#!/bin/bash

get_tool_name() {
    echo "DNS Query Analyzer"
}

get_tool_description() {
    echo "Analyze DNS queries and responses for slow responses"
}

execute_tool() {
    if ! command -v tcpdump &> /dev/null || ! command -v tshark &> /dev/null; then
        echo "Required tools (tcpdump and tshark) are not available."
        exit 1
    fi

    result=""
    if [ -n "$domain" ]; then
        if [[ "$domain" == *$'\n'* ]]; then
            for single_domain in $domain; do
                analyze_dns "$single_domain"
            done
        else
            analyze_dns "$domain"
        fi
    else
        result="No domains specified."
    fi

    echo -e "$result"
}

analyze_dns() {
    local single_domain="$1"
    
    result+="\e[1mAnalyzing DNS queries for $single_domain:\e[0m\n"
    
    # Capture DNS traffic with tcpdump
    tcpdump -i any -n -s0 -w dns_traffic.pcap udp port 53 &> /dev/null &
    sleep 5
    pkill tcpdump
    
    # Analyze captured traffic with tshark
    slow_queries=$(tshark -r dns_traffic.pcap -Y "dns.qry.name contains $single_domain && dns.a" -T fields -e dns.time -e dns.qry.name)
    
    if [ -n "$slow_queries" ]; then
        result+="$slow_queries\n"
    else
        result+="No slow queries found.\n"
    fi
    
    # Cleanup captured traffic file
    rm -f dns_traffic.pcap
}