Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnsdiag for openSUSE:Factory checked in at 2024-10-28 15:22:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dnsdiag (Old) and /work/SRC/openSUSE:Factory/.dnsdiag.new.2020 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dnsdiag" Mon Oct 28 15:22:55 2024 rev:8 rq:1218772 version:2.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/dnsdiag/dnsdiag.changes 2024-07-01 11:21:02.064512003 +0200 +++ /work/SRC/openSUSE:Factory/.dnsdiag.new.2020/dnsdiag.changes 2024-10-28 15:24:20.233504000 +0100 @@ -1,0 +2,8 @@ +Sat Oct 26 19:31:45 UTC 2024 - Martin Hauke <[email protected]> + +- Update to version 2.6.0 + * Add support for DNS over QUIC (DoQ) protocol. + * Lower dependency version requirement to improve compatibility. + * Other various bug fixes. + +------------------------------------------------------------------- Old: ---- dnsdiag-2.5.0.tar.gz New: ---- dnsdiag-2.6.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dnsdiag.spec ++++++ --- /var/tmp/diff_new_pack.Aab2aA/_old 2024-10-28 15:24:21.233545775 +0100 +++ /var/tmp/diff_new_pack.Aab2aA/_new 2024-10-28 15:24:21.233545775 +0100 @@ -19,7 +19,7 @@ %bcond_without test Name: dnsdiag -Version: 2.5.0 +Version: 2.6.0 Release: 0 Summary: DNS request auditing toolset License: BSD-3-Clause @@ -33,7 +33,7 @@ BuildRequires: fdupes BuildRequires: python-rpm-macros BuildRequires: python3-setuptools -Requires: python3-cryptography >= 42.0.7 +Requires: python3-cryptography >= 42.0.5 Requires: python3-cymruwhois >= 1.6 Requires: python3-dnspython >= 2.6.1 Requires: python3-h2 >= 4.1.0 ++++++ dnsdiag-2.5.0.tar.gz -> dnsdiag-2.6.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/PKG-INFO new/dnsdiag-2.6.0/PKG-INFO --- old/dnsdiag-2.5.0/PKG-INFO 2024-06-18 19:25:51.963563200 +0200 +++ new/dnsdiag-2.6.0/PKG-INFO 2024-10-25 23:57:52.778604300 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: dnsdiag -Version: 2.5.0 +Version: 2.6.0 Summary: DNS Measurement, Troubleshooting and Security Auditing Toolset (ping, traceroute) Home-page: https://dnsdiag.org/ Author: Babak Farrokhi @@ -11,21 +11,22 @@ Classifier: Environment :: Console Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: BSD License -Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: 3.12 +Classifier: Programming Language :: Python :: 3.13 Classifier: Programming Language :: Python :: Implementation :: PyPy Classifier: Topic :: Internet :: Name Service (DNS) Classifier: Development Status :: 5 - Production/Stable Classifier: Operating System :: OS Independent License-File: LICENSE -Requires-Dist: dnspython>=2.6.1 +Requires-Dist: aioquic>=1.2.0 +Requires-Dist: cryptography>=42.0.5 Requires-Dist: cymruwhois>=1.6 -Requires-Dist: httpx>=0.27.0 -Requires-Dist: cryptography>=42.0.7 +Requires-Dist: dnspython>=2.7.0 Requires-Dist: h2>=4.1.0 +Requires-Dist: httpx>=0.27.0 DNSDiag provides a handful of tools to measure and diagnose your DNS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/README.md new/dnsdiag-2.6.0/README.md --- old/dnsdiag-2.5.0/README.md 2024-06-15 15:16:23.000000000 +0200 +++ new/dnsdiag-2.6.0/README.md 2024-10-25 16:53:59.000000000 +0200 @@ -1,33 +1,37 @@ -[](https://pypi.python.org/pypi/dnsdiag/) []() [](https://pepy.tech/project/dnsdiag) []() [](https://hub.docker.com/r/farrokhi/dnsdiag) [](https://github.com/farrokhi/dnsdiag/stargazers) +[](https://pypi.python.org/pypi/dnsdiag/) []() [](https://pepy.tech/project/dnsdiag) [](https://pepy.tech/project/dnsdiag) []() [](https://hub.docker.com/r/farrokhi/dnsdiag) [](https://github.com/farrokhi/dnsdiag/stargazers) DNS Measurement, Troubleshooting and Security Auditing Toolset =============================================================== -Ever been wondering if your ISP is [hijacking your DNS