Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vortexau/dnsvalidator

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
https://github.com/vortexau/dnsvalidator

Last synced: 5 days ago
JSON representation

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

Host: GitHub
URL: https://github.com/vortexau/dnsvalidator
Owner: vortexau
License: gpl-3.0
Created: 2019-07-01T23:00:15.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-01-16T20:25:26.000Z (10 months ago)
Last Synced: 2024-08-01T21:55:06.255Z (3 months ago)
Language: Python
Homepage:
Size: 101 KB
Stars: 635
Watchers: 22
Forks: 107
Open Issues: 21
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

WebHackersWeapons - dnsvalidator
awesome-hacking-lists - vortexau/dnsvalidator - Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. (Python)

README

        # DNS Validator

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) 

[![Twitter](https://img.shields.io/badge/[email protected])](https://twitter.com/vortexau)

[![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) 

![DNSValidator](https://github.com/vortexau/dnsvalidator/blob/master/.github/dnsvalidator.png)

DNS Validator's approach is different to other DNS query validation tools. This tool performs multiple validation steps on each resolver:

* Baselines non-geolocated domain names against "trusted" public DNS resolvers, `1.1.1.1`, `8.8.8.8` and `9.9.9.9` 

  * For each resolver being tested DNS Validator ensures that each baselined domain name resolves to the same IP Address.

    * Servers that return an answer that differs from the baseline are immediately skipped

* Performs DNS lookup of known commonly spoofed DNS addresses to ensure NXDOMAIN is returned when expected.

  * Resolvers that do not return NXDOMAIN for random subdomains of known target domains are immediately skipped.

# Usage

| Argument   | Description                                                                                                  |

|------------|--------------------------------------------------------------------------------------------------------------|

| (stdin)    | Pipe target lists from another application to verify. |

| -t         | Specify a target DNS server to verify. |

| -tL        | Specify a list of targets or a URL to a list of targets |

| -e         | Specify a target exclusion. |

| -eL        | Specify a list of targets or a URL to a list of targets to exclude. |

| -r         | Specify a root domain to compare to. Must be non-geolocated or most resolvers will fail. |

| -q         | Specify a resolver query to use (default:dnsvalidator) |

| -threads   | Specify the maximum number of threads to run at any one time (DEFAULT:5)                                     |

| -timeout   | Specify a timeout value in seconds for any single thread (DEFAULT:600)                                       |

| -o         | Specify an output file to write successful output to. |

| --no-color | If set then any foreground or background colours will be stripped out                                        |

| --silent   | If set then only successfully resolved servers will be displayed and banners and other information will be redacted. |

| -v         | If set then verbose output will be displayed in the terminal.                                                 |

# Setup

Install using:

```

$ python3 setup.py install

```

Dependencies will then be installed and DNS Validator will be added to your path as `dnsvalidator`.

# Examples:

## CLI:

```bash

$ dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 20 -o resolvers.txt

```

## Docker:

Build 

```bash

$ docker build -t dnsvalidator .

```

Run:

```bash

$ docker run -v $(pwd):/dnsvalidator/output -t dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 20 -o /dnsvalidator/output/resolvers.txt

```

# Caveats

* **WARNING** Keep the thread count to a reasonable level and/or use a VPS/VPN appropriately. Pushing the thread count too high can make it look like you are attempting to attack DNS servers, resulting in network level DNS blocks from your ISP. _Ask us how we know..._ 

* Root domains used for baseline tests must not be geolocated; specifically they must return the same IP address regardless of the location on the planet they are resolved from. Domains such as `google.com` or `facebook.com` (and many others) are not suitable for baselines, as they return a geo-located IP address when resolved.

  * Using a root domain that is geo-located will result in only resolvers local to the user being returned as valid.