def query_response_time(self): answer = "" try: query = dns.message.make_query(self.domain, dns.rdatatype.DS, dns.rdataclass.IN) query.flags += dns.flags.CD query.use_edns(edns=True, payload=4096) print(bcolor.YELLOW + "DNSSEC : " + str(query.want_dnssec(True))) print(bcolor.RED + "************Validación de disponibilidad de server DNS **************" + bcolor.GREEN) i=1 for data in self.ns: print(bcolor.RED + "************ DNS Sever # {0} **************".format(i) + bcolor.GREEN) answer = dns.query.udp(query, socket.gethostbyname(data), self.timeout) print(bcolor.YELLOW + "Server: " + bcolor.WHITE + format(data) + bcolor.YELLOW + " IP : " + bcolor.WHITE + socket.gethostbyname(data) + bcolor.YELLOW + " Estado : " + bcolor.WHITE + "Operativo" ) print(bcolor.YELLOW + "Timeout : " + bcolor.WHITE) self.ping(socket.gethostbyname(data)) print(bcolor.YELLOW + "Tamaño de carga util EDNS (payload) : " + bcolor.WHITE + str(answer.payload)) print(bcolor.YELLOW + "Flags del mensaje: " + bcolor.WHITE + str(answer.flags)) scan = NmapScan(str(socket.gethostbyname(data))) print("Sistema Operativo : " + scan.os) self.transfer_zone(socket.gethostbyname(data)) i += 1 except dns.exception.Timeout: print(bcolor.RED + " Advertencia!! -> Tiempo de espera superado al tratar de llegar al servidor DNS en {0} segundos ".format(self.timeout)) except Exception as e: raise
def get_a_answer(target, ns, timeout): query = dns.message.make_query(target, dns.rdatatype.A, dns.rdataclass.IN) query.flags += dns.flags.CD query.use_edns(edns=True, payload=4096) query.want_dnssec(True) answer = dns.query.udp(query, ns, timeout) return answer
def get_a_answer(res, target, ns, timeout): query = dns.message.make_query(target, dns.rdatatype.A, dns.rdataclass.IN) query.flags += dns.flags.CD query.use_edns(edns=True, payload=4096) query.want_dnssec(True) answer = res.query(query, ns, timeout) return answer
def get_ds_answer_old(target, ns, timeout): query = dns.message.make_query(target, dns.rdatatype.DS, dns.rdataclass.IN) query.flags += dns.flags.CD query.use_edns(edns=True, payload=4096) query.find_rrset(query.additional, dns.name.root, 65535, dns.rdatatype.OPT, create=True, force_unique=True) query.want_dnssec(True) answer = dns.query.udp(query, ns, timeout) return answer
def get_rr(zone, rrtype, ns_address, handler=None): """ rrtype must be a character _string_. handler is a function which will be called for each rrset (and receives it as a parameter). See display_target for an example of handker (it is suitable for a NS rrtype).""" mytype = dns.rdatatype.from_text(rrtype) query = dns.message.make_query(zone, rrtype) query.use_edns(edns=True, payload=edns_size) query.want_dnssec(True) tests = 0 while tests < max_tests: try: response = dns.query.udp(query, ns_address, timeout=2) break except dns.exception.Timeout: tests += 1 time.sleep(mytimeout * generator.randint(1, 3)) if tests >= max_tests: # TODO: try with TCP, even without truncation? It seems to # work with Afilias servers default_log.warning("Timeout on %s query for %s on %s" % (rrtype, zone, address)) sys.exit(1) if response.flags & dns.flags.TC: # We were truncated response = dns.query.tcp(query, address, timeout=2*mytimeout) # TODO: handle the case where the nameserver is broken enough to # truncate responses *and* to refuse TCP record_found = False cursor.execute("BEGIN IMMEDIATE TRANSACTION;"); for rrset in response.answer: if rrset.rdtype == mytype: record_found = True if handler: handler(rrset) elif rrset.rdtype == dns.rdatatype.RRSIG: for thesig in rrset: if mytype != dns.rdatatype.DNSKEY and thesig.key_tag not in key_tags: default_log.error("Signed with %s which is not in the key set" % \ thesig.key_tag) sig_value = base64.b64encode(thesig.signature) cursor.execute("SELECT last_seen FROM Signatures WHERE signature=?;", (sig_value,)) tuple = cursor.fetchone() if tuple is None: # TODO: store inception and expiration as actual times, not integers cursor.execute("INSERT INTO Signatures (first_seen, last_seen, type, name, ttl, key_tag, algorithm, inception, expiration, signature) VALUES (datetime('now'), datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?);", \ (mytype, zone, rrset.ttl, thesig.key_tag, thesig.algorithm, thesig.inception, thesig.expiration, sig_value)) else: cursor.execute("UPDATE Signatures SET last_seen=datetime('now') WHERE signature=?;", (sig_value,)) if not record_found: default_log.error("No %s at %s" % (rrtype, zone)) sys.exit(1) database.commit()
