Question about zone transfer
103 views
Skip to first unread message
Jon Schewe
Jul 25, 2022, 11:13:20 AM7/25/22
to dnspython-users
I'm using dnspython to check DNS records against an internal system and have some questions about the zone transfer code.
1) Can someone provide an example of using dns.query.inbound_xfr as a replacement for dns.query.xfr? I have found examples of using the, now deprecated, xfr method and would like to make sure that I'm not relying on depreciated code.
2) When reading in the results of dns.query.xfr using zone = dns.zone.from_xfr(dns.query.xfr(server, domain))
I'm seeing host results for entries that are not host entries, but rather DNSSEC entries.
For instance
VSFGSJPH9OVUP1AKGF9RVUOI49F7JCB2.ext.bbn.com. 900 IN RRSIG NSEC3 8 4 900 20220729080624 20220725072243 62481 ext.bbn.com. L2ioTVbExtZyMkHXWnKO/ROAUfLEc2DU9xc/dks+5JeIJN4D9tCOUzrW zSRnKolTWXnTYKbk0B0wNIAU1cF2TRNkJfFURHetRizLSEUZcFVgO35j D2IY/PA4cPbgzu/YJZVpRD/QOUizAcOp4xfQenB7gqmAfcHYgdq5wPfA HgxBmMjYY1FbmVSK/zK0a94XBl3BGUsQZ0KGrix45rQ/uMMF0jMCSPw1 dPWxKwXmEaWroKSVZdbqPzkaJkSD6jYUD4m6RyWybJf84RDA3ugjoODT 1Nm30prBcW2XHLWtH2L2YaQQ9F1uCfYzD5LU152nL1YnIXg5l6c50D4/ KPL/kw==
VSFGSJPH9OVUP1AKGF9RVUOI49F7JCB2.ext.bbn.com. 900 IN NSEC3 1 0 500 BD1C977E00CAE5E2 0NFDKI1QUFKINMIVM3NSPQ6M6R1TU73H A RRSIG
VSFGSJPH9OVUP1AKGF9RVUOI49F7JCB2.ext.bbn.com. 900 IN NSEC3 1 0 500 BD1C977E00CAE5E2 0NFDKI1QUFKINMIVM3NSPQ6M6R1TU73H A RRSIG
Shows up as a host with the name VSFGSJPH9OVUP1AKGF9RVUOI49F7JCB2 in the zone object. I'd like to filter these out and only get the hostnames.
I figured out that if I use "if dns.node.NodeKind.REGULAR == node.classify()" that I only see the host records that I want. Adding this to the documentation would prove helpful to others that run into this.
Bob Halley
Jul 25, 2022, 9:47:08 PM7/25/22
to dnspython-users
For 1) see below. I don't recommend using classify() for 2) as you'll exclude CNAME nodes that way, which might not be what you want. The code below just skips nodes with NSEC3 records instead.
import dns.query
import dns.rdataclass
import dns.rdatatype
import dns.zone
z = dns.zone.Zone("example")
dns.query.inbound_xfr("127.0.0.1")
for n in sorted(z.nodes.keys()):
node = z[n]
if node.get_rdataset(dns.rdataclass.IN, dns.rdatatype.NSEC3) is not None:
continue
print(z[n].to_text(n))
Jon Schewe
Aug 8, 2022, 5:39:40 PM8/8/22
to dnspython-users
Thank you for that. For those that may find this later, note that there is a missing argument to inbound_xfr, this is the code that I'm using:
zone = dns.zone.Zone(zone_name)
dns.query.inbound_xfr(server, zone)
dns.query.inbound_xfr(server, zone)
I've moved away from classify and I am checking rdset.rdtype against all of the values that I support. This should ensure that I don't miss things like you note that classify will.
Reply all
Reply to author
Forward
0 new messages