Last active
March 13, 2019 14:14
-
-
Save jondkelley/c3bcec02e46b2ba311da5090aac9e9d8 to your computer and use it in GitHub Desktop.
diagnose dns with dynect
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| # pip3 install dnspython3 | |
| # pip3 install dnspython | |
| import json | |
| import dns.resolver | |
| import requests | |
| import os | |
| def get_structured_domain_inventory(): | |
| """ | |
| a function to pull the cert registry and format a list of domains to validate | |
| """ | |
| structured_map = {} | |
| with open('cert-registry.json', 'r') as f: | |
| distros_dict = json.load(f) | |
| for k, v in distros_dict.items(): | |
| rootdomain = k | |
| structured_map[rootdomain] = dict() | |
| for k, san_certificate in v.items(): | |
| for k, sandomains in san_certificate.items(): | |
| if k == "san": | |
| # find and delete san0.xyz.com, san1.xyz.com etc | |
| result = [i for i in sandomains if i.startswith('san')][0] | |
| i = sandomains.index(result) | |
| del sandomains[i] | |
| # add to structured map | |
| structured_map[rootdomain] = sandomains | |
| return structured_map | |
| my_resolver = dns.resolver.Resolver() | |
| my_resolver.nameservers = ['10.100.1.65'] | |
| DOMAIN_LIST = get_structured_domain_inventory() | |
| CPROX_IPADDR = '204.232.141.225' | |
| print("NOTICE: Using DNS resolvers {}".format(my_resolver.nameservers)) | |
| class AnsiColor(object): | |
| """ | |
| life is better in color | |
| """ | |
| header = '\033[95m' | |
| blue = '\033[1;94m' | |
| green = '\033[1;92m' | |
| yellow = '\033[93m' | |
| red = '\033[91m' | |
| end = '\033[0m' | |
| bold = '\033[1m' | |
| underline = '\033[4m' | |
| for rootdomain, domains in DOMAIN_LIST.items(): | |
| print("{bl}---------------------- {r} ----------------------{e}".format(r=rootdomain, bl=AnsiColor.blue, e=AnsiColor.end)) | |
| for domain in domains: | |
| print("{bl}Validating record type: A{e}".format(bl=AnsiColor.blue, e=AnsiColor.end)) | |
| for domain in DOMAIN_LIST: | |
| for rdata in my_resolver.query(domain, 'A') : | |
| if CPROX_IPADDR not in rdata.address: | |
| print(">>> {bold}{domain}{end}".format(bold=AnsiColor.bold, domain=domain, end=AnsiColor.end)) | |
| print(" " + domain + " IN A " + rdata.address) | |
| print(" {r}Error, SSL flagship site will fail for this domain because {under}{domain}{end}{r} does not equal {CPROX_IPADDR}. Please add the A record to fix.{end}".format(end=AnsiColor.end, under=AnsiColor.underline, r=AnsiColor.red, domain=domain, CPROX_IPADDR=CPROX_IPADDR)) | |
| else: | |
| pass | |
| print("{bl}Validating record type: SOA {e}".format(bl=AnsiColor.blue, e=AnsiColor.end)) | |
| print("Start of Authority records show the authoritatitive name service as reported by this domain through registrar.") | |
| for domain in DOMAIN_LIST: | |
| try: | |
| print(">>> {bold}{domain}{end}".format(bold=AnsiColor.bold, domain=domain, end=AnsiColor.end)) | |
| answers = my_resolver.query(domain, 'SOA') | |
| #print(' query qname:', answers.qname, | |
| print(' Record Count: ', len(answers)) | |
| print( 'SOA {') | |
| warn = False | |
| for rdata in answers: | |
| #print(' serial: %s tech: %s' % (rdata.serial, rdata.rname)) | |
| #print(' refresh: %s retry: %s' % (rdata.refresh, rdata.retry)) | |
| #print(' expire: %s minimum: %s' % (rdata.expire, rdata.minimum)) | |
| print(' %s,' % (rdata.mname)) | |
| if "dynect.net" not in rdata.mname: | |
| warn = True | |
| print(' }') | |
| except: | |
| print("Skipping...") | |
| warn = False | |
| if warn: | |
| print(" {r}WARNING: Customer not migrated to dynect.net name services. \nWe can't invest time diagnosing self-hosted name services.\n Please advice customer to delegate to our name services below. {end}".format(end=AnsiColor.end, under=AnsiColor.underline, r=AnsiColor.red, domain=domain, CPROX_IPADDR=CPROX_IPADDR)) | |
| print(" {r}Name Server: NS1.P02.DYNECT.NET {end}".format(end=AnsiColor.end, r=AnsiColor.red)) | |
| print(" {r}Name Server: NS2.P02.DYNECT.NET {end}".format(end=AnsiColor.end, r=AnsiColor.red)) | |
| print(" {r}Name Server: NS3.P02.DYNECT.NET {end}".format(end=AnsiColor.end, r=AnsiColor.red)) | |
| print(" {r}Name Server: NS4.P02.DYNECT.NET {end}".format(end=AnsiColor.end, r=AnsiColor.red)) | |
| print("{bl}Validating record type: TXT {e}".format(bl=AnsiColor.blue, e=AnsiColor.end)) | |
| for domain in DOMAIN_LIST: | |
| print(">>> {bold}{domain}{end}".format(bold=AnsiColor.bold, domain=domain, end=AnsiColor.end)) | |
| try: | |
| answers = my_resolver.query(domain, 'TXT') | |
| print(' query qname:', answers.qname, ' num ans.', len(answers)) | |
| for rdata in answers: | |
| for txt_string in rdata.strings: | |
| print(' TXT:', txt_string) | |
| except: | |
| print("Skipping...") | |
| print("{bl}Validating record type: MX {e}".format(bl=AnsiColor.blue, e=AnsiColor.end)) | |
| print("MailXchange Records handle the recipient mail servers configuration for a domain") | |
| for domain in DOMAIN_LIST: | |
| try: | |
| print(">>> {bold}{domain}{end}".format(bold=AnsiColor.bold, domain=domain, end=AnsiColor.end)) | |
| for x in my_resolver.query(domain, 'MX'): | |
| print(x.to_text()) | |
| print("") | |
| except: | |
| print("Skipping...") | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment