How to do it...

We will use dnspython for the DNS zone transfer.

Listing 11.4 gives a simple code for a zone transfer as follows:

#!/usr/bin/env python 
# Python Network Programming Cookbook, Second Edition 
  -- Chapter - 11 
# This program is optimized for Python 2.7.12 and
  Python 3.5.2. 
# It may run on any other version with/without
  modifications. 
 
import argparse 
import dns.zone 
import dns.resolver 
import socket 
 
def main(address): 
    soa_answer = dns.resolver.query(address, 'SOA') 
    master_answer = dns.resolver.query(soa_answer[0].mname, 'A') 
    try: 
        z = dns.zone.from_xfr(dns.query.
            xfr(master_answer[0].address, address)) 
        names = z.nodes.keys() 
        names.sort() 
        for n in names: 
            print(z[n].to_text(n)) 
    except socket.error as e: 
        print('Failed to perform zone transfer:', e) 
    except dns.exception.FormError as e: 
        print('Failed to perform zone transfer:', e) 
 
 
if __name__ == '__main__': 
    parser = argparse.ArgumentParser(description='DNS Python') 
    parser.add_argument('--address', action="store",
    dest="address",  default='dnspython.org') 
    given_args = parser.parse_args()  
    address = given_args.address 
    main (address)

We test the program with a few addresses now:

$ python 11_4_dns_zone_transfer.py --address="cnn.com"
('Failed to perform zone transfer:', error(104, 'Connection reset by peer'))
    
$ python 11_4_dns_zone_transfer.py --address="google.com"
('Failed to perform zone transfer:', FormError('No answer or RRset not for qname',))
    
$ python 11_4_dns_zone_transfer.py --address="axn.com"
('Failed to perform zone transfer:', FormError('No answer or RRset not for qname',))

DNS zone transfer is a transaction where a copy of the database of the DNS server known as the zone file, is passed to another DNS server. As the zone file consists of server information that is sensitive and may open up avenues for attacks, zone servers are often restricted to the site administrators. Luckily for us, zonetransfer.me is a website set up solely for the purpose of testing zone transfers. Let's test our recipe again with this.

