Land #18949, notify the user the DNS feature requires a restart

rapid7 · Mar 12, 2024 · fbbaf69 · fbbaf69
2 parents 923f4c9 + 8989b32
commit fbbaf69
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 13 deletions.
diff --git a/docs/metasploit-framework.wiki/How-to-Configure-DNS.md b/docs/metasploit-framework.wiki/How-to-Configure-DNS.md
@@ -15,8 +15,8 @@ control over the process of DNS queries.
 
 ## The DNS command
 Metasploit's DNS configuration is controlled by the `dns` command which has multiple subcommands. This command is only
-available when the `dns_feature` is enabled (`features set dns_feature true`). Once enabled, the current configuration
-can be printed by running `dns print`.
+available when the `dns` feature is enabled (`features set dns true`). Once enabled, the current configuration can be
+printed by running `dns print`.
 
 ```
 msf6 > dns print

diff --git a/lib/msf/core/feature_manager.rb b/lib/msf/core/feature_manager.rb
@@ -20,7 +20,7 @@ class FeatureManager
     MANAGER_COMMANDS = 'manager_commands'
     METASPLOIT_PAYLOAD_WARNINGS = 'metasploit_payload_warnings'
     DEFER_MODULE_LOADS = 'defer_module_loads'
-    DNS_FEATURE = 'dns_feature'
+    DNS = 'dns'
     HIERARCHICAL_SEARCH_TABLE = 'hierarchical_search_table'
     SMB_SESSION_TYPE = 'smb_session_type'
     POSTGRESQL_SESSION_TYPE = 'postgresql_session_type'
@@ -91,15 +91,15 @@ class FeatureManager
         default_value: false
       }.freeze,
       {
-        name: DNS_FEATURE,
-        description: 'When enabled, allows configuration of DNS resolution behaviour in Metasploit',
-        requires_restart: false,
+        name: DNS,
+        description: 'When enabled allows configuration of DNS resolution behaviour in Metasploit',
+        requires_restart: true,
         default_value: false,
         developer_notes: 'Planned for default enablement in: Metasploit 6.4.x'
       }.freeze,
       {
         name: HIERARCHICAL_SEARCH_TABLE,
-        description: 'When enabled, the search table is enhanced to show details on module actions and targets',
+        description: 'When enabled the search table is enhanced to show details on module actions and targets',
         requires_restart: false,
         default_value: false,
         developer_notes: 'Planned for default enablement in: Metasploit 6.4.x'

diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb
@@ -82,7 +82,7 @@ def initialize(options={})
     require 'msf/core/cert_provider'
     Rex::Socket::Ssl.cert_provider = Msf::Ssl::CertProvider
 
-    if options.include?('CustomDnsResolver') && Msf::FeatureManager.instance.enabled?(Msf::FeatureManager::DNS_FEATURE)
+    if options.include?('CustomDnsResolver') && Msf::FeatureManager.instance.enabled?(Msf::FeatureManager::DNS)
       self.dns_resolver = options['CustomDnsResolver']
       self.dns_resolver.set_framework(self)
       Rex::Socket._install_global_resolver(self.dns_resolver)

diff --git a/lib/msf/ui/console/command_dispatcher/dns.rb b/lib/msf/ui/console/command_dispatcher/dns.rb
@@ -48,7 +48,7 @@ def name
   def commands
     commands = {}
 
-    if framework.features.enabled?(Msf::FeatureManager::DNS_FEATURE)
+    if framework.features.enabled?(Msf::FeatureManager::DNS)
       commands = {
         'dns' => "Manage Metasploit's DNS resolving behaviour"
       }
@@ -186,7 +186,10 @@ def cmd_dns_help(*args)
   # Manage Metasploit's DNS resolution rules
   #
   def cmd_dns(*args)
-    return if driver.framework.dns_resolver.nil?
+    if driver.framework.dns_resolver.nil?
+      print_warning("Run the #{Msf::Ui::Tip.highlight("save")} command and restart the console for this feature configuration to take effect.")
+      return
+    end
 
     args << 'print' if args.length == 0
     # Short-circuit help

diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb
@@ -70,7 +70,7 @@ def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {
 
     begin
       FeatureManager.instance.load_config
-    rescue StandardException => e
+    rescue StandardError => e
       elog(e)
     end
 
@@ -82,7 +82,7 @@ def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {
 
     framework_create_options = opts.merge({ 'DeferModuleLoads' => true })
 
-    if Msf::FeatureManager.instance.enabled?(Msf::FeatureManager::DNS_FEATURE)
+    if Msf::FeatureManager.instance.enabled?(Msf::FeatureManager::DNS)
       dns_resolver = Rex::Proto::DNS::CachedResolver.new
       dns_resolver.extend(Rex::Proto::DNS::CustomNameserverProvider)
       dns_resolver.load_config if dns_resolver.has_config?

diff --git a/lib/rex/proto/dns/custom_nameserver_provider.rb b/lib/rex/proto/dns/custom_nameserver_provider.rb
@@ -156,7 +156,7 @@ def flush
     # @return [Array<Array>] A list of nameservers, each with Rex::Socket options
     #
     def upstream_resolvers_for_packet(packet)
-      unless feature_set.enabled?(Msf::FeatureManager::DNS_FEATURE)
+      unless feature_set.enabled?(Msf::FeatureManager::DNS)
         return super
       end
       # Leaky abstraction: a packet could have multiple question entries,