I have got a very simple idea in mind that i want to try out. Say i have a browser, chrome for instance, and i want to search for the ip of the domain name, say www.google.com
. I use windows 7 and i have set the dns lookup properties to manual and have given the address 127.0.0.1
where my server (written in Python is running). I started my server and i could see the dns query but it was very weird as in it is showing faces like this:
WAITING FOR CONNECTION.........
.........recieved from : ('127.0.0.1', 59339)
'V"\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06teredo\x04ipv6\tmicrosoft\x03com\x00\x00\x01\x00\x01'
The waiting for connection
and the received from
is from my server. How do i get a breakdown form(a human readable form) of this message??
This is my server code(quiet elementary but still):
Here is the code:
from time import sleep
import socket
host=''
port=53
addr_list=(host,port)
buf_siz=1024
udp=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
udp.bind(addr_list)
while True:
print 'WAITING FOR CONNECTION.........'
data,addr = udp.recvfrom(buf_siz) print '.........recieved from : ',addr
sleep(3)
print data
If you want to analyse the query data using python, I recommend the excellent scapy library (http://www.secdev.org/projects/scapy/) It's got decoding (and building!) routines for many network protocols including DNS.
Here's your original program with the scapy decoding added:
from time import sleep
import socket
from scapy.all import DNS #Bring in scapy's DNS decoder
host=''
port=53
addr_list=(host,port)
buf_siz=1024
udp=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
udp.bind(addr_list)
while True:
print 'WAITING FOR CONNECTION.........'
data,addr = udp.recvfrom(buf_siz) print '.........recieved from : ',addr
sleep(3)
#Decode the DNS data
decoded = DNS(data)
#Print the decoded packet
decoded.show()
For the raw packet in your question this prints:
###[ DNS ]###
id = 22050
qr = 0L
opcode = QUERY
aa = 0L
tc = 0L
rd = 1L
ra = 0L
z = 0L
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 0
\qd \
|###[ DNS Question Record ]###
| qname = 'teredo.ipv6.microsoft.com.'
| qtype = 12288
| qclass = 256
an = None
ns = None
ar = None
###[ Raw ]###
load = '\x01'
Scapy installation instructions are here: http://www.secdev.org/projects/scapy/doc/installation.html#installing-scapy-v2-x
If you use ubuntu, just sudo apt-get install python-scapy
Enjoy!
If you just want to read the queries that are being sent/received on your machine, you could just use Wireshark.
If you actually want to decode DNS requests as an exercise, then your best initial resource is the DNS RFC: http://tools.ietf.org/html/rfc1035
If you are trying to just do an nslookup in python, check out http://small-code.blogspot.com/2008/05/nslookup-in-python.html
If you actually want the raw DNS server response that's a different story. What exactly is the goal?
What is your goal?
If you want to learn how DNS operates, you could start by reading the relevant RFCs. Or use wireshark to capture and analyse the DNS traffic for you.