https://github.com/gandi/dnsknife
DNS lookup tools
https://github.com/gandi/dnsknife
Last synced: about 1 year ago
JSON representation
DNS lookup tools
- Host: GitHub
- URL: https://github.com/gandi/dnsknife
- Owner: Gandi
- Created: 2016-04-13T22:49:56.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2021-09-14T23:28:32.000Z (almost 5 years ago)
- Last Synced: 2025-04-12T03:14:48.692Z (about 1 year ago)
- Language: Python
- Size: 91.8 KB
- Stars: 30
- Watchers: 12
- Forks: 10
- Open Issues: 1
-
Metadata Files:
- Readme: README.rst
Awesome Lists containing this project
README
dnsknife: a DNS tool
====================
Quick overview:
---------------
.. code:: python
>>> from dnsknife import resolver
>>> ans = resolver.query('example.com', 'A', dnssec=True)
Specific queries shortcuts:
.. code:: python
>>> import dnsknife
>>> print dnsknife.Checker('example.com').mx()
[]
>>> print dnsknife.Checker('example.com').spf()
None
>>> print dnsknife.Checker('example.com').txt()
$Id: example.com 4415 2015-08-24 20:12:23Z davids $
v=spf1 -all
Checking a domain TXT record is installed, looking at each domain NS (no
local caches) for a match:
.. code:: python
>>> from dnsknife import Checker
>>> Checker('example.com', direct=True).has_txt('dbef8938bef', ignore_case=True)
False
Or, if you are into domain challenges:
.. code:: python
>>> from dnsknife import Checker
>>> Checker('example.com').has_challenge('secretkey')
False
>>> Checker('example.com').challenge('secretkey')
'f1ef9be83f844d64f8f2bea8bcfb9f7f4cf0792487ae24707937344dbec8f4fb'
Querying a few dozen things at the same time:
.. code:: python
>>> from dnsknife.resolver import Resolver
>>> with Resolver(timeout=2) as r:
a = r.query_at('www.example.com', 'A', '1.2.3.4')
...
x = r.query_at('www.example.com', 'A', '1.2.3.4')
>>> print a.get()
>>> print x.get()
Scanning a zone:
.. code:: python
In [16]: from dnsknife.scanner import Scanner
In [9]: time list(Scanner('google.com').scan())
CPU times: user 476 ms, sys: 28 ms, total: 504 ms
Wall time: 2.4 s
Out[9]:
[,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
]
It can be used for DNSSEC lookups, implements a few CDS/CDNSKEY drafts:
-----------------------------------------------------------------------
.. code:: python
>>> c = Checker('example.com', dnssec=True)
>>> print c.spf()
None
>>> Checker('ten.pm').cdnskey()
---------------------------------------------------------------------------
BadCDNSKEY Traceback (most recent call last)
...
BadCDNSKEY: 1324 did not sign DNSKEY RR
.. code:: python
>>> from dnsknife import dnssec, resolver
>>> keys = resolver.query('example.com', 'DNSKEY')
>>> dnssec.signed_by(ans, keys[0])
True
.. code:: python
>>> dnssec.signers(dnsknife.Checker('pm.', dnssec=True)
.query_relative('', 'DNSKEY'))
{: [35968, 60859]}
.. code:: python
>>> dnssec.trusted(ans)
True
Finally it implements TPDA - the draft_ can be found in docs_.
----------------------------------------------------------------
.. _docs: docs/
.. _draft: docs/extending_registrar_functions.txt
A third party provider wanting to change customer NS:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code:: python
>>> from dnsknife import tpda
>>> # initialize with private key from repo:
>>> client = tpda.Client('ten.pm', 'dnsknife/tests/test.key')
>>> # generate url for domain
>>> URI = client.nameservers_uri('whe.re', ['ns1.ten.pm','ns2.ten.pm'])
A DNS operator/registrar validating inbound params:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code:: python
>>> tpda.validate_URI(URI)
'http://partners.gandi.net/nameservers/v1?source=ten.pm&domain=whe.re&expires=20160415000918&ns=ns1.ten.pm&ns=ns2.ten.pm'