traffic](https://medium.com/decentralize-today/is-your-isp-hijacking-your-dns-traffic-f3eb7ccb0ee7)? Ever observed any -misbehavior with your DNS responses? Ever been redirected to wrong address and -suspected something is wrong with your DNS? Here we have a [set of tools](http://github.com/farrokhi/dnsdiag) to -perform basic audits on your DNS requests and responses to make sure your DNS is -working as you expect. - -You can measure the response time of any given DNS server for arbitrary requests -using `dnsping`. Just like traditional ping utility, it gives you similar -functionality for DNS requests. - -You can also trace the path your DNS request takes to destination to make sure -it is not being redirected or hijacked. This can be done by comparing different -DNS queries being sent to the same DNS server using `dnstraceroute` and observe -if there is any difference between the path. - -`dnseval` evaluates multiple DNS resolvers and helps you choose the best DNS -server for your network. While it is highly recommended using your own DNS -resolver and never trust any third-party DNS server, but in case you need to -choose the best DNS forwarder for your network, `dnseval` lets you compare -different DNS servers from performance (latency) and reliability (loss) point -of view. +Have you ever wondered if your ISP is [intercepting your DNS +traffic](https://medium.com/decentralize-today/is-your-isp-hijacking-your-dns-traffic-f3eb7ccb0ee7))? +Have you noticed any unusual behavior in your DNS responses, or been redirected to +the wrong address and suspected something might be off with your DNS? We offer a +suite of tools to perform basic audits on your DNS requests and responses, helping +you ensure your DNS is functioning as expected. + +With `dnsping`, you can measure the response time of any DNS server for arbitrary +queries. Similar to the regular ping utility, dnsping offers comparable +functionality for DNS requests, helping you monitor server responsiveness. + +You can also trace the route of your DNS request to its destination using +`dnstraceroute`, verifying that it isn't being redirected or intercepted. By +comparing DNS queries sent to the same server, `dnstraceroute` allows you to +observe any differences in the paths taken, alerting you to possible issues. + + +`dnseval` assesses multiple DNS resolvers to help you choose the best DNS resolver +for your network. While using your own DNS resolver is recommended to avoid +reliance on third-party DNS resolvers, `dnseval` can assist in selecting the +optimal DNS resolver when needed. It lets you compare DNS servers based on +performance (latency) and reliability (packet loss), giving you a comprehensive +view for informed decision-making. + # Installation -There are several ways that you can use this toolset. However, using the source code is always recommended. +There are several ways to use this toolset, though we recommend running it +directly from the source code for optimal flexibility and control. ## Source Code @@ -51,23 +55,22 @@ ## Docker -If you don't want to install dnsdiags on your local machine, you may use the docker image and run programs in a container. For example: +If you prefer not to install `dnsdiag` on your local machine, you can use the +Docker image to run the tools in a containerized environment. For example: ``` docker run --network host -it --rm farrokhi/dnsdiag dnsping.py ``` # dnsping -dnsping pings a DNS resolver by sending an arbitrary DNS query for given number of times. -A complete explanation of supported command line flags is shown by using `--help`. Here are a few useful flags: -- Using `--tcp`, `--tls` and `--doh` to select transport protocol. Default is UDP. -- Using `--flags` to display response flags (including EDNS flags) for each response -- Using `--dnssec` to request DNSSEC if available -- Using `--ede` to display Extended DNS Error messages ([RFC 8914](https://www.rfc-editor.org/rfc/rfc8914)) -- Using `--nsid` to display Name Server Identifier (NSID) if available ([RFC 5001](https://www.rfc-editor.org/rfc/rfc5001)) +`dnsping` allows you to "ping" a DNS resolver by sending an arbitrary DNS query multiple times. For a full list of supported command-line options, use `--help`. Here are a few key flags: -In addition to UDP, you can ping using TCP, DoT (DNS over TLS) and DoH (DNS over HTTPS) using `--tcp`, `--tls` and `--doh` respectively. +- Use `--tcp`, `--tls`, or `--doh` to select the transport protocol (default is UDP). +- Use `--flags` to display response flags, including EDNS flags, for each response. +- Use `--dnssec` to request DNSSEC validation if available. +- Use `--ede` to display Extended DNS Error messages ([RFC 8914](https://www.rfc-editor.org/rfc/rfc8914)). +- Use `--nsid` to display the Name Server Identifier (NSID) if available ([RFC 5001](https://www.rfc-editor.org/rfc/rfc5001)). ```shell ./dnsping.py -c 5 --dnssec --flags --tls --ede -t AAAA -s 8.8.8.8 brokendnssec.net @@ -86,22 +89,24 @@ min=90.882 ms, avg=101.064 ms, max=115.479 ms, stddev=12.394 ms ``` -It also displays statistics such as minimum, maximum and average response time as well as -jitter (stddev) and lost packets. +`dnsping` also provides statistics such as minimum, maximum, and average +response times, along with jitter (standard deviation) and packet loss. + +Here are a few interesting use cases for `dnsping`: -There are several interesting use cases for dnsping, including: +- Comparing response times across different transport protocols (e.g., UDP vs. DoH). +- Evaluating the reliability of your DNS server by measuring jitter and packet loss. +- Measuring response times with DNSSEC enabled using the `--dnssec` flag. -- Comparing response times using different transport protocols (e.g. UDP vs DoH) -- Measuring how reliable your DNS server is, by measuring Jitter and packet loss -- Measuring responses times when DNSSEC is enabled using `--dnssec` # dnstraceroute -dnstraceroute is a traceroute utility to figure out the path that your DNS -request is passing through to get to its destination. You may want to compare -it to your actual network traceroute and make sure your DNS traffic is not -routed to any unwanted path. -In addition to UDP, it also supports TCP as transport protocol, using `--tcp` flag. +`dnstraceroute` is a utility that traces the path of your DNS requests to their +destination. You may want to compare this with your actual network traceroute to +ensure that your DNS traffic is not being routed through any unwanted paths. + +In addition to UDP, `dnstraceroute` also supports TCP as a transport protocol +when you use the `--tcp` flag. ```shell ./dnstraceroute.py --expert --asn -C -t A -s 8.8.4.4 facebook.com @@ -119,17 +124,17 @@ [*] public DNS server is next to a private IP address (possible hijacking) ``` -Using `--expert` will instruct dnstraceroute to print expert hints (such as -warnings of possible DNS traffic hijacking). +Using the `--expert` flag with `dnstraceroute` will enable the display of expert +hints, including warnings about potential DNS traffic hijacking. # dnseval -dnseval is a bulk ping utility that sends an arbitrary DNS query to a give list -of DNS servers. This script is meant for comparing response time of multiple -DNS servers at once. - -You can use `dnseval` to compare response times using different transport -protocols such as UDP (default), TCP, DoT and DoH using `--tcp`, `--tls` and -`--doh` respectively. +`dnseval` is a bulk ping utility that sends arbitrary DNS queries to a specified +list of DNS servers, allowing you to compare their response times +simultaneously. + +You can use `dnseval` to evaluate response times across different transport +protocols, including UDP (default), TCP, DoT (DNS over TLS), and DoH (DNS over +HTTPS) by using the `--tcp`, `--tls`, and `--doh` flags, respectively. ```shell ./dnseval.py --dnssec -t AAAA -f public-servers.txt -c10 ripe.