New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interesting dig on an (un)dead host. #14
Comments
Yup I could check that behavior 🤔 What is strange is that PyFunceble is programmed to check the CNAME. But it works with Here is what I'm talking about: import PyFunceble
PyFunceble.load_config(generate_directory_structure=False)
DOMAIN = "1687.ic-live.com"
DNS_SERVERS = [("1.1.1.1:53", "1.0.0.1:53"), ("8.8.8.8:53", "8.4.4.8:53")]
TO_REQUEST = ["A", "AAAA", "NS", "CNAME", "DNAME", "MX", "TXT"]
for dns in DNS_SERVERS:
print(f"===== Started with {dns} =====")
PyFunceble.DNSLOOKUP.update_nameserver(dns)
for record_type in TO_REQUEST:
print(
"TCP",
record_type,
getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(
DOMAIN, tcp=True
),
)
print(
"UDP",
record_type,
getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(
DOMAIN, tcp=False
),
)
print(f"===== Finished with {dns} =====") and the result: ===== Started with ('1.1.1.1:53', '1.0.0.1:53') =====
TCP A None
UDP A None
TCP AAAA None
UDP AAAA None
TCP NS None
UDP NS None
TCP CNAME None
UDP CNAME None
TCP DNAME None
UDP DNAME None
TCP MX None
UDP MX None
TCP TXT None
UDP TXT None
===== Finished with ('1.1.1.1:53', '1.0.0.1:53') =====
===== Started with ('8.8.8.8:53', '8.4.4.8:53') =====
TCP A None
UDP A None
TCP AAAA None
UDP AAAA None
TCP NS None
UDP NS None
TCP CNAME ['pixel.ic-live.com.']
UDP CNAME ['pixel.ic-live.com.']
TCP DNAME None
UDP DNAME None
TCP MX None
UDP MX None
TCP TXT None
UDP TXT None
===== Finished with ('8.8.8.8:53', '8.4.4.8:53') ===== I'm definitely going to switch @dead-hosts to the Google Public DNS. And don't worry. Those marked as Inactive will be automatically retested (even if removed from the original lists). Thanks for the feedback @mozdevcontrib ! I will investigate this further as we are dependent on dnspython for the DNS Lookup. |
This patch touch dead-hosts/dev-center#14.
That's odd that Google's DNS reveal one of the CNAMEs for you, while CloudFlare's reveal two CNAMEs and the AWS NS with a single DIG from my iPad in LibTerm 😁. OFC only after seeing your initial returns 👍🏼. Seriously though, many servers are setup not to respond to any type of query depending on the part(s) of the world being targeted. Hmmm. This is indeed an interesting topic.Sincerely,~ Ⓐ intr0Sent using ProtonMail Enterprise On Sun, Apr 12, 2020 at 02:29, Nissar Chababy <notifications@github.com> wrote:
Yup I could check that behavior 🤔 What is strange is that PyFunceble is programmed to check the CNAME. But it works with 8.8.8.8 but not with 1.1.1.1. I think that it will be better to globally switch (at @dead-hosts) to the Google Public DNS server.
Here is what I'm talking about:
import PyFunceble
PyFunceble.load_config(generate_directory_structure=False)
DOMAIN = "1687.ic-live.com"
TO_REQUEST = ["A", "AAAA", "NS", "CNAME", "DNAME", "MX", "TXT"]
print("===== Started with Cloudflare Public DNS =====")
PyFunceble.DNSLOOKUP.update_nameserver(["1.1.1.1:53", "1.0.0.1:53"])
for record_type in TO_REQUEST:
print(record_type, getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(DOMAIN))
print("===== Finished with Cloudflare Public DNS =====")
print("===== Started with Google Public DNS =====")
PyFunceble.DNSLOOKUP.update_nameserver(["8.8.8.8:53", "8.4.4.8:53"])
for record_type in TO_REQUEST:
print(record_type, getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(DOMAIN))
print("===== Finished with Google Public DNS =====")
and the result:
$ python test.py
===== Started with Cloudflare Public DNS =====
A None
AAAA None
NS None
CNAME None
DNAME None
MX None
TXT None
===== Finished with Cloudflare Public DNS =====
===== Started with Google Public DNS =====
A None
AAAA None
NS None
CNAME ['pixel.ic-live.com.']
DNAME None
MX None
TXT None
===== Finished with Google Public DNS =====
I'm definitely going to switch @dead-hosts to the Google Public DNS.
And don't worry. Those marked as Inactive will be automatically retested (even if removed from the original lists).
Thanks for the feedback @mozdevcontrib ! I will investigate this further as we are dependent on dnspython for the DNS Lookup.
—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.
|
Additional context
I was curious about this entry listed as inactive so I did a quick dig. Check it out. OFC whois was useless for me considering the (likely) fast-fluxing of aws buckets in combo with their CNAME scheming.
Thank-you for bringing it to my attention.
Peace brother ☮️
It's CNAME-ing to the domains listed in the 2nd answer returned in the dig. I'll have to keep an eye on them. uBlock is great at dealing with malicious sites hiding behind CNAMEs, but only on FireFox as far as I know. For now I'll keep it and also include the main host as well as CNAME scheme they're currently using and the name server Amazon gave them.
The text was updated successfully, but these errors were encountered: