Fixes #5 - Check for fake/wildcard DNS records in checkresolvers

HarryR · HarryR · commit db75cd3a8165 · 2016-12-09T14:39:34.000Z
diff --git a/dnsbrute/checkresolvers.py b/dnsbrute/checkresolvers.py
@@ -1,5 +1,7 @@
 from __future__ import print_function
 import sys
+import os
+import base64
 import argparse
 import logging
 import random
@@ -9,7 +11,7 @@
 import progressbar
 import gevent
 import gevent.pool
-from dns.resolver import Resolver, Answer
+from dns.resolver import Resolver, Answer, NXDOMAIN, NoNameservers
 from dns.exception import DNSException
 
 
@@ -46,6 +48,7 @@ def time_resolve(args, server, name, rectype, tries=3):
     resolver.lifetime = args.timeout
     resolver.nameservers = [server]
     results = []
+
     while tries > 0:
         start = time.time()
         try:
@@ -62,28 +65,72 @@ def time_resolve(args, server, name, rectype, tries=3):
     return server, check_results(results), results
 
 
-def download_resolvers():
-    LOG.info("Downloading nameservers from public-dns.info")
-    resp = requests.get('http://public-dns.info/nameservers.txt')
-    resp.raise_for_status()
-    return map(str.strip, filter(None, str(resp.text).split("\n")))
-
-
-def load_resolvers(handle):
-    return map(str.strip, filter(None, handle.read().split("\n")))
+def check_for_wildcards(args, server, name, rectype, tries=4):
+    """
+    Verify that the DNS server doesn't return wildcard results for domains
+    which don't exist, it should correctly return NXDOMAIN.
+    """
+    resolver = Resolver()
+    resolver.timeout = args.timeout
+    resolver.lifetime = args.timeout
+    resolver.nameservers = [server]
+    nx_names = [base64.b32encode(
+                    os.urandom(
+                        random.randint(8, 10))
+                ).strip('=').lower() + name
+                for _ in range(0, tries)]
+    correct_result_count = 0
+    for check_nx_name in nx_names:
+        try:
+            result = resolver.query(check_nx_name, rectype)            
+            return False  # Any valid response = immediate fail!
+        except (NXDOMAIN, NoNameservers):
+            correct_result_count += 1
+        except DNSException:
+            continue        
+    return correct_result_count > (tries / 2.0)
 
 
 def check_resolver(args, resolver):
+    """
+    Ensure that the resolver passes all integrity checks, and output to save 
+    list if it does. The checks are:
+
+      * Consistently and quickly resolves valid domains
+      * Doesn't return results for invalid domains
+    """
+    bad_reason = ""
     server, (avgtime, isgood), _ = time_resolve(args, resolver, "example.com", "A")
+    if not isgood:
+        bad_reason = "TIMEOUT"
+    else:
+        for rectype in ["A", "AAAA", "MX", "SOA"]:
+            if not check_for_wildcards(args, resolver, "example.com", rectype):
+                bad_reason = "WILDCARD-" + rectype
+                isgood = False
+                break
+
     if args.output and isgood:
         args.output.write(server + "\n")
         args.output.flush()
+
     if not args.quiet:
         color = bcolors.OKGREEN if isgood else bcolors.FAIL
-        print("%s%s (%.2fs)%s" % (color, server, avgtime, bcolors.ENDC))
+        print("%s%s (%.2fs) %s%s" % (color, server, avgtime, bad_reason, bcolors.ENDC))
         sys.stdout.flush()
 
 
+def download_resolvers():
+    LOG.info("Downloading nameservers from public-dns.info")
+    resp = requests.get('http://public-dns.info/nameservers.txt')
+    resp.raise_for_status()
+    return map(str.strip, filter(None, str(resp.text).split("\n")))
+
+
+def load_resolvers(handle):
+    return map(str.strip, filter(None, handle.read().split("\n")))
+
+
 def run(args):
     if args.download:
         resolvers = download_resolvers()
@@ -112,8 +159,8 @@ def main():
                         help='Download new list of resolvers from public-dns.info')
     parser.add_argument('-T', '--timeout', default=0.5, type=float, metavar='SECS',
                         help="Timeout for DNS request in seconds, default: 0.5")
-    parser.add_argument('-C', '--concurrency', default=20, type=int,
-                        help="Concurrent DNS requests, default: 20", metavar='N')
+    parser.add_argument('-C', '--concurrency', default=10, type=int,
+                        help="Concurrent DNS requests, default: 10", metavar='N')
     parser.add_argument('-q', '--quiet', action='store_true',
                         help="Don't print results to console")
     parser.add_argument('-v', '--verbose', action='store_const',
