeRe.test(arg) || -1 !== common.types.concat([ 'ANY' ]).indexOf(arg.toUpperCase())) {
+      if (cli.implicitType) {
         console.error("'type' was specified more than once");
         process.exit(1);
         return;
       }
-      cli.type = cli.t = arg.toUpperCase();
+      cli.implicitType = cli.t = arg.toUpperCase();
       return;
     }
 
@@ -80,15 +83,41 @@ cli.main(function (args, cli) {
       return;
     }
 
-    if (cli.query) {
-      console.error("'query' was specified more than once or unrecognized flag: " + cli.query + ", " + arg);
+    if ('string' === typeof cli.implicitQuery) {
+      console.error("'query' was specified more than once or unrecognized flag: " + cli.implicitQuery + ", " + arg);
       process.exit(1);
       return;
     }
-    cli.query = cli.q = arg;
+    cli.implicitQuery = cli.q = arg;
 
   });
 
+
+  // it can happen that a TLD is created with the name of a common type
+  if (!cli.type && cli.implicitType && !cli.implicitQuery) {
+    cli.implicitQuery = cli.implicitType;
+    cli.implicitType = null;
+  }
+  if ('string' === typeof cli.implicitQuery) {
+    cli.query = cli.implicitQuery;
+  }
+  if (cli.implicitType) {
+    cli.type = cli.implicitType;
+  }
+  if ('string' !== typeof cli.query) {
+    console.error('');
+    console.error('Usage:');
+    console.error('dig.js [@server] [TYPE] [domain]');
+    console.error('');
+    console.error('Example:');
+    console.error('dig.js daplie.com');
+    console.error('');
+    process.exit(1);
+  }
+  if (cli.query !== cli.query.toLowerCase()) {
+    cli.norecase = true;
+  }
+
   if (cli.mdns) {
     if (!cli.type) {
       cli.type = cli.t = 'PTR';
@@ -99,7 +128,7 @@ cli.main(function (args, cli) {
     if (!cli.nameserver) {
       cli.nameserver = '224.0.0.251';
     }
-    if (!cli.query) {
+    if ('string' !== typeof cli.query) {
       cli.query = '_services._dns-sd._udp.local';
     }
     if (!cli.timeout) {
@@ -111,10 +140,6 @@ cli.main(function (args, cli) {
     }
   }
 
-  if (cli.query !== cli.query.toLowerCase()) {
-    cli.norecase = true;
-  }
-
   if (!cli.norecase) {
     cli.casedQuery = cli.query.split('').map(function (ch) {
       // dns0x20 takes advantage of the fact that the binary operation for toUpperCase is
@@ -128,22 +153,15 @@ cli.main(function (args, cli) {
   if (!cli.type) {
     cli.type = cli.t = 'ANY';
   }
+  if (typeRe.test(cli.type)) {
+    cli.rawType = parseInt(cli.type.replace('type', ''), 10);
+  }
   if (!cli.port) {
     cli.port = cli.p = 53;
   }
   if (!cli.class) {
     cli.class = cli.c = 'IN';
   }
-  if (!cli.query) {
-    console.error('');
-    console.error('Usage:');
-    console.error('dig.js [@server] [TYPE] [domain]');
-    console.error('');
-    console.error('Example:');
-    console.error('dig.js daplie.com');
-    console.error('');
-    process.exit(1);
-  }
 
   var query = {
     header: {
@@ -158,7 +176,8 @@ cli.main(function (args, cli) {
     }
   , question: [
       { name: cli.casedQuery
-      , typeName: cli.type
+      , type: cli.rawType
+      , typeName: cli.rawType ? undefined : cli.type
       , className: cli.class
       }
     ]
@@ -186,9 +205,12 @@ cli.main(function (args, cli) {
 
   cli.onMessage = function (nb) {
     var packet = dnsjs.DNSPacket.parse(nb.buffer.slice(nb.byteOffset, nb.byteOffset + nb.byteLength));
+    var fail0x20;
 
     if (packet.id !== query.id) {
-      console.log('ignoring packet for ', packet.question[0].name);
+      console.error('[SECURITY] ignoring packet for \'' + packet.question[0].name + '\' due to mismatched id');
+      console.error(packet);
+      return;
     }
 
     if (cli.debug) {
@@ -197,12 +219,19 @@ cli.main(function (args, cli) {
       console.log(packet);
     }
 
+    packet.question.forEach(function (q) {
+      // if (-1 === q.name.lastIndexOf(cli.casedQuery))
+      if (q.name !== cli.casedQuery) {
+        fail0x20 = q.name;
+      }
+    });
+
     if (!cli.norecase && !cli.recase) {
       [ 'question', 'answer', 'authority', 'additional' ].forEach(function (group) {
         (packet[group]||[]).forEach(function (a) {
           var an = a.name;
-          var i = cli.query.toLowerCase().indexOf(a.name.toLowerCase());  // answer is something like ExAMPle.cOM and query was wWw.ExAMPle.cOM
-          var j = a.name.toLowerCase().indexOf(cli.query.toLowerCase());  // answer is something like www.ExAMPle.cOM and query was ExAMPle.cOM
+          var i = cli.query.toLowerCase().lastIndexOf(a.name.toLowerCase());  // answer is something like ExAMPle.cOM and query was wWw.ExAMPle.cOM
+          var j = a.name.toLowerCase().lastIndexOf(cli.query.toLowerCase());  // answer is something like www.ExAMPle.cOM and query was ExAMPle.cOM
 
