Human readable form of DNS lookup

2019-07-18 11:16发布

问题:

I have got a very simple idea in mind that i want to try out. Say i have a browser, chrome for instance, and i want to search for the ip of the domain name, say www.google.com. I use windows 7 and i have set the dns lookup properties to manual and have given the address 127.0.0.1 where my server (written in Python is running). I started my server and i could see the dns query but it was very weird as in it is showing faces like this:

WAITING FOR CONNECTION.........

.........recieved from :  ('127.0.0.1', 59339)

'V"\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06teredo\x04ipv6\tmicrosoft\x03com\x00\x00\x01\x00\x01'

The waiting for connection and the received from is from my server. How do i get a breakdown form(a human readable form) of this message??

This is my server code(quiet elementary but still):

Here is the code:

from time import sleep 
import socket 
host='' 
port=53 
addr_list=(host,port) 
buf_siz=1024 
udp=socket.socket(socket.AF_INET,socket.SOCK_DGRAM) 
udp.bind(addr_list) 
while True: 
    print 'WAITING FOR CONNECTION.........' 
    data,addr = udp.recvfrom(buf_siz) print '.........recieved from : ',addr 
    sleep(3) 
    print data

回答1:

If you want to analyse the query data using python, I recommend the excellent scapy library (http://www.secdev.org/projects/scapy/) It's got decoding (and building!) routines for many network protocols including DNS.

Here's your original program with the scapy decoding added:

from time import sleep
import socket
from scapy.all import DNS #Bring in scapy's DNS decoder

host=''
port=53
addr_list=(host,port)
buf_siz=1024
udp=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
udp.bind(addr_list)
while True:
    print 'WAITING FOR CONNECTION.........'
    data,addr = udp.recvfrom(buf_siz) print '.........recieved from : ',addr
    sleep(3)
    #Decode the DNS data
    decoded = DNS(data)
    #Print the decoded packet
    decoded.show()

For the raw packet in your question this prints:

###[ DNS ]###
  id        = 22050
  qr        = 0L
  opcode    = QUERY
  aa        = 0L
  tc        = 0L
  rd        = 1L
  ra        = 0L
  z         = 0L
  rcode     = ok
  qdcount   = 1
  ancount   = 0
  nscount   = 0
  arcount   = 0
  \qd        \
   |###[ DNS Question Record ]###
   |  qname     = 'teredo.ipv6.microsoft.com.'
   |  qtype     = 12288
   |  qclass    = 256
  an        = None
  ns        = None
  ar        = None
###[ Raw ]###
     load      = '\x01'

Scapy installation instructions are here: http://www.secdev.org/projects/scapy/doc/installation.html#installing-scapy-v2-x

If you use ubuntu, just sudo apt-get install python-scapy

Enjoy!



回答2:

If you just want to read the queries that are being sent/received on your machine, you could just use Wireshark.

If you actually want to decode DNS requests as an exercise, then your best initial resource is the DNS RFC: http://tools.ietf.org/html/rfc1035



回答3:

If you are trying to just do an nslookup in python, check out http://small-code.blogspot.com/2008/05/nslookup-in-python.html

If you actually want the raw DNS server response that's a different story. What exactly is the goal?



回答4:

What is your goal?

If you want to learn how DNS operates, you could start by reading the relevant RFCs. Or use wireshark to capture and analyse the DNS traffic for you.



标签: dns python tcp