[Twisted-Python] Anti-Verisign DNS Filter.

Andrew Bennetts andrew-twisted at puzzling.org
Tue Sep 16 00:38:50 MDT 2003


Robert Thomson, a workmate of mine, wrote this hack to filter DNS responses
to thwart Verisign's stupid wildcard on root-level domains.  It's simple but
does the job.  Enjoy.

--- snip ---
#!/usr/bin/python
#
# Run this as root with the command
#   twistd -y anti-verisign-dns.py

from twisted.internet import app, defer
from twisted.protocols import dns
from twisted.names import client, server

roots = [
('198.41.0.4',53), ('128.9.0.107',53), ('192.33.4.12',53), ('128.8.10.90',53),
('192.203.230.10',53), ('192.5.5.241',53), ('192.112.36.4',53),
('128.63.2.53',53), ('192.36.148.17',53), ('192.58.128.30',53),
('193.0.14.129',53), ('198.32.64.12',53), ('202.12.27.33',53), ]

#roots = [('202.129.64.42',53)]   # just use my ISP's DNS

VERISIGN='@^n\x0b' # 64.94.110.11

class AntiVerisignResolver(client.Resolver):
    def filterAnswers(self, message):
        if message.trunc:
            return self.queryTCP(message.queries).addCallback(self.filterAnswers)
        else:
            for i in range(len(message.answers)):
                x = message.answers[i]
                if x.type==1 and x.payload and x.payload.address==VERISIGN:
                    message.answers[i] = None
            return (filter(lambda x:x,message.answers),
                    message.authority,
                    message.additional)

verbosity = 0
resolver = AntiVerisignResolver(servers=roots)
f = server.DNSServerFactory(clients=[resolver], verbose=verbosity)
p = dns.DNSDatagramProtocol(f)
f.noisy = p.noisy = verbosity

application = app.Application('Non caching anti-verisign domain name resolver')
application.listenUDP(53, p)
application.listenTCP(53, f)
--- snip ---

-Andrew.





More information about the Twisted-Python mailing list