def is_open_recursive(ip, amp): # Idenitfy recursive DNS over UDP is_recursive = False if amp: query = dns.message.make_query(domain, dns.rdatatype.ANY) query.flags |= dns.flags.RD query.use_edns(payload=4096) response = dns.query.udp(query, ip, timeout=2) is_recursive = (response.flags & dns.flags.RA) == dns.flags.RA and is_long(response) else: query = dns.message.make_query(domain, dns.rdatatype.TXT) query.flags |= dns.flags.RD response = dns.query.udp(query, ip, timeout=2) is_recursive = (response.flags & dns.flags.RA) == dns.flags.RA and len( response.answer) > 0 return is_recursive
def query_ds(res, target, ns, timeout=5.0): """ Function for performing DS Record queries. Returns answer object. Since a timeout will break the DS NSEC chain of a zone walk it will exit if a timeout happens. """ try: query = dns.message.make_query(target, dns.rdatatype.DS, dns.rdataclass.IN) query.flags += dns.flags.CD query.use_edns(edns=True, payload=4096) query.want_dnssec(True) answer = res.query(query, ns, timeout) except dns.exception.Timeout: print_error("A timeout error occurred please make sure you can reach the target DNS Servers") print_error( "directly and requests are not being filtered. Increase the timeout from {0} second".format(timeout)) print_error("to a higher number with --lifetime <time> option.") sys.exit(1) except Exception: print("Unexpected error: {0}".format(sys.exc_info()[0])) raise return answer
def dig(self, rname, rtype, rclass="IN", udp=None, serial=None, timeout=None, tries=3, flags="", bufsize=None, edns=None, nsid=False, dnssec=False, log_no_sep=False): key_params = self.tsig_test.key_params if self.tsig_test else dict() # Convert one item zone list to zone name. if isinstance(rname, list): if len(rname) != 1: raise Failed("One zone required") rname = rname[0].name rtype_str = rtype.upper() # Set port type. if rtype.upper() == "AXFR": # Always use TCP. udp = False elif rtype.upper() == "IXFR": # Use TCP if not specified. udp = udp if udp != None else False rtype_str += "=%i" % int(serial) else: # Use TCP or UDP at random if not specified. udp = udp if udp != None else random.choice([True, False]) if udp: dig_flags = "+notcp" else: dig_flags = "+tcp" dig_flags += " +retry=%i" % (tries - 1) # Set timeout. if timeout is None: timeout = self.DIG_TIMEOUT dig_flags += " +time=%i" % timeout # Prepare query (useless for XFR). query = dns.message.make_query(rname, rtype, rclass) # Remove implicit RD flag. query.flags &= ~dns.flags.RD # Set packet flags. flag_names = flags.split() for flag in flag_names: if flag == "AA": query.flags |= dns.flags.AA dig_flags += " +aa" elif flag == "TC": query.flags |= dns.flags.TC dig_flags += " +tc" elif flag == "RD": query.flags |= dns.flags.RD dig_flags += " +rd" elif flag == "RA": query.flags |= dns.flags.RA dig_flags += " +ra" elif flag == "AD": query.flags |= dns.flags.AD dig_flags += " +ad" elif flag == "CD": query.flags |= dns.flags.CD dig_flags += " +cd" # Set EDNS. if edns != None or bufsize or nsid: class NsidFix(object): '''Current pythondns doesn't implement NSID option.''' def __init__(self): self.otype = dns.edns.NSID def to_wire(self, file=None): pass if edns: edns = int(edns) else: edns = 0 dig_flags += " +edns=%i" % edns if bufsize: payload = int(bufsize) else: payload = 1280 dig_flags += " +bufsize=%i" % payload if nsid: options = [NsidFix()] dig_flags += " +nsid" else: options = None query.use_edns(edns=edns, payload=payload, options=options) # Set DO flag. if dnssec: query.want_dnssec() dig_flags += " +dnssec +bufsize=%i" % query.payload # Store function arguments for possible comparation. args = dict() params = inspect.getargvalues(inspect.currentframe()) for param in params.args: if param != "self": args[param] = params.locals[param] check_log("DIG %s %s %s @%s -p %i %s" % (rname, rtype_str, rclass, self.addr, self.port, dig_flags)) if