DNS可读形式

本文介绍了DNS可读形式的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想尝试一个非常简单的想法.假设我有一个浏览器，例如chrome，我想搜索域名的ip，例如 www.google.com .我使用Windows 7，并且已将dns查找属性设置为manual，并给出了我的服务器(使用Python编写的运行地址)的地址 127.0.0.1 .我启动了服务器，可以看到dns查询，但是它很奇怪，因为它显示的是这样的面孔:

I have got a very simple idea in mind that i want to try out. Say i have a browser, chrome for instance, and i want to search for the ip of the domain name, say www.google.com. I use windows 7 and i have set the dns lookup properties to manual and have given the address 127.0.0.1 where my server (written in Python is running). I started my server and i could see the dns query but it was very weird as in it is showing faces like this:

WAITING FOR CONNECTION.........

.........recieved from :  ('127.0.0.1', 59339)

'V"\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06teredo\x04ipv6\tmicrosoft\x03com\x00\x00\x01\x00\x01'

等待连接的和从接收的来自我的服务器.我如何获得此消息的细分形式(人类可读形式)?

The waiting for connection and the received from is from my server. How do i get a breakdown form(a human readable form) of this message??

这是我的服务器代码(安静但基本):

This is my server code(quiet elementary but still):

这是代码:

from time import sleep 
import socket 
host='' 
port=53 
addr_list=(host,port) 
buf_siz=1024 
udp=socket.socket(socket.AF_INET,socket.SOCK_DGRAM) 
udp.bind(addr_list) 
while True: 
    print 'WAITING FOR CONNECTION.........' 
    data,addr = udp.recvfrom(buf_siz) print '.........recieved from : ',addr 
    sleep(3) 
    print data

推荐答案

如果要使用python分析查询数据，我建议使用出色的scapy库(http://www.secdev.org/projects/scapy/)它具有用于许多网络协议(包括DNS)的解码(并构建！)例程.

If you want to analyse the query data using python, I recommend the excellent scapy library (http://www.secdev.org/projects/scapy/) It's got decoding (and building!) routines for many network protocols including DNS.

这是您的原始程序，其中添加了Scapy解码:

Here's your original program with the scapy decoding added:

from time import sleep
import socket
from scapy.all import DNS #Bring in scapy's DNS decoder

host=''
port=53
addr_list=(host,port)
buf_siz=1024
udp=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
udp.bind(addr_list)
while True:
    print 'WAITING FOR CONNECTION.........'
    data,addr = udp.recvfrom(buf_siz) print '.........recieved from : ',addr
    sleep(3)
    #Decode the DNS data
    decoded = DNS(data)
    #Print the decoded packet
    decoded.show()

对于您问题中的原始数据包，将打印:

For the raw packet in your question this prints:

###[ DNS ]###
  id        = 22050
  qr        = 0L
  opcode    = QUERY
  aa        = 0L
  tc        = 0L
  rd        = 1L
  ra        = 0L
  z         = 0L
  rcode     = ok
  qdcount   = 1
  ancount   = 0
  nscount   = 0
  arcount   = 0
  \qd        \
   |###[ DNS Question Record ]###
   |  qname     = 'teredo.ipv6.microsoft.com.'
   |  qtype     = 12288
   |  qclass    = 256
  an        = None
  ns        = None
  ar        = None
###[ Raw ]###
     load      = '\x01'

Scapy安装说明位于此处: http://www.secdev.org/projects/scapy/doc/installation.html#installing-scapy-v2-x

Scapy installation instructions are here: http://www.secdev.org/projects/scapy/doc/installation.html#installing-scapy-v2-x

如果您使用ubuntu，只需 sudo apt-get install python-scapy

If you use ubuntu, just sudo apt-get install python-scapy

享受！

这篇关于DNS可读形式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！