I've been trying to figure out how to add an alias and IP address with a port as a response to a DNS query with the alias. I am running a simple DNS server written in Python, specifically https://gist.github.com/andreif/6069838
I've read that the alias and IP are normally pulled from the records or zone files but this server doesn't have any so I am unclear as to where they would be added were I to manually specify the alias and IP with a port. I've tried to manually write my DNS response only to realize that I am not sure where the alias and IP are being retrieved from. Also I'm not sure why but when I query the server with nslookup the server seems to also not pass the alias query because the qn variable seems to only hold the string 'server' and nothing else. The qn variable part is in the example below.
def dns_response(data):
request = DNSRecord.parse(data)
print request
reply = DNSRecord(DNSHeader(id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
qtype = request.q.qtype
qt = QTYPE[qtype]
TL;DR How do I add an alias and ip address with a port as a reply to an alias DNS query?
Edit: I've fixed the simple DNS program for Python 2.7.12, if you have a problem with it not receiving the QName remove the .strip() on the UDP request. Also make sure your domain name ends with '.' as in test.com. otherwise it will not find a match since it will be comparing "test.com" to "test.com.". Also change all of the reply.add_ns with reply.add_answer since the first function does not exist. If you are not receiving an A as a response for your query add reply.add_answer(RR(rname=qname, rtype=1,rclass=1, ttl=TTL, rdata=rdata)) the key change here is the Response type, rtype=1 indicates that it is an A response as opposed to a SOA or NS response. See www.zytrax.com/books/dns/ch15 for a detailed brake down of the DNS packet.
You can't - a standard DNS A or AAAA record doesn't contain a port number.
Related
I have achieved sniffing IP packets. I use the following code.
def print_summary(pkt):
print("SRC:", pkt[scapy.IP].src, "\t\tDEST:", pkt[scapy.IP].dst)
scapy.sniff( iface=interface, filter="ip", prn=print_summary)
If I try to ping a domain name say 'youtube.com' or open it using a web browser, how can I show the domain name using the above print_summary function. I have tried searching for what filters to use for dns but found nothing.
Okay, I get it now. What I did was to remove the filter argument altogether from the sniff() method.
scapy.sniff( iface=interface, prn=print_summary)
Then in the print_summary() function, I filtered according to the layer each packet had (IP or DNS).
def print_summary(pkt):
if scapy.IP in pkt:
print("SRC:", pkt[scapy.IP].src, "\t\tDEST:", pkt[scapy.IP].dst)
if scapy.DNS in pkt:
print("Domain:", pkt.[scapy.DNS].qd.qname.decode("utf-8"))
decode("utf-8") because the qname is a utf encoded byte string.
I've the following problem : I'm actually making a script for an ovirt server to automatically delete virtual machine which include unregister them from the DNS. But for some very specific virtual machine there is multiple FQDN for an IP address example:
myfirstfqdn.com IN A 10.10.10.10
mysecondfqdn.com IN A 10.10.10.10
I've tried to do it with socket in Python but it return only one answer, I've also tried python with dnspython but I failed.
the goal is to count the number of type A record on the dns server
Anyone have an idea to do stuff like this?
That's outright impossible. If I am in the right mood, I could add an entry to my DNS server pointing to your IP address. Generally, you cannot find it out (except for some hints in some protocols like http(s)).
Given a zone file in the above format, you could do something like...
from collections import defaultdict
zone_file = """myfirstfqdn.com IN A 10.10.10.10
mysecondfqdn.com IN A 10.10.10.10"""
# Build mapping for lookups
ip_fqdn_mapping = defaultdict(list)
for record in zone_file.split("\n"):
fqdn, record_class, record_type, ip_address = record.split()
ip_fqdn_mapping[ip_address].append(fqdn)
# Lookup
ip_address_to_lookup = "10.10.10.10"
fqdns = ip_fqdn_mapping[ip_address_to_lookup]
print(fqdns)
Note: Using socket can be done like so - Python lookup hostname from IP with 1 second timeout
However this does require that DNS server that you are querying has correctly configured PTR reverse records.
https://www.cloudns.net/wiki/article/40/
I am trying to filter packets of a particular website in Python (using Scapy). I have a list of possible IPs (used for load balancing) of the website. I want to filter packets for all those IPs. How can I do that?
For a single IP, I am using the following code:
bpf_filter = "ip and host " + addr
sniff(timeout=10, prn=pkt_callback, store=0)
Since you're using cBPF (classic BPF), the only way to filter a set of IP addresses is to list them all:
bpf_filter = "ip and ("
for addr in addresses[:-1]:
bpf_filter = "%shost %s or " % (bpf_filter, addr)
bpf_filter = "%shost %s)" % (bpf_filter, addresses[-1])
Which, for a set of IP addresses [10.0.0.1, 10.0.0.2, 10.0.0.3], will return:
ip and (host 10.0.0.1 or host 10.0.0.2 or host 10.0.0.3)
Note: You need at least one IP address in your set for the above to work.
Why is this a limitation of cBPF?
The filter expression you give Scapy is then compiled to BPF bytecode. BPF bytecode disallows backward jumps (and therefore loops). This restriction is a simple way to ensure the filter will eventually halt when executed in the kernel.
If backward jumps were allowed, you could write some smarter lookup through your set of IP addresses. You could for example store them in a hash table and check the packet against the hash table in O(1). This is actually possible with eBPF, which, as far as I know, isn't supported by Scapy yet.
I'm working on python, how can I receive a website address? I have tried but it doesn't work.
I have this:
import socket
socket.gethostbyname(name)
but nothing happens.
The gethostbyname(hostname) method translates a host name to an IPv4 address format. The IPv4 address is returned as a string.
So the argument for this method has to be a host name like "www.python.org". Assign a hostname for the 'name' variable in string format in your code.
Ex. name = "www.python.org"
Hope this helps!
I have been toying with a few ideas and would like to use Netbios to do some checks on the network. So after some research decided pysmb's nmb.Netbios was a good place to start.
I have constructed a simple queryName function that I was hoping would return an ip address. But it seems after checking some wireshark pcap dumps it isnt even broadcasting.
Ive found an example in the pysmb docs but that doesnt seem to broadcast either. Below is my test function, any pointers would be appreciated.
from nmb.NetBIOS import NetBIOS
def queryNam(name):
n = NetBIOS(broadcast=True, listen_port=0)
ip = n.queryName(name, timeout=30)
return ip
name = "Computer-Name"
ip = queryNam(name)
print ip
I worked out the issue myself. Initially I wasnt using the correct computername as NetBios Broadcasts seem to broadcast the name in uppercase. I was presenting a lowercase so the system was not responding.
So supplying the value in uppercase resolved the problem. (Even though a hostname check on the client showed an Uppercase followed by lowercase characters.