           // it's important to note that these should only relpace changes in casing that we expected
           // any abnormalities should be left intact to go "huh?" about
@@ -210,7 +239,7 @@ cli.main(function (args, cli) {
           if (-1 !== i) {
             // "EXamPLE.cOm".replace("wWw.EXamPLE.cOm".substr(4), "www.example.com".substr(4))
             a.name = a.name.replace(cli.casedQuery.substr(i), cli.query.substr(i));
-          } else {
+          } else if (-1 !== j) {
             // "www.example.com".replace("EXamPLE.cOm", "example.com")
             a.name = a.name.substr(0, j) + a.name.substr(j).replace(cli.casedQuery, cli.query);
           }
@@ -219,20 +248,19 @@ cli.main(function (args, cli) {
           // it does not handle the case of a record for example.com.uk being returned in response to a query for www.example.com correctly
           // (but I don't think it should need to)
           if (a.name.length !== an.length) {
-            console.error("[ERROR] '" + an + "' != '" + a.length + "'");
+            console.error("[ERROR] question / answer mismatch: '" + an + "' != '" + a.length + "'");
+            console.error(a);
           }
         });
       });
     }
 
-    packet.question.forEach(function (q) {
-      // if (-1 === q.name.indexOf(cli.casedQuery))
-      if (q.name !== cli.casedQuery) {
+    if (fail0x20) {
       console.warn("");
-        console.warn(";; Warning: DNS 0x20 security not implemented (or packet spoofed). Queried '" + cli.casedQuery + "' but got response for '" + q.name + "'.");
+      console.warn(";; Warning: DNS 0x20 security not implemented (or packet spoofed). Queried '" + cli.casedQuery + "' but got response for '" + fail0x20 + "'.");
       console.warn("");
     }
-    });
+
     console.log(';; Got answer:');
     dig.logQuestion(packet);
 

common.js

@@ -6,7 +6,7 @@ module.exports = {
   types: [ 'A', 'AAAA', 'CNAME', 'MX', 'NS', 'PTR', 'SOA', 'SRV', 'TXT' ]
 , printers: {
     'ANY': function (q) {
-      console.log(';' + q.name + '.', q.ttl, q.className, q.typeName, q.data || q.rdata || 'unknown record type');
+      console.log(';' + q.name + '.', q.ttl, (q.className || q.class), (q.typeName || ('type' + q.type)), q.data || q.rdata || 'unknown record type');
     }
 
   , 'A': function (q) {
@@ -43,8 +43,10 @@ module.exports = {
   }
 , writeQuery: function (opts, query, queryAb) {
     var path = require('path');
-    var binname = query.question[0].name + '.' + query.question[0].typeName.toLowerCase() + '.query.bin';
-    var jsonname = query.question[0].name + '.' + query.question[0].typeName.toLowerCase() + '.query.json';
+    var basename = query.question[0].name + '.'
+      + (query.question[0].typeName||query.question[0].type.toString()).toLowerCase();
+    var binname =  basename + '.query.bin';
+    var jsonname = basename + '.query.json';
     var binpath = opts.output + '.' + binname;
     var jsonpath = opts.output + '.' + jsonname;
     var json = JSON.stringify(query, null, 2);
@@ -64,8 +66,10 @@ module.exports = {
     var me = this;
     me._count = me._count || 0;
     var path = require('path');
-    var binname = query.question[0].name + '.' + query.question[0].typeName.toLowerCase() + '.' + me._count + '.bin';
-    var jsonname = query.question[0].name + '.' + query.question[0].typeName.toLowerCase() + '.' + me._count + '.json';
+    var basename = query.question[0].name + '.'
+      + (query.question[0].typeName||query.question[0].type.toString()).toLowerCase();
+    var binname = basename + '.' + me._count + '.bin';
+    var jsonname = basename + '.' + me._count + '.json';
     var binpath = opts.output + '.' + binname;
     var jsonpath = opts.output + '.' + jsonname;
     var json = JSON.stringify(packet, null, 2);

dns-request.js

@@ -4,28 +4,34 @@ var dnsjs = require('dns-suite');
 var crypto = require('crypto');
 var dgram = require('dgram');
 
+var RCODES = {
+  0: 'NOERROR'
+, 3: 'NXDOMAIN'
+, 5: 'REFUSED'
+};
+
 function logQuestion(packet) {
   var flags = "";
 
