def name_url_decode(name):
if name == 'root':
return dns.name.root
try:
return dns.name.from_text(name.replace('S', '/'), dns.name.root)
except (UnicodeEncodeError, dns.name.FormError) as e:
return None
def main(argv):
try:
test_pygraphviz()
arghelper = build_helper(logger, sys.argv[0], argv[0])
arghelper.parse_args(argv[1:])
logger.setLevel(logging.WARNING)
try:
arghelper.check_args()
arghelper.set_buffers()
arghelper.aggregate_trusted_key_info()
arghelper.ingest_input()
arghelper.ingest_names()
except argparse.ArgumentTypeError as e:
arghelper.parser.error(str(e))
except AnalysisInputError as e:
s = str(e)
if s:
logger.error(s)
sys.exit(3)
latest_analysis_date = None
name_objs = []
cache = {}
for name in arghelper.names:
name_str = lb2s(name.canonicalize().to_text())
if name_str not in arghelper.analysis_structured or arghelper.analysis_structured[
name_str].get('stub', True):
logger.error(
'The analysis of "%s" was not found in the input.' %
lb2s(name.to_text()))
continue
name_obj = TTLAgnosticOfflineDomainNameAnalysis.deserialize(
name,
arghelper.analysis_structured,
cache,
strict_cookies=arghelper.args.enforce_cookies,
allow_private=arghelper.args.allow_private)
name_objs.append(name_obj)
if latest_analysis_date is None or latest_analysis_date > name_obj.analysis_end:
latest_analysis_date = name_obj.analysis_end
if not name_objs:
sys.exit(4)
arghelper.update_trusted_key_info(latest_analysis_date)
G = DNSAuthGraph()
for name_obj in name_objs:
name_obj.populate_status(
arghelper.trusted_keys,
supported_algs=arghelper.args.algorithms,
supported_digest_algs=arghelper.args.digest_algorithms,
validate_prohibited_algs=arghelper.args.
validate_prohibited_algs)
for qname, rdtype in name_obj.queries:
if arghelper.args.rr_types is None:
# if rdtypes was not specified, then graph all, with some
# exceptions
if name_obj.is_zone() and rdtype in (dns.rdatatype.DNSKEY,
dns.rdatatype.DS,
dns.rdatatype.DLV):
continue
else:
# if rdtypes was specified, then only graph rdtypes that
# were specified
if qname != name_obj.name or rdtype not in arghelper.args.rr_types:
continue
G.graph_rrset_auth(name_obj, qname, rdtype)
if arghelper.args.rr_types is not None:
for rdtype in arghelper.args.rr_types:
if (name_obj.name, rdtype) not in name_obj.queries:
logger.error(
'No query for "%s/%s" was included in the analysis.'
% (lb2s(name_obj.name.to_text()),
dns.rdatatype.to_text(rdtype)))
if arghelper.args.derive_filename:
if name_obj.name == dns.name.root:
name = 'root'
else:
name = lb2s(
name_obj.name.canonicalize().to_text()).rstrip('.')
name = name.replace(os.sep, '--')
finish_graph(G, [name_obj], arghelper.args.rr_types,
arghelper.trusted_keys, arghelper.args.algorithms,
'%s.txt' % name)
G = DNSAuthGraph()
if not arghelper.args.derive_filename:
finish_graph(G, name_objs, arghelper.args.rr_types,
arghelper.trusted_keys, arghelper.args.algorithms,
arghelper.args.output_file.fileno())
except KeyboardInterrupt:
logger.error('Interrupted.')
