Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Tag Archives: TXT

What, more Python ctypes! – DNS TXT records

Yeah I know, this is turning into a Python blog, and not a very good one at that. Still, hang in there, because all these handy little scripts will make sense soon. Yes, there’s method in the madness!

For those who missed the earlier posts, you can view info on IcmpSendEchoInternetConnectedState and WinInet (SSPI).

So we’ve covered some interesting stuff, but one thing was still bugging me… Thanks to a pointer by Didier Stevens (literally, it was a pointer issue), I managed to get a simple DnsQuery script running to gather and display DNS Text records.

Again, the script is a little large to post on the blog in its entirity, but I’ve included the dnsapi.DnsQuery_A function below for those searching for that specific function. There’s a lot more to getting this running than just the below code, but for the full info you can download the example source (dnstxt.py) below.

....
dnsquery = dnsapi.DnsQuery_A(
           dns,
           DNS_TYPE_TEXT,
           Options,
           False,
           precord,
           False,
           )
....

As with the other examples I’ve created a small (and narrowly focused) tool to retrieve DNS Text records and display them on the screen. It’s a simple script, that takes a dns name, and has options to restrict the request to UDP or TCP only if desired. It’s interesting to use UDP only to test of Text records are too large, and need TCP. Feel free to check it out on c22.cc (which is too large for UDP).

Those who’ve done any work with Python will know that there’s a few modules that you can download and install to handle DNS requests of various types. Modules like PyDNS and dnspython are going to give you more flexibility for most things. Unless you really need (or want) to go the ctypes route of course)… yes, I’m a sucker for punishment!

Example use:

The above example runs with the default UDP and TCP requests and merges the responses into a unique list to return to the user. By selecting –udponly you can restrict the request to only UDP traffic (see below)

Specifying –tcponly works the same way, but restricts to TCP only. Specifying both is just stupid ;)

dnstxt :

  • Python sourcecode –> HERE
  • dnstxt.exe –> HERE
Feel free to leave any comments if you have ideas, uses, or generally want to laugh at by bad coding ;)

Links:

  • DnsQuery Reference – MSDN
Follow

Get every new post delivered to your Inbox.

Join 231 other followers