   // TODO opcode 0 QUERY rcode 0 NOERROR
-  console.log(';; ->>HEADER<<- [opcode: ' + packet.header.opcode + ', status: ' + packet.header.rcode + '], id: ' + packet.header.id);
-  if (packet.header.tc) { console.log("Truncated [tc] (we don't know the normal way to print a tc packet... you should record this with -o tc-packet.dig and send it to us)"); }
+  console.info(';; ->>HEADER<<- [opcode: ' + packet.header.opcode + ', status: ' + (RCODES[packet.header.rcode] || packet.header.rcode) + '], id: ' + packet.header.id);
+  if (packet.header.tc) { console.info("Truncated [tc] (we don't know the normal way to print a tc packet... you should record this with -o tc-packet.dig and send it to us)"); }
   flags += ";; flags:";
   if (packet.header.qr) { flags += " qr"; }
   if (packet.header.aa) { flags += " aa"; }
   if (packet.header.rd) { flags += " rd"; }
   if (packet.header.ra) { flags += " ra"; }
   flags += "; QUERY: " + packet.question.length + ", ANSWER: " + packet.answer.length + ", AUTHORITY: " + packet.authority.length + ", ADDITIONAL: " + packet.additional.length;
-  console.log(flags);
-  if (packet.header.res1) { console.log("[res1] (we don't know how to print a packet with res1 yet)"); }
-  if (packet.header.res2) { console.log("[res2] (we don't know how to print a packet with res2 yet)"); }
-  if (packet.header.res3) { console.log("[res3] (we don't know how to print a packet with res2 yet)"); }
+  console.info(flags);
+  if (packet.header.res1) { console.info("[res1] (we don't know how to print a packet with res1 yet)"); }
+  if (packet.header.res2) { console.info("[res2] (we don't know how to print a packet with res2 yet)"); }
+  if (packet.header.res3) { console.info("[res3] (we don't know how to print a packet with res2 yet)"); }
   // {"id":32736,"qr":1,"opcode":0,"aa":0,"tc":0,"rd":1,"ra":0,"res1":0,"res2":0,"res3":0,"rcode":5}
   //console.log(JSON.stringify(packet.header));
-  console.log('');
-  console.log(';; QUESTION SECTION:');
+  console.info('');
+  console.info(';; QUESTION SECTION:');
   packet.question.forEach(function (q) {
-    console.log(';' + q.name + '.', ' ', q.className, q.typeName);
+    console.info(';' + q.name + '.', ' ', q.className, q.typeName || ('type' + q.type));
   });
 }
 
@@ -102,11 +108,28 @@ function resolve(queryAb, opts) {
 }
 
 function resolveJson(query, opts) {
-  var queryAb = dnsjs.DNSPacket.write(query);
+  var queryAb;
+  try {
+    queryAb = dnsjs.DNSPacket.write(query);
+  } catch(e) {
+    if ('function' === typeof opts.onError) { opts.onError(e); return; }
+    throw e;
+  }
+
+  //console.log('[DEV] nameserver', opts.nameserver);
   var options = {
     onError: opts.onError
   , onMessage: function (nb) {
-      var packet = dnsjs.DNSPacket.parse(nb.buffer.slice(nb.byteOffset, nb.byteOffset + nb.byteLength));
+      var packet;
+      try {
+        packet = dnsjs.DNSPacket.parse(nb.buffer.slice(nb.byteOffset, nb.byteOffset + nb.byteLength));
+      } catch(e) {
+        if (opts.onError) { opts.onError(e); return; }
+
+        console.error("[Error] couldn't parse incoming message");
+        console.error(e);
+        return;
+      }
 
       opts.onMessage(packet);
     }

package.json

@@ -1,8 +1,9 @@
 {
   "name": "dig.js",
-  "version": "1.3.0",
+  "version": "1.3.9",
   "description": "Create and capture DNS and mDNS query and response packets to disk as binary and/or JSON. Options are similar to the Unix `dig` command.",
   "main": "index.js",
+  "homepage": "https://git.coolaj86.com/coolaj86/dig.js",
   "bin": {
     "dig.js": "./bin/dig.js"
   },
@@ -11,7 +12,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git@git.daplie.com:Daplie/dig.js.git"
+    "url": "git://git.coolaj86.com:coolaj86/dig.js.git"
   },
   "keywords": [
     "mdig",
@@ -33,17 +34,16 @@
     "binary",
     "json"
   ],
-  "author": "AJ ONeal <aj@daplie.com> (https://daplie.com/)",
+  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
   "license": "(MIT OR Apache-2.0)",
   "bugs": {
-    "url": "https://git.daplie.com/Daplie/dig.js/issues"
+    "url": "https://git.coolaj86.com/coolaj86/dig.js/issues"
   },
-  "homepage": "https://git.daplie.com/Daplie/dig.js",
   "dependencies": {
     "cli": "^1.0.1",
-    "dns-suite": "git+https://git@git.daplie.com/Daplie/dns-suite#v1.1.0"
+    "dns-suite": "git+https://git.coolaj86.com/coolaj86/dns-suite.js#v1.2"
   },
   "optionalDependencies": {
-    "hexdump.js": "git+https://git@git.daplie.com/Daplie/hexdump.js#master"
+    "hexdump.js": "git+https://git.coolaj86.com/coolaj86/hexdump.js#v1.0.4"
   }
 }