Cdn check with domain and with dns response

[brenocss]

I have modified the cdncheck function to accept domains However, I believe it is better to use the second function that was created, which takes a dnsResponse as input. This reduces the number of DNS requests.

Summary by CodeRabbit

• New Features
  • Added a CDN type field to response output for richer CDN metadata.
  • CDN detection now reuses existing DNS resolution data when available to improve efficiency.
  • Improved fallback detection and diagnostic logging when reuse isn't possible, ensuring CDN flags are set consistently.

[brenocss]

echo www.gap.com | ./dnsx -cdn -json | jq

      _             __  __
   __| | _ __   ___ \ \/ /
  / _' || '_ \ / __| \  /
 | (_| || | | |\__ \ /  \
  \__,_||_| |_||___//_/\_\

                projectdiscovery.io

[INF] Current dnsx version 1.1.4 (latest)
{
  "host": "www.gap.com",
  "ttl": 2795,
  "resolver": [
    "1.0.0.1:53"
  ],
  "a": [
    "104.104.158.228"
  ],
  "cname": [
    "www.gap.com.edgekey.net",
    "e12405.x.akamaiedge.net"
  ],
  "all": [
    "www.gap.com.\t2795\tIN\tCNAME\twww.gap.com.edgekey.net.",
    "www.gap.com.edgekey.net.\t20795\tIN\tCNAME\te12405.x.akamaiedge.net.",
    "e12405.x.akamaiedge.net.\t20\tIN\tA\t104.104.158.228",
    "\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags:; udp: 1232"
  ],
  "status_code": "NOERROR",
  "timestamp": "2023-05-19T13:24:09.8923071-03:00",
  "cdn": true,
  "cdn-name": "akamai"
}

[Mzack9999]

@brenocss This is an excellent idea. The data in the response might not contain A or AAAA records since the user defines the question types. Probably we need a hybrid approach:

• If A|AAAA records are available, then we check the response
• Otherwise, we proceed with the previous direct check

What do you think?

[sleach]

This fixes a bug as well where a site use multi-cdn's. The first DNS query will pickup one CDN response, while that second call to CdnCheck will generate a possibly different CDN. So the CDN in the main response will say one, while the "cdn-name" parameter will contain a different one. So 👍 👍 If the request doesn't contain the A/AAAA records, you may still need to generate that second query as mentioned in the question above. I don't think you can avoid the issue in that case.

[brenocss]

@Mzack9999 did you find this use case?

[dogancanbakir]

merge conflict

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Updates CDN detection logic to properly capture CDNType return value from CdnCheckRespData function
• Adds fallback logic to set CDNType='cdn' when using the CdnCheck method that doesn't return type information
• Maintains consistency in CDN metadata population across both code paths (reuse vs fresh lookup)

_{Comment @pdneo help for available commands. · Open in Neo}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7fad7c1a-8c20-4cf9-b8c7-df4bcd4e9cc0

📥 Commits

Reviewing files that changed from the base of the PR and between 9c39c87 and a6e361d.

📒 Files selected for processing (1)

• internal/runner/runner.go

---

Walkthrough

The change reuses existing DNS response data for CDN detection when A, AAAA, or CNAME records are present, adding a DNSX method to check CDN from response data and a CDNType field; otherwise it falls back to the existing fresh CDN check.

Changes

Cohort / File(s)	Summary
DNSX Library Enhancements libs/dnsx/cdn.go, libs/dnsx/dnsx.go	Added CdnCheckRespData(dnsdata *retryabledns.DNSData) to allow CDN checks using existing DNS response data; added CDNType field to ResponseData; minor net.ParseIP call cleanup and import alias addition.
Runner Integration internal/runner/runner.go	Modified runner CDN detection to call CdnCheckRespData() when prior dnsData contains A, AAAA, or CNAME records; otherwise falls back to CdnCheck(domain) and sets dnsData.CDNType = "cdn" when appropriate.