key_params: detail_log("%s:%s:%s" % (self.tsig_test.alg, self.tsig_test.name, self.tsig_test.key)) for t in range(tries): try: if rtype.upper() == "AXFR": resp = dns.query.xfr(self.addr, rname, rtype, rclass, port=self.port, lifetime=timeout, use_udp=udp, **key_params) elif rtype.upper() == "IXFR": resp = dns.query.xfr(self.addr, rname, rtype, rclass, port=self.port, lifetime=timeout, use_udp=udp, serial=int(serial), **key_params) elif udp: resp = dns.query.udp(query, self.addr, port=self.port, timeout=timeout) else: resp = dns.query.tcp(query, self.addr, port=self.port, timeout=timeout) if not log_no_sep: detail_log(SEP) return dnstest.response.Response(self, resp, query, args) except dns.exception.Timeout: pass except: time.sleep(timeout) raise Failed("Can't query server='%s' for '%s %s %s'" % \ (self.name, rname, rclass, rtype))
def dig(self, rname, rtype, rclass="IN", udp=None, serial=None, timeout=None, tries=3, flags="", bufsize=None, edns=None, nsid=False, dnssec=False, log_no_sep=False): key_params = self.tsig_test.key_params if self.tsig_test else dict() # Convert one item zone list to zone name. if isinstance(rname, list): if len(rname) != 1: raise Failed("One zone required") rname = rname[0].name rtype_str = rtype.upper() # Set port type. if rtype.upper() == "AXFR": # Always use TCP. udp = False elif rtype.upper() == "IXFR": # Use TCP if not specified. udp = udp if udp != None else False rtype_str += "=%i" % int(serial) else: # Use TCP or UDP at random if not specified. udp = udp if udp != None else random.choice([True, False]) if udp: dig_flags = "+notcp" else: dig_flags = "+tcp" dig_flags += " +retry=%i" % (tries - 1) # Set timeout. if timeout is None: timeout = self.DIG_TIMEOUT dig_flags += " +time=%i" % timeout # Prepare query (useless for XFR). query = dns.message.make_query(rname, rtype, rclass) # Remove implicit RD flag. query.flags &= ~dns.flags.RD # Set packet flags. flag_names = flags.split() for flag in flag_names: if flag == "AA": query.flags |= dns.flags.AA dig_flags += " +aa" elif flag == "TC": query.flags |= dns.flags.TC dig_flags += " +tc" elif flag == "RD": query.flags |= dns.flags.RD dig_flags += " +rd" elif flag == "RA": query.flags |= dns.flags.RA dig_flags += " +ra" elif flag == "AD": query.flags |= dns.flags.AD dig_flags += " +ad" elif flag == "CD": query.flags |= dns.flags.CD dig_flags += " +cd" # Set EDNS. if edns != None or bufsize or nsid: class NsidFix(object): '''Current pythondns doesn't implement NSID option.''' def __init__(self): self.otype = dns.edns.NSID def to_wire(self, file=None): pass if edns: edns = int(edns) else: edns = 0 dig_flags += " +edns=%i" % edns if bufsize: payload = int(bufsize) else: payload = 1280 dig_flags += " +bufsize=%i" % payload if nsid: options = [NsidFix()] dig_flags += " +nsid" else: options = None query.use_edns(edns=edns, payload=payload, options=options) # Set DO flag. if dnssec: query.want_dnssec() dig_flags += " +dnssec +bufsize=%i" % query.payload # Store function arguments for possible comparation. args = dict() params = inspect.getargvalues(inspect.currentframe()) for param in params.args: if param != "self": args[param] = params.locals[param] check_log("DIG %s %s %s @%s -p %i %s" % (rname, rtype_str, rclass, self.addr, self.port, dig_flags)) if key_params: detail_log( "%s:%s:%s" % (self.tsig_test.alg, self.tsig_test.name, self.tsig_test.key)) for t in range(tries): try: if rtype.upper() == "AXFR": resp = dns.query.xfr(self.addr, rname, rtype, rclass, port=self.port, lifetime=timeout, use_udp=udp, **key_params) elif rtype.upper() == "IXFR": resp = dns.query.xfr(self.addr, rname, rtype, rclass, port=self.port, lifetime=timeout, use_udp=udp, serial=int(serial), **key_params) elif udp: resp = dns.query.udp(query, self.addr, port=self.port, timeout=timeout) else: resp = dns.query.tcp(query, self.addr, port=self.port, timeout=timeout) if not log_no_sep: detail_log(SEP) return dnstest.response.Response(self, resp, query, args) except dns.exception.Timeout: pass except: time.sleep(timeout) raise Failed("Can't query server='%s' for '%s %s %s'" % \ (self.name, rname, rclass, rtype))