secdev
diff --git a/‎doc/scapy/layers/dcom.rst‎
Lines changed: 1 addition & 1 deletion b/‎doc/scapy/layers/dcom.rst‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎scapy/layers/dns.py‎
Lines changed: 23 additions & 3 deletions b/‎scapy/layers/dns.py‎
Lines changed: 23 additions & 3 deletions
@@ -54,7 +54,7 @@ General usage
 
     import uuid
     from scapy.layers.dcerpc import find_com_interface
-    import scapy.layers.msrpce.raw.ms_pla
+    from scapy.layers.msrpce.raw.ms_pla import GetDataCollectorSets_Request
 
     CLSID_TraceSessionCollection = uuid.UUID("03837530-098b-11d8-9414-505054503030")
     # The COM interface must have been compiled by scapy-rpc (midl-to-scapy)
 
@@ -1380,13 +1380,15 @@ def pre_dissect(self, s):
 
 
 @conf.commands.register
-def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs):
+def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, **kwargs):
     """
     Perform a simple DNS resolution using conf.nameservers with caching
 
     :param qname: the name to query
     :param qtype: the type to query (default A)
     :param raw: return the whole DNS packet (default False)
+    :param tcp: whether to use directly TCP instead of UDP. If truncated is received,
+        UDP automatically retries in TCP. (default: False)
     :param verbose: show verbose errors
     :param timeout: seconds until timeout (per server)
     :raise TimeoutError: if no DNS servers were reached in time.
@@ -1409,8 +1411,11 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs):
     for nameserver in conf.nameservers:
         # Try all nameservers
         try:
-            # Spawn a UDP socket, connect to the nameserver on port 53
-            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+            # Spawn a socket, connect to the nameserver on port 53
+            if tcp:
+                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            else:
+                sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
             sock.settimeout(kwargs["timeout"])
             sock.connect((nameserver, 53))
             # Connected. Wrap it with DNS
@@ -1428,6 +1433,21 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs):
             sock.close()
         if res:
             # We have a response ! Check for failure
+            if res[DNS].tc == 1:  # truncated !
+                if not tcp:
+                    # Retry using TCP
+                    return dns_resolve(
+                        qname=qname,
+                        qtype=qtype,
+                        raw=raw,
+                        tcp=True,
+                        verbose=verbose,
+                        timeout=timeout,
+                        **kwargs,
+                    )
+                elif verbose:
+                    log_runtime.info("DNS answer is truncated !")
+
             if res[DNS].rcode == 2:  # server failure
                 res = None
                 if verbose: