[blechschmidt]

For DNS cache snooping the usage would of course be different. You would supply the tool with one resolver which does not reject non-recursive queries. Theoretically, one could even perform traffic analyses of DNS resolvers by snooping.

Having implemented the --norecurse option, the title is at least not wrong anymore. One can have non-recursive, non-iterative resolver (which is what you use when you want to perform DNS cache snooping) and the title does not suggest that the tool supports iterative lookups.

Handling multiple questions within one packet is difficult because response codes such as NXDOMAIN are only included once per packet. AFAIK, bind does not support handling such queries.

[textmode]

"AKAIK, bind does not support handling such queries."

AKAIK, there is not a server in existence that handles such queries.

Cache snooping is not very reliable. I tested the 999 open resolvers listed in resolvers.txt for example.com and only 643 of them returned an answer. 13 of those answers were fake.

Moreover, there are at least hundreds of thousands of domainnames that will not be in any given cache.

Finally, most internet users are probably not using open resolvers. They are more likely using the ones provided by their ISP, which are not open.

Anyway, I doubt anyone is ever going to release a non-recursive resolver.

I have my own solution which is too embarrasing to release but I can tell you it is usually faster than a recursive resolver if the cache is not already primed with the right records.

To me, "non-recursive" resolution means something specific -- no use of DNS caches. And because of that there's no risk of "cache poisoning".