Sequence Diagram

sequenceDiagram
    participant Runner as Runner
    participant DNSX as DNSX
    participant CDN as CDN Detector
    participant DNS as DNS Resolver

    Runner->>DNSX: QueryMultiple(domain)
    DNSX->>DNS: Resolve DNS records
    DNS-->>DNSX: Return dnsData (A/AAAA/CNAME or not)
    DNSX-->>Runner: Return dnsData

    alt dnsData has A/AAAA/CNAME
        Runner->>DNSX: CdnCheckRespData(dnsData)
        DNSX->>CDN: CheckDNSResponse(dnsData)
        CDN-->>DNSX: Return IsCDNIP, CDNName, CDNType
        DNSX-->>Runner: CDN detection result
    else dnsData lacks relevant records
        Runner->>DNSX: CdnCheck(domain)
        DNSX->>CDN: Perform fresh CDN probe (IP-based)
        CDN-->>DNSX: Return IsCDNIP, CDNName, CDNType
        DNSX-->>Runner: CDN detection result (set dnsData.CDNType="cdn" if IsCDNIP)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through records, old and new,
Found A, AAAA, CNAME in view.
Reused the answers, skipped a test,
Saved a call and gave rest.
Hooray — the resolver's nicely dressed! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly reflects the main changes: adding CDN check capability with both domain input and DNS response input to optimize DNS queries.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

internal/runner/runner.go (1)

685-688: Consider logging CDN check errors for debugging.

Both CDN check paths discard errors with _. While CDN detection is non-critical, logging failures at debug level would help troubleshoot issues when CDN information is unexpectedly missing.

💡 Suggested improvement

 			// reuse existing DNS response to avoid redundant lookups and ensure
 			// consistency between reported records and CDN detection
-			dnsData.IsCDNIP, dnsData.CDNName, dnsData.CDNType, _ = r.dnsx.CdnCheckRespData(dnsData.DNSData)
+			var err error
+			dnsData.IsCDNIP, dnsData.CDNName, dnsData.CDNType, err = r.dnsx.CdnCheckRespData(dnsData.DNSData)
+			if err != nil {
+				gologger.Debug().Msgf("CDN check failed for %s: %v", domain, err)
+			}
 		} else {
 			// fall back to a fresh lookup when the response lacks A/AAAA/CNAME records
-			dnsData.IsCDNIP, dnsData.CDNName, _ = r.dnsx.CdnCheck(domain)
+			var err error
+			dnsData.IsCDNIP, dnsData.CDNName, err = r.dnsx.CdnCheck(domain)
+			if err != nil {
+				gologger.Debug().Msgf("CDN check failed for %s: %v", domain, err)
+			}
 		}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/runner/runner.go` around lines 685 - 688, The CDN check calls drop
errors; update the two calls to CdnCheckRespData and CdnCheck to capture the
error and emit a debug-level log including the domain, the function name
(CdnCheckRespData or CdnCheck), and the error (e.g., using r.logger.Debugf("CDN
check %s failed for %s: %v", "CdnCheckRespData", domain, err)). Keep the
existing assignment to dnsData.IsCDNIP/dnsData.CDNName/dnsData.CDNType but
ensure you don’t change return handling beyond logging the captured err.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/runner/runner.go`:
- Around line 682-689: The fallback path leaves dnsData.CDNType unset because
CdnCheck returns (bool, string, error) while CdnCheckRespData returns the CDN
type; update CdnCheck to return the CDN type as a third return value (e.g.,
(bool, string, string, error)), update the caller in runner.go to assign
dnsData.IsCDNIP, dnsData.CDNName, dnsData.CDNType from r.dnsx.CdnCheck(domain),
and propagate the signature change to all other CdnCheck callers so CDNType is
consistently populated; alternatively, if changing the signature is undesirable,
explicitly set dnsData.CDNType to a sensible default (e.g., empty string or
"ip-only") in the fallback branch to avoid leaving it unset.

---

Nitpick comments:
In `@internal/runner/runner.go`:
- Around line 685-688: The CDN check calls drop errors; update the two calls to
CdnCheckRespData and CdnCheck to capture the error and emit a debug-level log
including the domain, the function name (CdnCheckRespData or CdnCheck), and the
error (e.g., using r.logger.Debugf("CDN check %s failed for %s: %v",
"CdnCheckRespData", domain, err)). Keep the existing assignment to
dnsData.IsCDNIP/dnsData.CDNName/dnsData.CDNType but ensure you don’t change
return handling beyond logging the captured err.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a062524f-6f7a-46a8-b716-aa9f1c525bab

📥 Commits

Reviewing files that changed from the base of the PR and between e5a0521 and 9c39c87.

📒 Files selected for processing (4)

• dnsx
• internal/runner/runner.go
• libs/dnsx/cdn.go
• libs/dnsx/dnsx.go