$ python 11_4_dns_zone_transfer.py --address="zonetransfer.me"
@ 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2014101603 172800 900 1209600 3600
@ 7200 IN RRSIG SOA 8 2 7200 20160330133700 20160229123700 44244 @ GzQojkYAP8zuTOB9UAx66mTDiEGJ26hV IIP2ifk2DpbQLrEAPg4M77i4M0yFWHpN fMJIuuJ8nMxQgFVCU3yTOeT/EMbN98FY C8lVYwEZeWHtbMmS88jVlF+cOz2WarjC dyV0+UJCTdGtBJriIczC52EXKkw2RCkv 3gtdKKVafBE=
@ 7200 IN NS nsztm1.digi.ninja.
@ 7200 IN NS nsztm2.digi.ninja.
@ 7200 IN RRSIG NS 8 2 7200 20160330133700 20160229123700 44244 @ TyFngBk2PMWxgJc6RtgCE/RhE0kqeWfw hYSBxFxezupFLeiDjHeVXo+SWZxP54Xv wfk7jlFClNZ9lRNkL5qHyxRElhlH1JJI 1hjvod0fycqLqCnxXIqkOzUCkm2Mxr8O cGf2jVNDUcLPDO5XjHgOXCK9tRbVVKIp B92f4Qalulw=
@ 7200 IN A 217.147.177.157
@ 7200 IN RRSIG A 8 2 7200 20160330133700 20160229123700 44244 @ unoMaEPiyoAr0yAWg/coPbAFNznaAlUJ W3/QrvJleer50VvGLW/cK+VEDcZLfCu6 paQhgJHVddG4p145vVQe3QRvp7EJpUh+ SU7dX0I3gngmOa4Hk190S4utcXY5FhaN 7xBKHVWBlavQaSHTg61g/iuLSB0lS1gp /DAMUpC+WzE=
@ 300 IN HINFO "Casio fx-700G" "Windows XP"
@ 300 IN RRSIG HINFO 8 2 300 20160330133700 20160229123700 44244 @ Xebvrpv8nCGn/+iHqok1rcItTPqcskV6 jpJ1pCo4WYbnqByLultzygWxJlyVzz+w JHEqRQYDjqGblOdyUgKn2FFnqb1O92kK ghcHHvoMEh+Jf5i70trtucpRs3AtlneL j2vauOCIEdbjma4IxgdwPahKIhgtgWcU InVFh3RrSwM=
@ 7200 IN MX 0 ASPMX.L.GOOGLE.COM.
@ 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
@ 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
.........
.........
www 3600 IN RRSIG NSEC 8 3 3600 20160330133700 20160229123700 44244 @ 0xCqc6tWcT11ACD24Ap68hc7HRyAcCf7 MrkDqe2HyYMGuGS9YSwosiF3QzffhuY5 qagIFbpI3f7xVGxykngThTk37/JO2Srf I7Z5kvqLHdEd6GD9sogsLqTfHE9UToOY YfuasO+IsJLyPALh89yk3bY+NipvpEPn gSnxN6ehIkc=
xss 300 IN TXT "'><script>alert('Boo')</script>"
xss 300 IN RRSIG TXT 8 3 300 20160330133700 20160229123700 44244 @ yvLf2kmOIKO22VT7Ml7/zuz7GbO2Ugvs O/VxLwXrGx+ewE12g2VCwsElYg/eMtsp jJ38g7CbUltYLc5YydsdtFV3jzDAYbaw zFvugx0zmtN6kwpDa5LHs4BBSsjBBMM0 69IeD15ko5DLi+FWmPKoy5/CBNLlvwv8 a1S58MlHpU0=
xss 3600 IN NSEC @ TXT RRSIG NSEC
xss 3600 IN RRSIG NSEC 8 3 3600 20160330133700 20160229123700 44244 @ a7tFtY1bsTwztv/khjV/NEgaOQyiI8t2 R0xgQUp9ANKmAPqu831l9rpIrwKpBF88 atlvQYTv9bRTjA/Y58WxsBYw+SOe3j3C UmHlQVbj8CJQpfJKcW1w7DoX8O1PYbWu CAhciUyh1CV4Y5a8pcPBiZBM6225h4eA dE6Ahx3SXGY=

The following screenshot shows the verbose outcome of the zone transfer of zonetransfer.me site with our Python program. You may use zonetransfer.me for further testing:

DNS Zone Transfer

You may confirm the output of the preceding DNS zone transfer by using the dig utility to perform the zone transfer as well, it is as shown following:

$ dig axfr @nsztm1.digi.ninja zonetransfer.me
; <<>> DiG 9.10.3-P4-Ubuntu <<>> axfr @nsztm1.digi.ninja zonetransfer.me
; (1 server found)
;; global options: +cmd
zonetransfer.me.  7200  IN    SOA   nsztm1.digi.ninja. robin.digi.ninja. 2014101603 172800 900 1209600 3600
......
xss.zonetransfer.me.    3600  IN    NSEC  zonetransfer.me. TXT RRSIG NSEC
xss.zonetransfer.me.    3600  IN    RRSIG NSEC 8 3 3600 20160330133700 20160229123700 44244 zonetransfer.me. a7tFtY1bsTwztv/khjV/NEgaOQyiI8t2R0xgQUp9ANKmAPqu831l9rpI rwKpBF88atlvQYTv9bRTjA/Y58WxsBYw+SOe3j3CUmHlQVbj8CJQpfJK cW1w7DoX8O1PYbWuCAhciUyh1CV4Y5a8pcPBiZBM6225h4eAdE6Ahx3S XGY=
zonetransfer.me.  7200  IN    SOA   nsztm1.digi.ninja. robin.digi.ninja. 2014101603 172800 900 1209600 3600
;; Query time: 55 msec
;; SERVER: 81.4.108.41#53(81.4.108.41)
;; WHEN: Sun Jul 23 22:06:38 CEST 2017
;; XFR size: 153 records (messages 1, bytes 16183)
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.22.74.160