Unbound DNS Server, Python module: inspect response message elements -


goal

i leverage unbound python module examine response before it's dispatched client. primarily, i'm interested in ;; answer section:, i.e. ip address query got resolved to.

problem

what had looked trivial modification of logdnsmsg function turned out dounting task of browsing reply_info, rrset_ref , ub_packed_rrset_key structures in pursuit of desired ;; answer section: bytes.

the reason logdnsmsg function not work expected a queries ;; answer section:, while suprisingly operates expected ;; authority section: on aaaa queries.

lemme demonstrate comparison between python implemented logdnsmsg function , native log_dns_msg function; former displaying gibberish , latter performing expected. both functions called within python module context follows:

+++ def operate(id, event, qstate, qdata):     log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event)))     if (qstate.return_msg):         logdnsmsg(qstate)         log_dns_msg("blackpie karmmmmmm xxxxxxx", qstate.return_msg.qinfo, qstate.return_msg.rep) +++

note altered original logdnsmsg uses logging framework in favour of print. output same print being scattered across logfile @ buffer's discretion.

dig output:

karm@localhost:~$ dig seznam.cz  @127.0.0.1 -p53535 ; <<>> dig 9.9.4-p2-redhat-9.9.4-18.p2.fc20 <<>> seznam.cz @127.0.0.1 -p53535 ;; global options: +cmd ;; got answer: ;; ->>header<<- opcode: query, status: noerror, id: 38630 ;; flags: qr rd ra; query: 1, answer: 1, authority: 0, additional: 1 ;; opt pseudosection: ; edns: version: 0, flags:; udp: 4096 ;; question section: ;seznam.cz.     in  ;; answer section: seznam.cz.    300 in  77.75.76.3 ;; query time: 656 msec ;; server: 127.0.0.1#53535(127.0.0.1) ;; when: sat apr 25 16:04:32 cest 2015 ;; msg size  rcvd: 54

output aaaa query, ;; authority section: looks decent enough both logdnsmsg , log_dns_msg:

[1429970672] unbound[14053:0] info: pythonmod: operate called, id: 1, event:module_event_moddone [1429970672] unbound[14053:0] info: ------------------------------------------------------------------------------------------ [1429970672] unbound[14053:0] info: query: e.root-servers.net., type: aaaa (28), class: in (1)  [1429970672] unbound[14053:0] info: ------------------------------------------------------------------------------------------ [1429970672] unbound[14053:0] info: return    reply :: flags: 8080, qdcount: 1, security:0, ttl=86400 [1429970672] unbound[14053:0] info:           qinfo :: qname: ['e', 'root-servers', 'net', ''] e.root-servers.net., qtype: aaaa, qclass: in [1429970672] unbound[14053:0] info: reply: [1429970672] unbound[14053:0] info: 0:['root-servers', 'net', ''] root-servers.net. flags: 0004 [1429970672] unbound[14053:0] info: type:soa (6) class:in (1) [1429970672] unbound[14053:0] info:   0:ttl=3600000 [1429970672] unbound[14053:0] info:  [1429970672] unbound[14053:0] info:        0x00 | 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 | . @ . . r o o t - s e r v e r s         0x10 | 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 | s . n e t . . n s t l d . v e r         0x20 | 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 0c e3 | s g n - g r s . c o m . x . .         0x30 | e3 24 00 00 38 40 00 00 1c 20 00 12 75 00 00 36 ee | . $ . . 8 @ . . .   . . u . . 6 .         0x40 | ee 80                                              | . .  [1429970672] unbound[14053:0] info: ------------------------------------------------------------------------------------------ [1429970672] unbound[14053:0] info: blackpie karmmmmmm xxxxxxx ;; ->>header<<- opcode: query, rcode: noerror, id: 0 ;; flags: qr ra ; query: 1, answer: 0, authority: 1, additional: 0  ;; question section: e.root-servers.net. in  aaaa ;; answer section: ;; authority section: root-servers.net. 3600000 in  soa a.root-servers.net. nstld.verisign-grs.com. 2014110500 14400 7200 1209600 3600000 ;; additional section: ;; msg size  rcvd: 96 [1429970672] unbound[14053:0] debug: mesh_run: python module exit state module_finished

on contrary, a query, ;; answer section: useless far logdnsmsg goes:

