[Twisted-Python] How to get the client ip when it ask a resolution with twisted.names

Sun May 2 00:56:46 MDT 2021

Hi Adi, all,
First, thx for your reply.
I think your solution may not be the good one, but for sure, you put me on the good track, so thx a lot.

What I currently did :
I did an inheritance of DNSServerFactory to be able to add the "address" propertie on my query object.
It looks like that :

class DNSServerFactory2(server.DNSServerFactory):

   def handleQuery(self, message, protocol, address):
        query = message.queries[0]
        query.address = address
        message.queries[0] = query
        from pprint import pprint
        pprint(vars(message.queries[0]))
        return super().handleQuery(message, protocol, address) # @  this point the resolver is called in the DNSServerFactory.

In the log i have that :
2021-05-02 08:47:58+0200 [-] {'address': ('127.0.0.1', 60750),
2021-05-02 08:47:58+0200 [-]  'cls': 1,
2021-05-02 08:47:58+0200 [-]  'name': <twisted.names.dns.Name object at 0x13c8e38b0>,
2021-05-02 08:47:58+0200 [-]  'type': 1}
So the propertie looks added...

But after that, I am going to the resolver and at that moment, the address propertie is missing...?!

def query(self, query, timeout=None):
        from pprint import pprint
        pprint(vars(query))

in the logs :
2021-05-02 08:47:58+0200 [-] {'cls': 1, 'name': <twisted.names.dns.Name object at 0x13c8e3880>, 't
ype': 1}
So there is no anymore the address propertie that i have added just before...

What am i missing?

Thx

Benoît

Le Samedi, Mai 01, 2021 11:18 CEST, Adi Roiban <adi at roiban.ro> a écrit:
 Hi On Sat, 1 May 2021 at 07:43, contact at benoit-laviale.fr <contact at benoit-laviale.fr> wrote:Dear all,

I am working on twisted names since some days to make kind of filtering system (with domains blacklists).
So I made my own resolver that can reply defer.fail(error.DomainError()) to send the query to the next resolver (and in this case, it will be resolve) or defer.fail(dns.AuthoritativeDomainError(query.name.name)) to reply NXDOMAIN that can "block" the domain to the final client.    

That part is working well.

Next, i would like to "block" the resolution regarding the device (Mac address/IP/???).

I would like something like that :

if self.query.meta.client.ip == b"192.168.0.5" or self.query.meta.client.mac == "XX:YY:ZZ:....":
         self.do_something()

My use case is that device of Kelly, (Kelly is a teenager of 12 years) cant use youtube.com at all, but other devices are allowed to get the resolution.
How can I get the IP/Name/mac (an identifier) of the device that's querying my custom dns?
I read something about datagrams, but in my case i think i must get this information in my resolver...

Thx and cheers. I think you are using DNS over UDP... so to understand how UDP works with Twisted you can check this pagehttps://twistedmatrix.com/documents/current/core/howto/udp.html  I have never used Twisted names so I am just trying to help based on my general knowledge of Twisted design... but I think the entry point is here https://github.com/twisted/twisted/blob/63649469c1fe46d8a713e8034239ac3cc0498ea7/src/twisted/names/dns.py#L3242 then it goes to here https://github.com/twisted/twisted/blob/63649469c1fe46d8a713e8034239ac3cc0498ea7/src/twisted/names/server.py#L538 and then in handleQuery where I see that the  query is done without the `address`...but the address is available again in`gotResolverResponse`.. so maybe that help ------- Hope it helps Cheers --Adi Roiban

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20210502/6fd8610d/attachment.htm>