1

我正在尝试专门从 DNS 获取递归可用 (RA) 标志。根据 RFC 1035,如果没有递归,它应该返回零,否则返回非零。如果 DNS 响应被 Quad9 DNS 服务阻止,它会返回一个带有“RA:0”的“NXDOMAIN”

但是,使用 DNSPython 总是返回非零 (128)。这可以在中硬编码吗?

import dns
import dns.resolver

# Allowed Domain
# should return an IP address with "RA" non-zero
domain = "google.com"

# Blocked domain 
# Should return NXDOMAIN with "RA" to 0
#domain = "takelady.net" ---> UNCOMMENT

# Set Resolver to Quad9 (quad9.net)
my_resolver = dns.resolver.Resolver()
my_resolver.nameservers = ['9.9.9.9']

try:
    dns_response = dns.resolver.query(domain, "A")

    for resp in dns_response:
        print("[+]", resp.to_text())

    print("RA flag:", dns.flags.RA)
    
except dns.resolver.NXDOMAIN:
    print("[+] NXDOMAIN")
    print("RA flag:", dns.flags.RA)
    pass

except dns.resolver.NoAnswer:
    print("[+] NoAnswer")
    pass

except dns.resolver.Timeout:
    print("[+] Timeout")
    pass

允许的响应:

[+] 172.217.214.100
[+] 172.217.214.101
[+] 172.217.214.138
[+] 172.217.214.139
[+] 172.217.214.113
[+] 172.217.214.102
RA flag: 128

阻止响应:

[+] NXDOMAIN
RA flag: 128
4

1 回答 1

1

您不使用已创建的解析器对象,因此查询会转到系统解析器。你应该改用这个:

dns_response = my_resolver.query(domain, "A")

query()执行搜索列表处理,因此您应该先清除搜索列表,如下所示:

    my_resolver = dns.resolver.Resolver()
    my_resolver.nameservers = ['9.9.9.9']
    my_resolver.search = []

最后,NXDOMAIN响应导致异常,你需要从异常中的响应对象中读取标志,如下所示:

except dns.resolver.NXDOMAIN as e:
    print("[+] NXDOMAIN")
    for (name, resp) in e.responses().items():
        print(name, "RA flag:", resp.flags & dns.flags.RA)
于 2020-07-16T21:09:16.893 回答