Re: Getting the name of responding server(s)
In message , Stephane Bortzmeyer wrote: >Doing this sort of survey on the wild (and wide) Internet leads >rapidly into a deep rabbit hole :-) > >If you go that way, one may also add to the requirments: "test the >name servers returned, to see if they actually reply (and with bit >AA)". Yes. Thank you. Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
In message <20210909103322.ga27...@fantomas.sk>, Matus UHLAR - fantomas wrote: >On 09.09.21 03:20, Ronald F. Guilmette wrote: >>I don't want and don't need SOA records. I want and need only the relevant >>NS records. > >server in some cases send the SOA. Yes. I am aware of that. Thank you. >>I just want the names of the final and actual name servers that would / >>should respond to the given query. > >dig +trace finds those. I gather that you did not read this thread from the beginning. I do know that dig will get me the info, but it is slow and cumbersome. >>Thank you. I am well and truly aware of that fact that multiple name >>server names may resolve to some single common IP address. >> >>Fortunately, for what I am doing, this fact is not of any relevance. > >what exactly is your goal? Sorry, it's secret. I could tell you but then I'd have to kill you. Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Thu, Sep 09, 2021 at 12:33:22PM +0200, Matus UHLAR - fantomas wrote a message of 59 lines which said: > Note that some domains can be horribly broken and different > nameservers can send different NS, or no NS at all but SOA. Doing this sort of survey on the wild (and wide) Internet leads rapidly into a deep rabbit hole :-) If you go that way, one may also add to the requirments: "test the name servers returned, to see if they actually reply (and with bit AA)". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Thu, Sep 09, 2021 at 03:20:14AM -0700, Ronald F. Guilmette wrote a message of 48 lines which said: > I don't want and don't need SOA records. I want and need only the > relevant NS records. The algorithm proposed by Matt Pounsett uses the SOA but only to find the NS (through the name of the closest enclosing ancestor domain). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 10:48:57AM -0400, Matthew Pounsett wrote a message of 32 lines which said: Yeah, you can pretty reliably get the answer in one or two steps by requesting the NS set for the FQDN. You'll either get your answer, or get an SOA with the name of the enclosing zone. Second lookup gets you the NS set for the enclosing zone. In message , Stephane Bortzmeyer wrote: Indeed (unless you find a broken resolver that fail to send the SOA). On 09.09.21 03:20, Ronald F. Guilmette wrote: I don't want and don't need SOA records. I want and need only the relevant NS records. server in some cases send the SOA. I was thinking of another issue: if the goal of the OP is to find which domain names are on the same authoritative name servers... Thank you but no, that was not among my goals. I just want the names of the final and actual name servers that would / should respond to the given query. dig +trace finds those. Note that some domains can be horribly broken and different nameservers can send different NS, or no NS at all but SOA. asking the NS may not be sufficient, if a name server is known by several names (for instance, a.nic.sex and a.nic.sucks are the same machine). So, the OP may have to do a resolution of nameservers' names into IP addresses, as well. Thank you. I am well and truly aware of that fact that multiple name server names may resolve to some single common IP address. Fortunately, for what I am doing, this fact is not of any relevance. what exactly is your goal? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
In message , Stephane Bortzmeyer wrote: >On Tue, Sep 07, 2021 at 10:48:57AM -0400, > Matthew Pounsett wrote > a message of 32 lines which said: > >> Yeah, you can pretty reliably get the answer in one or two steps by >> requesting the NS set for the FQDN. You'll either get your answer, or >> get an SOA with the name of the enclosing zone. Second lookup gets >> you the NS set for the enclosing zone. > >Indeed (unless you find a broken resolver that fail to send the SOA). I don't want and don't need SOA records. I want and need only the relevant NS records. >I was thinking of another issue: if the goal of the OP is to find >which domain names are on the same authoritative name servers... Thank you but no, that was not among my goals. I just want the names of the final and actual name servers that would / should respond to the given query. >asking >the NS may not be sufficient, if a name server is known by several >names (for instance, a.nic.sex and a.nic.sucks are the same >machine). So, the OP may have to do a resolution of nameservers' names >into IP addresses, as well. Thank you. I am well and truly aware of that fact that multiple name server names may resolve to some single common IP address. Fortunately, for what I am doing, this fact is not of any relevance. Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 10:48:57AM -0400, Matthew Pounsett wrote a message of 32 lines which said: > Yeah, you can pretty reliably get the answer in one or two steps by > requesting the NS set for the FQDN. You'll either get your answer, or > get an SOA with the name of the enclosing zone. Second lookup gets > you the NS set for the enclosing zone. Indeed (unless you find a broken resolver that fail to send the SOA). I was thinking of another issue: if the goal of the OP is to find which domain names are on the same authoritative name servers, asking the NS may not be sufficient, if a name server is known by several names (for instance, a.nic.sex and a.nic.sucks are the same machine). So, the OP may have to do a resolution of nameservers' names into IP addresses, as well. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
In message Matthew Pounsett wrote: >On Tue, 7 Sept 2021 at 03:45, Stephane Bortzmeyer wrote: > >> The only solution is chasing the delegations from the root (which is >> what dig +trace is doing). Caching speeds it, this is why it is >> better to go through your resolver than using dig +trace. > >Yeah, you can pretty reliably get the answer in one or two steps by >requesting the NS set for the FQDN. You'll either get your answer, or >get an SOA with the name of the enclosing zone. Second lookup gets >you the NS set for the enclosing zone. Just using your local >recursive server to deal with tracking down the answer should work >well, unless for some reason you need to see every possible answer >from every delegating name server. I don't. And your other points are well taken. Having thought about the problem some more, I see now that you're probably right and that I should be able to code up something rather simple that will do the job if I put my mind to it. So thanks! Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 12:40:14PM -0700, Ronald F. Guilmette wrote a message of 36 lines which said: > >I'm not aware of a tool (free software or not) which does it. Some > >programming will be required. > > I was afraid of that, but thank you for confirming. Don't despair, see the other messages in the thread (by Matt Pounsett and myself). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
In message , Stephane Bortzmeyer wrote: >> I know that I can get this information by using "dig +trace", but that seems >> to be rather slow to me (wall clock time), and I want to be doing >> this a lot. > >The only solution is chasing the delegations from the root (which is >what dig +trace is doing). Caching speeds it, this is why it is >better to go through your resolver than using dig +trace. Yes, well, obviously, I either have to figure out a way to let my local resolver do all of the work or else I have to build my own resolver essentially from scratch. (Obviously, I am hoping that I can avoid the latter.) >> So, does anyone know of an open source command line tool that can do just >> that, preferably quickly? > >I'm not aware of a tool (free software or not) which does it. Some >programming will be required. I was afraid of that, but thank you for confirming. Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, 7 Sept 2021 at 03:45, Stephane Bortzmeyer wrote: > The only solution is chasing the delegations from the root (which is > what dig +trace is doing). Caching speeds it, this is why it is > better to go through your resolver than using dig +trace. Yeah, you can pretty reliably get the answer in one or two steps by requesting the NS set for the FQDN. You'll either get your answer, or get an SOA with the name of the enclosing zone. Second lookup gets you the NS set for the enclosing zone. Just using your local recursive server to deal with tracking down the answer should work well, unless for some reason you need to see every possible answer from every delegating name server. % dig +noall +answer +authority IN NS www.example.net example.net. 3591 IN SOA ns.icann.org. noc.dns.icann.org. 2021090201 7200 3600 1209600 3600 % dig +noall +answer IN NS example.net example.net. 86396 IN NS b.iana-servers.net. example.net. 86396 IN NS a.iana-servers.net. Or a one-liner that works whether you supply the FQDN or its enclosing zone: % dig +noall +answer +authority IN NS www.example.net | head -1 | cut -f 1 | xargs dig +noall +answer IN NS | awk '{print $NF}' b.iana-servers.net. a.iana-servers.net. % dig +noall +answer +authority IN NS example.net | head -1 | cut -f 1 | xargs dig +noall +answer IN NS | awk '{print $NF}' a.iana-servers.net. b.iana-servers.net. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 09:44:43AM +0200, Stephane Bortzmeyer wrote a message of 34 lines which said: > I'm not aware of a tool (free software or not) which does it. Some > programming will be required. Attached is an example program. Free software licence, whatever you prefer. Requires Python and the dnspython library. For many many requests, it would probably be better to parallelize it. % ./list-auth.py bortzmeyer.org www.bortzmeyer.org fr toto.tata.trucmachin.fx 3.3.1.0.6.8.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.4.3.1.c.7.6.0.1.0.0.2.ip6.arpa lists.isc.org tristatelogic.com bortzmeyer.org.: ns3.absolight.net. ns2.bortzmeyer.org. ns4.bortzmeyer.org. ns.eu.org. ns2.absolight.net. ns1.bortzmeyer.org. www.bortzmeyer.org.: ns2.absolight.net. ns1.bortzmeyer.org. ns3.absolight.net. ns2.bortzmeyer.org. ns4.bortzmeyer.org. ns.eu.org. fr.: d.nic.fr. e.ext.nic.fr. f.ext.nic.fr. g.ext.nic.fr. toto.tata.trucmachin.fx.: DOES NOT EXIST 3.3.1.0.6.8.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.4.3.1.c.7.6.0.1.0.0.2.ip6.arpa.: ns3.nic.fr. ns1.nic.fr. ns2.nic.fr. lists.isc.org.: ns.isc.afilias-nst.info. ns1.isc.org. ns3.isc.org. ns2.isc.org. tristatelogic.com.: t1.zoneedit.com. t2.zoneedit.com. #!/usr/bin/env python3 import dns.message import dns.query import dns.resolver import sys resolver = None # Use the default resolver. Set to an IP address otherwise. def parent(name): return dns.name.Name(name[1:]) def get_ns(name): message = dns.message.make_query(name, dns.rdatatype.NS, use_edns=True, want_dnssec=False) response = dns.query.udp(message, resolver) if response.rcode() == dns.rcode.NXDOMAIN: return "DOES NOT EXIST" elif response.rcode() != dns.rcode.NOERROR: return "SOMETHING WENT WRONG" if len(response.answer) > 0: result = "" for rrset in response.answer: for record in rrset: if record.rdtype == dns.rdatatype.NS: result += "%s " % record.target return result else: return get_ns(parent(name)) if resolver is None: resolver = dns.resolver.Resolver().nameservers[0] print("Using the resolver %s" % resolver) print() for arg in sys.argv[1:]: name = dns.name.from_text(arg) print("%s: " % name, end="") print(get_ns(name)) print() ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 12:33:59AM -0700, Ronald F. Guilmette wrote a message of 33 lines which said: > My question is rather a simple one. Given some FQDN `D' and given > some DNS record type 'T' (e.g. either A or or perhaps even PTR) > does there exist some open source command line tool that can tell me > the names of the DNS servers to which the final authority for > answering a query about the tuple (D, IN, T) is delegated? T is irrelevant since delegation does not depend on the type. > I know that I can get this information by using "dig +trace", but that seems > to be rather slow to me (wall clock time), and I want to be doing > this a lot. The only solution is chasing the delegations from the root (which is what dig +trace is doing). Caching speeds it, this is why it is better to go through your resolver than using dig +trace. > So, does anyone know of an open source command line tool that can do just > that, preferably quickly? I'm not aware of a tool (free software or not) which does it. Some programming will be required. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Getting the name of responding server(s)
Greetings all, Please forgive me if this question is a bit off-topic for this list. I can be sure if it is or isn't until I get the answer. My question is rather a simple one. Given some FQDN `D' and given some DNS record type 'T' (e.g. either A or or perhaps even PTR) does there exist some open source command line tool that can tell me the names of the DNS servers to which the final authority for answering a query about the tuple (D, IN, T) is delegated? I know that I can get this information by using "dig +trace", but that seems to be rather slow to me (wall clock time), and I want to be doing this a lot. Also, of course, "dig +trace" puts out quite lot of information that is really of no use and no interest to me. I really just want the names of the final set of nameservers that should, if they are up and running, be the ones that will ultimately answer the query. So, does anyone know of an open source command line tool that can do just that, preferably quickly? Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users