-
-
Save akshaybabloo/2a1df455e7643926739e934e910cbf2e to your computer and use it in GitHub Desktop.
| #!/usr/bin/env python | |
| # -*- coding utf-8 -*- | |
| # | |
| # Copyright 2016 Akshay Raj Gollahalli | |
| import dns.resolver | |
| def get_records(domain): | |
| """ | |
| Get all the records associated to domain parameter. | |
| :param domain: | |
| :return: | |
| """ | |
| ids = [ | |
| 'NONE', | |
| 'A', | |
| 'NS', | |
| 'MD', | |
| 'MF', | |
| 'CNAME', | |
| 'SOA', | |
| 'MB', | |
| 'MG', | |
| 'MR', | |
| 'NULL', | |
| 'WKS', | |
| 'PTR', | |
| 'HINFO', | |
| 'MINFO', | |
| 'MX', | |
| 'TXT', | |
| 'RP', | |
| 'AFSDB', | |
| 'X25', | |
| 'ISDN', | |
| 'RT', | |
| 'NSAP', | |
| 'NSAP-PTR', | |
| 'SIG', | |
| 'KEY', | |
| 'PX', | |
| 'GPOS', | |
| 'AAAA', | |
| 'LOC', | |
| 'NXT', | |
| 'SRV', | |
| 'NAPTR', | |
| 'KX', | |
| 'CERT', | |
| 'A6', | |
| 'DNAME', | |
| 'OPT', | |
| 'APL', | |
| 'DS', | |
| 'SSHFP', | |
| 'IPSECKEY', | |
| 'RRSIG', | |
| 'NSEC', | |
| 'DNSKEY', | |
| 'DHCID', | |
| 'NSEC3', | |
| 'NSEC3PARAM', | |
| 'TLSA', | |
| 'HIP', | |
| 'CDS', | |
| 'CDNSKEY', | |
| 'CSYNC', | |
| 'SPF', | |
| 'UNSPEC', | |
| 'EUI48', | |
| 'EUI64', | |
| 'TKEY', | |
| 'TSIG', | |
| 'IXFR', | |
| 'AXFR', | |
| 'MAILB', | |
| 'MAILA', | |
| 'ANY', | |
| 'URI', | |
| 'CAA', | |
| 'TA', | |
| 'DLV', | |
| ] | |
| for a in ids: | |
| try: | |
| answers = dns.resolver.query(domain, a) | |
| for rdata in answers: | |
| print(a, ':', rdata.to_text()) | |
| except Exception as e: | |
| print(e) # or pass | |
| if __name__ == '__main__': | |
| get_records('google.com') |
@micheleberardi I'm afraid that you might need to know the subdomains. I don't think we can do that in this library. If you are using cloudflare, or any domain registry that provide APIs you can use those to retrieve them.
@micheleberardi use sublist3r
Simpler version
import dns
answers = []
for query_type in dns.rdatatype.RdataType:
try:
answers.extend(list(dns.resolver.resolve(domain, query_type)))
except dns.exception.DNSException:
continue
@micheleberardi use sublist3r
or dns-crawler
@micheleberardi use sublist3r
Thanks
@micheleberardi use sublist3r
or
dns-crawler
thanks
Thanks, this helped my alot.
This was helpful, thanks
Nice code !! 1 question if i want to test wildcard domain like *.bucksense.com to get all records A ?
Thanks
then you just query the wildcard domain ;)
dns.resolver.resolve('*.' + domain)
getting all A records is nonsensical in this case, any subdomain will match the wildcard and return the same value as the '*' subdomain
Hello there,
I am new to dnspython, I would like to write a script to update dns records for my network devices.
does anyone have a sniper to share with me please.
Thank you,
then you just query the wildcard domain ;)
dns.resolver.resolve('*.'` + domain)
I know it's an old post but...
You definitely never tested what you wrote. It doesn't work like this.
You will get an error "The DNS Query name does not exist"
What? I use this in production environments constantly, I'm sure it works, and the error you are seeing is exactly what you would expect.
You obviously didn't test this :p
if a wildcard domain exists you will get the result
>>> import dns
>>> import dns.resolver
>>> dns.resolver.resolve('*.tweakers.net').response.answer
[<DNS *.tweakers.net. IN A RRset: [<31.22.80.152>, <213.239.154.30>, <213.239.154.31>]>]
If one does not exist you will get th error
dns.resolver.NXDOMAIN: The DNS query name does not exist:
So my answer is exactly the answer to the question:
Is there a wildcard domain in place, if there is not, you will get an error, if there is, you will get a response.
as I noted in my answer, getting all A records is nonsensical, since there is a wildcard domain there is no list of all A records, every record will resolve to the ip's in the wildcard domain.
If you want to know if a record resolves to something else you will have to bruteforce all possibel subdomains and compare the answer with the response for the wildcard domain ,(or if the dns server is open, request a zone transfer)
You can tell a wildcard match from a non wildcard by comparing the results
e.g.
>>> dns.resolver.resolve('thereisnosuchthing.tweakers.net').response.answer
[<DNS thereisnosuchthing.tweakers.net. IN A RRset: [<213.239.154.30>, <213.239.154.31>, <31.22.80.152>]>]
Matches the wildcard result, so this is likely not defined anywhere, just a match
>>> dns.resolver.resolve('gathering.tweakers.net').response.answer
[<DNS gathering.tweakers.net. IN CNAME RRset: [<tweakers.net.>]>, <DNS tweakers.net. IN A RRset: [<213.239.154.31>]>]
Aha, this is something else than the wildcard response, so this is a domain that is explicitly defined as a cname record
@JensTimmerman
hum, strange! I've tested with *.tweakers.net, and i get the records as you said.
The goal of my script was to see all the records prior a transfer from Wix to GoDaddy, and for some reasons, with a domain registered at Wix, this fail. Once the same domain is transferred at GoDaddy, it work.
But as for what i need (produce a zone file to import in GoDaddy), it won't be useful and i'll need to find these records from a combination of Selenium with Chrome driver, and maybe BeautifulSoup in python.
Nice code !! 1 question if i want to test wildcard domain like *.bucksense.com to get all records A ?
Thanks