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/dnsdiag.egg-info/PKG-INFO new/dnsdiag-2.6.0/dnsdiag.egg-info/PKG-INFO --- old/dnsdiag-2.5.0/dnsdiag.egg-info/PKG-INFO 2024-06-18 19:25:51.000000000 +0200 +++ new/dnsdiag-2.6.0/dnsdiag.egg-info/PKG-INFO 2024-10-25 23:57:52.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: dnsdiag -Version: 2.5.0 +Version: 2.6.0 Summary: DNS Measurement, Troubleshooting and Security Auditing Toolset (ping, traceroute) Home-page: https://dnsdiag.org/ Author: Babak Farrokhi @@ -11,21 +11,22 @@ Classifier: Environment :: Console Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: BSD License -Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 Classifier: Programming Language :: Python :: 3.10 Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: 3.12 +Classifier: Programming Language :: Python :: 3.13 Classifier: Programming Language :: Python :: Implementation :: PyPy Classifier: Topic :: Internet :: Name Service (DNS) Classifier: Development Status :: 5 - Production/Stable Classifier: Operating System :: OS Independent License-File: LICENSE -Requires-Dist: dnspython>=2.6.1 +Requires-Dist: aioquic>=1.2.0 +Requires-Dist: cryptography>=42.0.5 Requires-Dist: cymruwhois>=1.6 -Requires-Dist: httpx>=0.27.0 -Requires-Dist: cryptography>=42.0.7 +Requires-Dist: dnspython>=2.7.0 Requires-Dist: h2>=4.1.0 +Requires-Dist: httpx>=0.27.0 DNSDiag provides a handful of tools to measure and diagnose your DNS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/dnsdiag.egg-info/requires.txt new/dnsdiag-2.6.0/dnsdiag.egg-info/requires.txt --- old/dnsdiag-2.5.0/dnsdiag.egg-info/requires.txt 2024-06-18 19:25:51.000000000 +0200 +++ new/dnsdiag-2.6.0/dnsdiag.egg-info/requires.txt 2024-10-25 23:57:52.000000000 +0200 @@ -1,5 +1,6 @@ -dnspython>=2.6.1 +aioquic>=1.2.0 +cryptography>=42.0.5 cymruwhois>=1.6 -httpx>=0.27.0 -cryptography>=42.0.7 +dnspython>=2.7.0 h2>=4.1.0 +httpx>=0.27.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/dnseval.py new/dnsdiag-2.6.0/dnseval.py --- old/dnsdiag-2.5.0/dnseval.py 2024-06-17 23:12:23.000000000 +0200 +++ new/dnsdiag-2.6.0/dnseval.py 2024-10-25 16:53:59.000000000 +0200 @@ -49,24 +49,24 @@ def usage(): print("""%s version %s +Usage: %s [-ehmvCTXH] [-f server-list] [-j output.json] [-c count] [-t type] [-p port] [-w wait] hostname -usage: %s [-ehmvCTXH] [-f server-list] [-j output.json] [-c count] [-t type] [-p port] [-w wait] hostname - -h --help Show this help - -f --file DNS server list to use (default: system resolvers) - -c --count Number of requests to send (default: 10) - -m --cache-miss Force cache miss measurement by prepending a random hostname - -w --wait Maximum wait time for a reply (default: 2) - -t --type DNS request record type (default: A) - -T --tcp Use TCP instead of UDP - -X --tls Use TLS as transport protocol - -j --json Save results as a JSON formatted file - -H --doh Use HTTPS as transport protols (DoH) - -p --port DNS server port number (default: 53 for TCP/UDP and 853 for TLS) - -S --srcip Query source IP address - -e --edns Enable EDNS0 - -D --dnssec Enable 'DNSSEC desired' (DO flag) in requests - -C --color Print colorful output - -v --verbose Print actual dns response + -h, --help Display this help message + -f, --file Specify a DNS server list file to use (default: system resolvers) + -c, --count Number of requests to send (default: 10) + -m, --cache-miss Force a cache miss measurement by prepending a random hostname + -w, --wait Set the maximum wait time for a reply in seconds (default: 2) + -t, --type Set the DNS request record type (default: A) + -T, --tcp Use TCP as the transport protocol instead of UDP + -X, --tls Use TLS as the transport protocol + -j, --json Save the results to a specified file in JSON format + -H, --doh Use HTTPS as the transport protocol (DoH) + -p, --port Specify the DNS server port number (default: 53 for TCP/UDP, 853 for TLS) + -S, --srcip Set the query source IP address + -e, --edns Enable EDNS0 in requests + -D, --dnssec Enable the 'DNSSEC desired' (DO flag) in requests + -C, --color Enable colorful output + -v, --verbose Print the full DNS response details """ % (__progname__, __version__, __progname__)) sys.exit() @@ -262,9 +262,10 @@ json.dump(outer_data, outfile, indent=2) else: - print("%s %-8.3f %-8.3f %-8.3f %-8.3f %s%%%-3d%s %-8s %21s %-20s" % ( + result = "%s %-8.3f %-8.3f %-8.3f %-8.3f %s%%%-3d%s %-8s %21s %-20s" % ( resolver, retval.r_avg, retval.r_min, retval.r_max, retval.r_stddev, l_color, retval.r_lost_percent, - color.N, s_ttl, text_flags, retval.rcode_text), flush=True) + color.N, s_ttl, text_flags, retval.rcode_text) + print(result.rstrip(), flush=True) if verbose and retval.answer and not json_output: ans_index = 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/dnsping.py new/dnsdiag-2.6.0/dnsping.py --- old/dnsdiag-2.5.0/dnsping.py 2024-06-18 15:37:52.000000000 +0200 +++ new/dnsdiag-2.6.0/dnsping.py 2024-10-25 23:39:58.000000000 +0200 @@ -39,8 +39,8 @@ import dns.flags import dns.resolver -import util.dns -from util.dns import PROTO_UDP, PROTO_TCP, PROTO_TLS, PROTO_HTTPS, proto_to_text, unsupported_feature, random_string +from util.dns import PROTO_UDP, PROTO_TCP, PROTO_TLS, PROTO_HTTPS, PROTO_QUIC, proto_to_text, unsupported_feature, \ + random_string, getDefaultPort, valid_rdatatype from util.shared import __version__ __author__ = 'Babak Farrokhi ([email protected])' @@ -51,36 +51,37 @@ def usage(): print("""%s version %s -usage: %s [-46aDeEFhLmqnrvTxXH] [-i interval] [-w wait] [-p dst_port] [-P src_port] [-S src_ip] +Usage: %s [-46aDeEFhLmqnrvTQxXH] [-i interval] [-w wait] [-p dst_port] [-P src_port] [-S src_ip] %s [-c count] [-t qtype] [-C class] [-s server] hostname - -h --help Show this help - -q --quiet Quiet - -v --verbose Print actual dns response - -s --server DNS server to use (default: first entry from /etc/resolv.conf) - -p --port DNS server port number (default: 53 for TCP/UDP and 853 for TLS) - -T --tcp Use TCP as transport protocol - -X --tls Use TLS as transport protocol - -H --doh Use HTTPS as transport protols (DoH) - -4 --ipv4 Use IPv4 as default network protocol - -6 --ipv6 Use IPv6 as default network protocol - -P --srcport Query source port number (default: 0) - -S --srcip Query source IP address (default: default interface address) - -c --count Number of requests to send (default: 10, 0 for infinity) - -r --norecurse Enforce non-recursive query by clearing the RD (recursion desired) bit in the query - -m --cache-miss Force cache miss measurement by prepending a random hostname - -w --wait Maximum wait time for a reply (default: 2 seconds) - -i --interval Time between each request (default: 1 seconds) - -t --type DNS request record type (default: A) - -L --ttl Display response TTL (if present) - -C --class DNS request record class (default: IN) - -a --answer Display first matching answer in rdata, if applicable - -e --edns Enable EDNS0 and set - -E --ede Display EDE messages when available - -n --nsid Enable NSID bit to find out identification of the resolver. Implies EDNS. - -D --dnssec Enable 'DNSSEC desired' flag in requests. Implies EDNS. - -F --flags Display response flags - -x --expert Display extra information. Implies --ttl --flags --ede. + -h, --help Show this help message + -q, --quiet Suppress output + -v, --verbose Print the full DNS response + -s, --server Specify the DNS server to use (default: first