All geek questions in one place

Example DNS Protocol Message

I am trying to figure out how to send DNS messages from an application socket adapter to DNSBL. I spent the last two days learning the basics, including experimenting with WireShark to catch an example of messaging. Now I would like to query DNS without using the dig or host command (I use Ubuntu); how can I perform this action at a low level, without the help of these tools, to wrap the query in the proper DNS message format? How should a post be posted? Hex or String?

Thanks in advance for any help. Relationship

Alessandro Ilardo

Comment added

I am learning JDev and Oracle SOA. The platform provides a Socket adapter that simply applies the transform (XSLT) and sends the message directly to the socket. As the payload parameters (for example, the host I'm looking for) are wrapped in a message, left to the developer. So basically I have an idea about how the whole DNS message is structured, but instead of putting everything in JDev, I would like to do some tests myself to make sure that I have a valid message format.

So, I don’t use any particular language (I don’t even understand why they moved my question from serverfault), and I don’t want to use any tools that would hide part of the message, for example, the header. I know that they work well. I guess this stuff has something to do with batch injection. Someone suggested I use telnet, but I only used SMTP or HTTP, I don’t know how this works for a DNS query. Does that make sense now?

+3
source share
3 answers

Ewww ... instead of manually creating the DNS protocol, you really need to use some kind of library provided by your software environment to perform the search.

. . .

@Synetech: , OP . . , . dns? .

#!/usr/bin/python3
import dns
import dns.message
import dns.query

from ipaddress import IPv6Address, IPv6Network

query = dns.message.make_query('www.google.ca', dns.rdatatype.ANY)
resp = dns.query.tcp(query, '2001:4860:4860::8888', timeout=5)
aaaa_data = resp.get_rrset(resp.answer, resp.question[0].name,
                           dns.rdataclass.IN, dns.rdatatype.AAAA)

aaaa_addrs = (IPv6Address(x) for x in aaaa_data)
for addr in aaaa_addrs:
    if addr in IPv6Network('2607:F8B0::/32'):
        print("{} is in Google network".format(addr))
    else:
        print("{} is NOT in Google network".format(addr))
+9

RFC, RFC 1035, . " ", .

'C', ldns. Perl - Net::DNS, CPAN. .

+4

, . Alnitak MikeyB, , (Jdev, ), , DNS- ( ). DNS-, . Alnitak MikeyB .

, DNS- ( ) , , , Scapy?

Scapy DNS:

# scapy
>>> p = IP(dst="203.0.113.162")/UDP(sport=RandShort(),dport=53)/\
...      DNS(rd=1,qd=DNSQR(qname="www.slashdot.org", qtype="AAAA"))
>>> sr1(p)
Begin emission:
.Finished to send 1 packets.
Received 2 packets, got 1 answers, remaining 0 packets
<IP  version=4L ihl=5L tos=0x0 len=62 id=0 flags=DF frag=0L ttl=63 proto=udp chksum=0xb1bb src=203.0.113.162 dst=203.0.113.69 options='' |<UDP  sport=domain dport=50474 len=42 chksum=0x1c97 |<DNS  id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=ok qdcount=1 ancount=0 nscount=0 arcount=0 qd=<DNSQR  qname='www.slashdot.org.' qtype=AAAA qclass=IN |> an=None ns=None ar=None |>>>
+4

Source: https://habr.com/ru/post/1746270/

More articles:


All Articles