[1429970672] unbound[14053:0] info: pythonmod: operate called, id: 1, event:module_event_moddone [1429970672] unbound[14053:0] info: ------------------------------------------------------------------------------------------ [1429970672] unbound[14053:0] info: query: seznam.cz., type: (1), class: in (1)  [1429970672] unbound[14053:0] info: ------------------------------------------------------------------------------------------ [1429970672] unbound[14053:0] info: return    reply :: flags: 8080, qdcount: 1, security:0, ttl=300 [1429970672] unbound[14053:0] info:           qinfo :: qname: ['seznam', 'cz', ''] seznam.cz., qtype: a, qclass: in [1429970672] unbound[14053:0] info: reply: [1429970672] unbound[14053:0] info: 0:['seznam', 'cz', ''] seznam.cz. flags: 0000 [1429970672] unbound[14053:0] info: type:a (1) class:in (1) [1429970672] unbound[14053:0] info:   0:ttl=300 [1429970672] unbound[14053:0] info:  [1429970672] unbound[14053:0] info:        0x00 | 00 04 4d 4b 4c 03                                  | . . m k l .  [1429970672] unbound[14053:0] info: ------------------------------------------------------------------------------------------ [1429970672] unbound[14053:0] info: blackpie karmmmmmm xxxxxxx ;; ->>header<<- opcode: query, rcode: noerror, id: 0 ;; flags: qr ra ; query: 1, answer: 1, authority: 0, additional: 0  ;; question section: seznam.cz.  in  ;; answer section: seznam.cz.  300 in  77.75.76.3 ;; authority section: ;; additional section: ;; msg size  rcvd: 43 [1429970672] unbound[14053:0] debug: mesh_run: python module exit state module_finished

note 00 04 4d 4b 4c 03 bytes erroneously interpreted ascii.

question

where in struct ub_packed_rrset_key** rrsets; 1 finds desired ;; answer section: data? (if indeed right place look.)

i've been fiddling quite time without luck. examined sldns_wire2str_pkt_scan function used internally unpacking wire binary data, none wiser.

logdnsmsg() logging hex dump of contents of each dns resource record. outputs bytes alongside ascii interpretation (with .s non-printable bytes). means if data contains ascii strings these visible in output, while other types of data (like ip addresses) not translate meaningful text.

the first 2 bytes of data rdlength field, indicating length of record data. remaining bytes rdata field proper. interpretation of these bytes depends on record type. a records consist of single 32-bit ip address, easy parse.

the following example code prints contents of a record:

def print_a_record(data):     rdlength, rdata = data[:2], data[2:]     assert rdlength == '\x00\x04'     assert len(rdata) == 4     addr_bytes = [ord(c) c in rdata]     print('{}.{}.{}.{}'.format(*addr_bytes))

further information:


Comments

Post a Comment

Popular posts from this blog

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a
Read more

Python Tkinter keyboard using bind -

i have problem using bind option can click button in keyboard, , call function once key pressed. tried taking other codes have similar purpose , saw i'm doing pretty same, though still have problem must've missed. thankful if me this. here's code: # -*- coding: utf-8 -*- #imports tkinter import * pil import imagetk, image import time import tkmessagebox #===========================================================================================================================================# #tkinter class class app(frame): def __init__(self, master=none): frame.__init__(self, master) self.pack() #===========================================================================================================================================# #game pieces classes class board: def __init__(self, rows = 7, columns = 6, picture_height = none, picture_width = none): self.rows = rows self.columns = columns self.picture
Read more

ubuntu - Selenium Node Not Connecting to Hub, Not Opening Port -

i'm trying set demo selenium grid. have digital ocean ubuntu 14.02 droplet. (i have 2 , tried set using 2 different machines got nowhere.) i'm trying run hub , node both locally. here input both hub, node, , nmap results. https://gist.github.com/mekhami/d5bbecca5ff0de9d2dc9 so, node starting tcp connection reset , port it's supposed operate on closed. i have had no luck in number of different options , configurations work. but... of course, worked randomly once. don't know why, don't know did, know 1 brief moment, node connected , saw on grid console. tried run test , went down again , i've never seen come up. please let me know more information can provide. update: randomly came online again. don't know happened, might related timeout or time_wait or going on. this because vm/server not have enough entropy available. to resolve problem, install haveged (or other similar things). the instructions of how install haveged on ubu
Read more