entry from /etc/resolv.conf) + -p, --port Specify the DNS server port number (default: 53 for TCP/UDP, 853 for TLS) + -T, --tcp Use TCP as the transport protocol + -X, --tls Use TLS as the transport protocol + -H, --doh Use HTTPS as the transport protocol (DoH) + -Q, --doq Use QUIC as the transport protocol (DoQ) + -4, --ipv4 Use IPv4 as the network protocol + -6, --ipv6 Use IPv6 as the network protocol + -P, --srcport Specify the source port number for the query (default: 0) + -S, --srcip Specify the source IP address for the query (default: default interface address) + -c, --count Number of requests to send (default: 10, 0 for unlimited) + -r, --norecurse Enforce a non-recursive query by clearing the RD (recursion desired) bit + -m, --cache-miss Force cache miss measurement by prepending a random hostname + -w, --wait Maximum wait time for a reply (default: 2 seconds) + -i, --interval Time interval between requests (default: 1 second) + -t, --type DNS request record type (default: A) + -L, --ttl Display the response TTL (if present) + -C, --class DNS request record class (default: IN) + -a, --answer Display the first matching answer in rdata, if applicable + -e, --edns Enable EDNS0 and set its options + -E, --ede Display EDE (Extended DNS Error) messages, when available + -n, --nsid Enable the NSID bit to retrieve resolver identification (implies EDNS) + -D, --dnssec Enable the DNSSEC desired flag (implies EDNS) + -F, --flags Display response flags + -x, --expert Display additional information (implies --ttl, --flags, --ede) """ % (__progname__, __version__, __progname__, ' ' * len(__progname__))) sys.exit(0) @@ -125,6 +126,7 @@ if len(sys.argv) == 1: usage() + dns.rdata.load_all_types() # defaults rdatatype = 'A' rdata_class = dns.rdataclass.from_text('IN') @@ -136,10 +138,11 @@ show_flags = False show_ede = False dnsserver = None # do not try to use system resolver by default - dst_port = 53 # default for UDP and TCP + proto = PROTO_UDP + dst_port = getDefaultPort(proto) + use_default_dst_port = True src_port = 0 src_ip = None - proto = PROTO_UDP use_edns = False want_nsid = False want_dnssec = False @@ -151,11 +154,11 @@ qname = 'wikipedia.org' try: - opts, args = getopt.getopt(sys.argv[1:], "qhc:s:t:w:i:vp:P:S:T46meDFXHrnEC:Lxa", + opts, args = getopt.getopt(sys.argv[1:], "qhc:s:t:w:i:vp:P:S:TQ46meDFXHrnEC:Lxa", ["help", "count=", "server=", "quiet", "type=", "wait=", "interval=", "verbose", "port=", "srcip=", "tcp", "ipv4", "ipv6", "cache-miss", "srcport=", "edns", "dnssec", "flags", "norecurse", "tls", "doh", "nsid", "ede", "class=", "ttl", - "expert", "answer"]) + "expert", "answer", "quic"]) except getopt.GetoptError as err: # print help information and exit: print_stderr(err, False) # will print something like "option -a not recognized" @@ -169,34 +172,46 @@ for o, a in opts: if o in ("-h", "--help"): usage() + elif o in ("-c", "--count"): if a.isdigit(): count = abs(int(a)) else: print_stderr("Invalid count of requests: %s" % a, True) + elif o in ("-v", "--verbose"): verbose = True + elif o in ("-s", "--server"): dnsserver = a + elif o in ("-q", "--quiet"): quiet = True verbose = False + elif o in ("-w", "--wait"): timeout = int(a) + elif o in ("-a", "--answer"): show_answer = True + elif o in ("-x", "--expert"): show_flags = True show_ede = True show_ttl = True + elif o in ("-m", "--cache-miss"): force_miss = True + elif o in ("-i", "--interval"): interval = float(a) + elif o in ("-L", "--ttl"): show_ttl = True + elif o in ("-t", "--type"): rdatatype = a + elif o in ("-C", "--class"): try: rdata_class = dns.rdataclass.from_text(a) @@ -205,38 +220,62 @@ elif o in ("-T", "--tcp"): proto = PROTO_TCP + if use_default_dst_port: + dst_port = getDefaultPort(proto) + elif o in ("-X", "--tls"): proto = PROTO_TLS - dst_port = 853 # default for DoT, unless