sys.exit(4)
def name_url_decode(name):
if name == 'root':
return dns.name.root
return dns.name.from_text(name.replace('S', '/'), dns.name.root)
# Set up data structures for prometheus
# We have an array of a dictionary.
# Stats
# The index of the 'stats' array is the index of the nameserver.
# The dictionary contains
# good/bad relative/fqdn lookup
# name: the hostname to look up
# summary: the prometheus summary object for it
stats = []
conf = conf_load()
print("{0} resolvers".format(no_resolvers))
for i in range(0, no_resolvers):
new_stat = {}
name = 'ip_%s_dns_' % resolvers[i]
name = name.replace('.', '_') # make acceptable prometheus metric name
new_stat['good_fqdn'] = {
'name':
conf['good_fqdn'],
'summary':
Gauge(name + 'good_fqdn_time', 'Time spent on good FQDN DNSlookup')
}
new_stat['bad_fqdn'] = {
'name':
conf['bad_fqdn'],
'summary':
Gauge(name + 'bad_fqdn_time', 'Time spent on bad FQDN DNS lookup')
}
new_stat['good_rel'] = {
'name':
conf['good_rel'],
def main(argv):
try:
test_pygraphviz()
try:
opts, args = getopt.getopt(argv[1:], 'f:r:R:t:a:d:CPOo:h')
except getopt.GetoptError as e:
sys.stderr.write('%s\n' % str(e))
sys.exit(1)
# collect trusted keys
trusted_keys = []
for opt, arg in opts:
if opt == '-t':
try:
with io.open(arg, 'r', encoding='utf-8') as fh:
tk_str = fh.read()
except IOError as e:
logger.error('%s: "%s"' % (e.strerror, arg))
sys.exit(3)
try:
trusted_keys.extend(get_trusted_keys(tk_str))
except dns.exception.DNSException:
logger.error('There was an error parsing the trusted keys file: "%s"' % arg)
sys.exit(3)
opts = dict(opts)
if '-h' in opts:
usage()
sys.exit(0)
if '-f' in opts and args:
sys.stderr.write('If -f is used, then domain names may not supplied as command line arguments.\n')
sys.exit(1)
if '-R' in opts:
try:
rdtypes = opts['-R'].split(',')
except ValueError:
sys.stderr.write('The list of types was invalid: "%s"\n' % opts['-R'])
sys.exit(1)
try:
rdtypes = [dns.rdatatype.from_text(x) for x in rdtypes]
except dns.rdatatype.UnknownRdatatype:
sys.stderr.write('The list of types was invalid: "%s"\n' % opts['-R'])
sys.exit(1)
else:
rdtypes = None
if '-a' in opts:
try:
supported_algs = set([int(x) for x in opts['-a'].split(',')])
except ValueError:
sys.stderr.write('The list of algorithms was invalid: "%s"\n' % opts['-a'])
sys.exit(1)
else:
supported_algs = None
if '-d' in opts:
try:
supported_digest_algs = set([int(x) for x in opts['-d'].split(',')])
except ValueError:
sys.stderr.write('The list of digest algorithms was invalid: "%s"\n' % opts['-d'])
sys.exit(1)
else:
supported_digest_algs = None
strict_cookies = '-C' in opts
allow_private = '-P' in opts
if '-o' in opts and '-O' in opts:
sys.stderr.write('The -o and -O options may not be used together.\n')
sys.exit(1)
if '-r' not in opts or opts['-r'] == '-':
opt_r = sys.stdin.fileno()
else:
opt_r = opts['-r']
try:
with io.open(opt_r, 'r', encoding='utf-8') as fh:
analysis_str = fh.read()
except IOError as e:
logger.error('%s: "%s"' % (e.strerror, opts.get('-r', '-')))
sys.exit(3)
if not analysis_str:
if opt_r != sys.stdin.fileno():
logger.error('No input.')
sys.exit(3)
try:
analysis_structured = json.loads(analysis_str)
except ValueError:
logger.error('There was an error parsing the JSON input: "%s"' % opts.get('-r', '-'))
sys.exit(3)
# check version
if '_meta._dnsviz.' not in analysis_structured or 'version' not in analysis_structured['_meta._dnsviz.']:
logger.error('No version information in JSON input.')
