[Twisted-Python] Anti-Verisign DNS Filter.
Andrew Bennetts
andrew-twisted at puzzling.org
Tue Sep 16 00:38:50 MDT 2003
Robert Thomson, a workmate of mine, wrote this hack to filter DNS responses
to thwart Verisign's stupid wildcard on root-level domains. It's simple but
does the job. Enjoy.
--- snip ---
#!/usr/bin/python
#
# Run this as root with the command
# twistd -y anti-verisign-dns.py
from twisted.internet import app, defer
from twisted.protocols import dns
from twisted.names import client, server
roots = [
('198.41.0.4',53), ('128.9.0.107',53), ('192.33.4.12',53), ('128.8.10.90',53),
('192.203.230.10',53), ('192.5.5.241',53), ('192.112.36.4',53),
('128.63.2.53',53), ('192.36.148.17',53), ('192.58.128.30',53),
('193.0.14.129',53), ('198.32.64.12',53), ('202.12.27.33',53), ]
#roots = [('202.129.64.42',53)] # just use my ISP's DNS
VERISIGN='@^n\x0b' # 64.94.110.11
class AntiVerisignResolver(client.Resolver):
def filterAnswers(self, message):
if message.trunc:
return self.queryTCP(message.queries).addCallback(self.filterAnswers)
else:
for i in range(len(message.answers)):
x = message.answers[i]
if x.type==1 and x.payload and x.payload.address==VERISIGN:
message.answers[i] = None
return (filter(lambda x:x,message.answers),
message.authority,
message.additional)
verbosity = 0
resolver = AntiVerisignResolver(servers=roots)
f = server.DNSServerFactory(clients=[resolver], verbose=verbosity)
p = dns.DNSDatagramProtocol(f)
f.noisy = p.noisy = verbosity
application = app.Application('Non caching anti-verisign domain name resolver')
application.listenUDP(53, p)
application.listenTCP(53, f)
--- snip ---
-Andrew.
More information about the Twisted-Python
mailing list