overridden using -p + if use_default_dst_port: + dst_port = getDefaultPort(proto) + elif o in ("-H", "--doh"): proto = PROTO_HTTPS - dst_port = 443 # default for DoH, unless overridden using -p + if use_default_dst_port: + dst_port = getDefaultPort(proto) + + elif o in ("-Q", "--quic"): + proto = PROTO_QUIC + if use_default_dst_port: + dst_port = getDefaultPort(proto) + elif o in ("-4", "--ipv4"): af = socket.AF_INET + elif o in ("-6", "--ipv6"): af = socket.AF_INET6 + elif o in ("-e", "--edns"): use_edns = True + elif o in ("-n", "--nsid"): use_edns = True # required want_nsid = True + elif o in ("-r", "--norecurse"): request_flags = dns.flags.from_text('') + elif o in ("-D", "--dnssec"): use_edns = True # required want_dnssec = True + elif o in ("-F", "--flags"): show_flags = True + elif o in ("-E", "--ede"): show_ede = True + elif o in ("-p", "--port"): dst_port = int(a) + use_default_dst_port = False + elif o in ("-P", "--srcport"): src_port = int(a) if src_port < 1024 and not quiet: print_stderr("WARNING: Source ports below 1024 are only available to superuser", False) + elif o in ("-S", "--srcip"): src_ip = a + else: usage() @@ -251,7 +290,7 @@ i = 0 # validate RR type - if not util.dns.valid_rdatatype(rdatatype): + if not valid_rdatatype(rdatatype): print_stderr('Error: Invalid record type: %s ' % rdatatype, True) print("%s DNS: %s:%d, hostname: %s, proto: %s, class: %s, type: %s, flags: [%s]" % @@ -292,17 +331,30 @@ source=src_ip, source_port=src_port) elif proto is PROTO_TLS: if hasattr(dns.query, 'tls'): - answers = dns.query.tls(query, dnsserver, timeout, dst_port, - src_ip, src_port) + answers = dns.query.tls(query, dnsserver, timeout=timeout, port=dst_port, + source=src_ip, source_port=src_port) else: - unsupported_feature() + unsupported_feature("DNS-over-TLS") elif proto is PROTO_HTTPS: if hasattr(dns.query, 'https'): - answers = dns.query.https(query, dnsserver, timeout, dst_port, - src_ip, src_port) + try: + answers = dns.query.https(query, dnsserver, timeout=timeout, port=dst_port, + source=src_ip, source_port=src_port) + except httpx.ConnectError: + print_stderr(f"The server did not respond to DoH on port {dst_port}", should_die=True) + else: + unsupported_feature("DNS-over-HTTPS (DoH)") + + elif proto is PROTO_QUIC: + if hasattr(dns.query, 'quic'): + try: + answers = dns.query.quic(query, dnsserver, timeout=timeout, port=dst_port, + source=src_ip, source_port=src_port) + except dns.exception.Timeout: + print_stderr(f"The server did not respond to DoQ on port {dst_port}", should_die=True) else: - unsupported_feature() + unsupported_feature("DNS-over-QUIC (DoQ)") etime = time.perf_counter() except dns.resolver.NoNameservers as e: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/dnstraceroute.py new/dnsdiag-2.6.0/dnstraceroute.py --- old/dnsdiag-2.5.0/dnstraceroute.py 2024-06-17 19:40:34.000000000 +0200 +++ new/dnsdiag-2.6.0/dnstraceroute.py 2024-10-25 16:53:59.000000000 +0200 @@ -58,21 +58,22 @@ def usage(): print("""%s version %s -usage: %s [-aeqhCx] [-s server] [-p port] [-c count] [-t type] [-w wait] hostname +Usage: %s [-aeqhCx] [-s server] [-p port] [-c count] [-t type] [-w wait] hostname - -h --help Show this help - -q --quiet Quiet mode: No extra information, only traceroute output. - -T --tcp Use TCP as transport protocol - -x --expert Print expert hints if available - -a --asn Turn on AS# lookups for each hop encountered - -s --server DNS server to use (default: first system resolver) - -p --port DNS server port number (default: 53) - -S --srcip Query source IP address (default: default interface address) - -c --count Maximum number of hops (default: 30) - -w --wait Maximum wait time for a reply (default: 2) - -t --type DNS request record type (default: A) - -C --color Print colorful output - -e --edns Enable EDNS0 (Default: Disabled) +Options: + -h, --help Show this help message + -q, --quiet Enable quiet mode: suppress additional information, showing only traceroute output + -T, --tcp Use TCP as the transport protocol + -x, --expert Display expert hints, if available + -a, --asn Enable AS# lookups for each encountered hop + -s, --server Specify the DNS server to use (default: first system resolver) + -p, --port Set the DNS server port number (default: 53) + -S, --srcip Set the source IP address for the query (default: address of the default network interface) + -c, --count Specify the maximum number of hops (default: 30) + -w, --wait Set the maximum wait time for a reply, in seconds (default: 2) + -t, --type DNS request record type (default: A) + -C, --color Enable colorful output + -e, --edns Enable EDNS0 (default: disabled) """ % (__progname__, __version__, __progname__)) sys.exit() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/setup.py new/dnsdiag-2.6.0/setup.py --- old/dnsdiag-2.5.0/setup.py 2024-05-31 14:46:03.000000000 +0200 +++ new/dnsdiag-2.6.0/setup.py 2024-10-25 23:44:57.000000000 +0200 @@ -6,18 +6,18 @@ version=__version__, packages=find_packages(), scripts=["dnseval.py", "dnsping.py", "dnstraceroute.py"], - install_requires=['dnspython>=2.6.1', 'cymruwhois>=1.6', 'httpx>=0.27.0', 'cryptography>=42.0.7', 'h2>=4.1.0'], + install_requires=['aioquic>=1.2.0', 'cryptography>=42.0.5', 'cymruwhois>=1.6', 'dnspython>=2.7.0', 'h2>=4.1.0', 'httpx>=0.27.0'], classifiers=[ "Topic :: System :: Networking", "Environment :: Console", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", - "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Internet :: Name Service (DNS)", "Development Status :: 5 - Production/Stable", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/util/dns.py new/dnsdiag-2.6.0/util/dns.py --- old/dnsdiag-2.5.0/util/dns.py 2024-06-18 08:09:47.000000000 +0200 +++ new/dnsdiag-2.6.0/util/dns.py 2024-10-25 23:39:58.000000000 +0200 @@ -46,6 +46,7 @@ PROTO_TCP = 1 PROTO_TLS = 2 PROTO_HTTPS = 3 +PROTO_QUIC = 4 _TTL = None @@ -70,10 +71,22 @@ PROTO_TCP: 'TCP', PROTO_TLS: 'TLS', PROTO_HTTPS: 'HTTPS', + PROTO_QUIC: 'QUIC', } return _proto_name[proto] +def getDefaultPort(proto): + _proto_port = { + PROTO_UDP: 53, + PROTO_TCP: 53, + PROTO_TLS: 853, # RFC 7858, Secion 3.1 + PROTO_HTTPS: 443, + PROTO_QUIC: 853, # RFC 9250, Section 4.1.1 + } + return _proto_port[proto] + + class CustomSocket(socket.socket): def __init__(self, *args, **kwargs): super(CustomSocket, self).__init__(*args, **kwargs) @@ -137,10 +150,10 @@ except OSError as e: if socket_ttl: # this is an acceptable error while doing traceroute break - print("error: %s"% e.strerror, file=sys.stderr, flush=True) + print("error: %s" % e.strerror, file=sys.stderr, flush=True) raise OSError(e) except Exception as e: - print("error: %s"% e, file=sys.stderr, flush=True) + print("error: %s" % e, file=sys.stderr, flush=True) break else: # convert time to milliseconds, considering that @@ -192,10 +205,12 @@ shutdown = True # pressed once, exit gracefully -def unsupported_feature(): +def unsupported_feature(feature=""): print("Error: You have an unsupported version of Python interpreter dnspython library.") print(" Some features such as DoT and DoH are not available. You should upgrade") print(" the Python interpreter to at least 3.7 and reinstall dependencies.") + if feature: + print("Missing Feature: %s" % feature) sys.exit(127) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dnsdiag-2.5.0/util/shared.py new/dnsdiag-2.6.0/util/shared.py --- old/dnsdiag-2.5.0/util/shared.py 2024-06-18 08:15:34.000000000 +0200 +++ new/dnsdiag-2.6.0/util/shared.py 2024-10-25 23:40:33.000000000 +0200 @@ -25,7 +25,7 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -__version__ = '2.5.0' +__version__ = '2.6.0' class Colors(object):