sys.exit(3)
try:
major_vers, minor_vers = [int(x) for x in str(analysis_structured['_meta._dnsviz.']['version']).split('.', 1)]
except ValueError:
logger.error('Version of JSON input is invalid: %s' % analysis_structured['_meta._dnsviz.']['version'])
sys.exit(3)
# ensure major version is a match and minor version is no greater
# than the current minor version
curr_major_vers, curr_minor_vers = [int(x) for x in str(DNS_RAW_VERSION).split('.', 1)]
if major_vers != curr_major_vers or minor_vers > curr_minor_vers:
logger.error('Version %d.%d of JSON input is incompatible with this software.' % (major_vers, minor_vers))
sys.exit(3)
names = OrderedDict()
if '-f' in opts:
if opts['-f'] == '-':
opts['-f'] = sys.stdin.fileno()
try:
f = io.open(opts['-f'], 'r', encoding='utf-8')
except IOError as e:
logger.error('%s: "%s"' % (e.strerror, opts['-f']))
sys.exit(3)
for line in f:
name = line.strip()
try:
name = dns.name.from_text(name)
except UnicodeDecodeError as e:
logger.error('%s: "%s"' % (e, name))
except dns.exception.DNSException:
logger.error('The domain name was invalid: "%s"' % name)
else:
if name not in names:
names[name] = None
f.close()
else:
if args:
# python3/python2 dual compatibility
if isinstance(args[0], bytes):
args = [codecs.decode(x, sys.getfilesystemencoding()) for x in args]
else:
try:
args = analysis_structured['_meta._dnsviz.']['names']
except KeyError:
logger.error('No names found in JSON input!')
sys.exit(3)
for name in args:
try:
name = dns.name.from_text(name)
except UnicodeDecodeError as e:
logger.error('%s: "%s"' % (e, name))
except dns.exception.DNSException:
logger.error('The domain name was invalid: "%s"' % name)
else:
if name not in names:
names[name] = None
latest_analysis_date = None
name_objs = []
cache = {}
for name in names:
name_str = lb2s(name.canonicalize().to_text())
if name_str not in analysis_structured or analysis_structured[name_str].get('stub', True):
logger.error('The analysis of "%s" was not found in the input.' % lb2s(name.to_text()))
continue
name_obj = TTLAgnosticOfflineDomainNameAnalysis.deserialize(name, analysis_structured, cache, strict_cookies=strict_cookies, allow_private=allow_private)
name_objs.append(name_obj)
if latest_analysis_date is None or latest_analysis_date > name_obj.analysis_end:
latest_analysis_date = name_obj.analysis_end
if not name_objs:
sys.exit(4)
if '-t' not in opts:
trusted_keys = get_default_trusted_keys(latest_analysis_date)
G = DNSAuthGraph()
for name_obj in name_objs:
name_obj.populate_status(trusted_keys, supported_algs=supported_algs, supported_digest_algs=supported_digest_algs)
for qname, rdtype in name_obj.queries:
if rdtypes is None:
# if rdtypes was not specified, then graph all, with some
# exceptions
if name_obj.is_zone() and rdtype in (dns.rdatatype.DNSKEY, dns.rdatatype.DS, dns.rdatatype.DLV):
continue
else:
# if rdtypes was specified, then only graph rdtypes that
# were specified
if qname != name_obj.name or rdtype not in rdtypes:
continue
G.graph_rrset_auth(name_obj, qname, rdtype)
if rdtypes is not None:
for rdtype in rdtypes:
if (name_obj.name, rdtype) not in name_obj.queries:
logger.error('No query for "%s/%s" was included in the analysis.' % (lb2s(name_obj.name.to_text()), dns.rdatatype.to_text(rdtype)))
if '-O' in opts:
if name_obj.name == dns.name.root:
name = 'root'
else:
name = lb2s(name_obj.name.canonicalize().to_text()).rstrip('.')
name = name.replace(os.sep, '--')
finish_graph(G, [name_obj], rdtypes, trusted_keys, supported_algs, '%s.txt' % name)
G = DNSAuthGraph()
if '-O' not in opts:
if '-o' not in opts or opts['-o'] == '-':
finish_graph(G, name_objs, rdtypes, trusted_keys, supported_algs, None)
else:
finish_graph(G, name_objs, rdtypes, trusted_keys, supported_algs, opts['-o'])
except KeyboardInterrupt:
logger.error('Interrupted.')
sys.exit(4)
def name_url_decode(name):
if name == 'root':
return dns.name.root
return dns.name.from_text(name.replace('S', '/'), dns.name.root)
