• Stars
    star
    648
  • Rank 69,480 (Top 2 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 5 years ago
  • Updated 10 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

DNS Validator

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

Python 3.2|3.6 License Twitter Twitter

DNSValidator

DNS Validator's approach is different to other DNS query validation tools. This tool performs multiple validation steps on each resolver:

  • Baselines non-geolocated domain names against "trusted" public DNS resolvers, 1.1.1.1, 8.8.8.8 and 9.9.9.9
    • For each resolver being tested DNS Validator ensures that each baselined domain name resolves to the same IP Address.
      • Servers that return an answer that differs from the baseline are immediately skipped
  • Performs DNS lookup of known commonly spoofed DNS addresses to ensure NXDOMAIN is returned when expected.
    • Resolvers that do not return NXDOMAIN for random subdomains of known target domains are immediately skipped.

Usage

Argument Description
(stdin) Pipe target lists from another application to verify.
-t Specify a target DNS server to verify.
-tL Specify a list of targets or a URL to a list of targets
-e Specify a target exclusion.
-eL Specify a list of targets or a URL to a list of targets to exclude.
-r Specify a root domain to compare to. Must be non-geolocated or most resolvers will fail.
-q Specify a resolver query to use (default:dnsvalidator)
-threads Specify the maximum number of threads to run at any one time (DEFAULT:5)
-timeout Specify a timeout value in seconds for any single thread (DEFAULT:600)
-o Specify an output file to write successful output to.
--no-color If set then any foreground or background colours will be stripped out
--silent If set then only successfully resolved servers will be displayed and banners and other information will be redacted.
-v If set then verbose output will be displayed in the terminal.

Setup

Install using:

$ python3 setup.py install

Dependencies will then be installed and DNS Validator will be added to your path as dnsvalidator.

Examples:

CLI:

$ dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 20 -o resolvers.txt

Docker:

Build

$ docker build -t dnsvalidator .

Run:

$ docker run -v $(pwd):/dnsvalidator/output -t dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 20 -o /dnsvalidator/output/resolvers.txt

Caveats

  • WARNING Keep the thread count to a reasonable level and/or use a VPS/VPN appropriately. Pushing the thread count too high can make it look like you are attempting to attack DNS servers, resulting in network level DNS blocks from your ISP. Ask us how we know...
  • Root domains used for baseline tests must not be geolocated; specifically they must return the same IP address regardless of the location on the planet they are resolved from. Domains such as google.com or facebook.com (and many others) are not suitable for baselines, as they return a geo-located IP address when resolved.
    • Using a root domain that is geo-located will result in only resolvers local to the user being returned as valid.