lost and found ( for me ? )

generate DNS queries with python scapy

small tips

root@ubuntu:~# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.04"

root@ubuntu:~# uname -ri
3.8.0-25-generic x86_64
root@ubuntu:~#

# apt-get install python-scapy

With scapy, you can generate a wide variety of packets.

# cat -n dns_send_quereis.py
    1
    2
    3 #!/usr/bin/env python
    4 from scapy.all import *
    5
    6 domain = "foo.bar"
    7
    8 for i in range(0,10):
    9        s = RandString(RandNum(1,10))
   10        s1 = s.lower()
   11        q = s1 + "." + domain
   12        packet = (IP(src="192.168.11.5",dst="192.168.11.1")/UDP(sport=RandShort())/DNS(id=1000,rd=1,qd=DNSQR(qname=q)))
   13        res = sr(packet)

The following is capture data when generating DNS queries.
# tshark -r aa.pcap -R '(ip.dst==192.168.11.1)'
 1 0.000000000 192.168.11.5 -> 192.168.11.1 DNS 78 Standard query 0x03e8  A t1kf9c2sb8.foo.bar
 3 0.048929000 192.168.11.5 -> 192.168.11.1 DNS 74 Standard query 0x03e8  A p5hpfp.foo.bar
 5 0.201269000 192.168.11.5 -> 192.168.11.1 DNS 78 Standard query 0x03e8  A 3icf8bavow.foo.bar
 7 0.270188000 192.168.11.5 -> 192.168.11.1 DNS 76 Standard query 0x03e8  A ajjpm3s9.foo.bar
 9 0.307058000 192.168.11.5 -> 192.168.11.1 DNS 71 Standard query 0x03e8  A ljs.foo.bar
11 0.404297000 192.168.11.5 -> 192.168.11.1 DNS 76 Standard query 0x03e8  A brqoaf8p.foo.bar
13 0.461205000 192.168.11.5 -> 192.168.11.1 DNS 74 Standard query 0x03e8  A xtr5js.foo.bar



send malformed DNS queries
# cat -n dns_send_quereis_02.py
    1 #!/usr/bin/env python
    2
    3 from scapy.all import *
    4
    5 domain = "foo.bar"
    6
    7 for i in range(0,10):
    8        s = RandString(RandNum(1,10))
    9        s1 = s.lower()
   10        q = s1 + "." + domain
   11        packet = (IP(src="192.168.11.5",dst="192.168.11.1")/UDP(sport=RandShort())/DNS(id=1,rd=1,tc=1,ra=1,z=1,qdcount=1,ancount=1,nscount=1,arcount=1,qd=DNSQR(qname=q,qtype="A",qclass="IN")))
   12        res = sr(packet)

cap data.
Domain Name System (query)
   Transaction ID: 0x0001
   Flags: 0x0390 Standard query
       0... .... .... .... = Response: Message is a query
       .000 0... .... .... = Opcode: Standard query (0)
       .... ..1. .... .... = Truncated: Message is truncated
       .... ...1 .... .... = Recursion desired: Do query recursively
       .... .... .0.. .... = Z: reserved (0)
       .... .... ...1 .... = Non-authenticated data: Acceptable
   Questions: 1
   Answer RRs: 1
   Authority RRs: 1
   Additional RRs: 1
   Queries
       50ese2.foo.bar: type A, class IN
           Name: 50ese2.foo.bar
           Type: A (Host address)
           Class: IN (0x0001)

Linux container 0.9.0 on Ubuntu 13.04

Here’s how to use LXC ( Linux Container ) on Ubuntu 13.04

# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.04"
root@ubuntu-2:~# uname -ri
3.8.0-25-generic x86_64

install LXC via apt-get
# apt-get install lxc

# dpkg -l lxc
ii  lxc            0.9.0-0ubunt amd64        Linux Containers userspace tools


[ config file ]

I used default configuration files.
# ls /etc/init/lxc*
/etc/init/lxc-instance.conf  /etc/init/lxc-net.conf  /etc/init/lxc.conf

# ls /etc/default/lx*
/etc/default/lxc

template files
# ls /usr/share/lxc/templates/
lxc-alpine     lxc-busybox  lxc-opensuse  lxc-ubuntu
lxc-altlinux   lxc-debian   lxc-oracle    lxc-ubuntu-cloud
lxc-archlinux  lxc-fedora   lxc-sshd

[ build a container by using template files ]

build a ubuntu container with lxc-ubuntu template.
# lxc-create -t ubuntu -n ubuntu-cn1

lxc-create: No config file specified, using the default config /etc/lxc/default.conf
Checking cache download in /var/cache/lxc/raring/rootfs-amd64 ...
<snip>

nn , error
<snip>
Processing triggers for initramfs-tools ...
Download complete
Copy /var/cache/lxc/raring/rootfs-amd64 to /var/lib/lxc/ubuntu-cn1/rootfs ...
Copying rootfs to /var/lib/lxc/ubuntu-cn1/rootfs ...
lxc-create: failed to execute template 'ubuntu'
lxc-create: aborted
#

there is no /var/lib/lxc/ubuntu-cn1 direcoty..
# ls /var/lib/lxc/ubu*
ls: cannot access /var/lib/lxc/ubu*: No such file or directory

make the directory.
# mkdir /var/lib/lxc/ubuntu-cn1

try again. error.
# lxc-create -t ubuntu -n ubuntu-cn1
lxc-create: 'ubuntu-cn1' already exists

remove the directory.
# rm /var/lib/lxc/ubuntu-cn1/ -r

Seen from results of googling “lxc-create: failed to execute template” , someone faced the similar issue when LANG is not valid.

Seen from LANG environment in my box , I have specified C as LANG environment.
# echo $LANG
C

# cat /var/lib/locales/supported.d/local
ja_JP.UTF-8 UTF-8
en_US.UTF-8 UTF-8

change the LANG environment to en_US.UTF-8 from C
# export LANG=en_US.UTF-8

try again. Okay.
# lxc-create -t ubuntu -n ubuntu-cn1

lxc-create: No config file specified, using the default config /etc/lxc/default.conf
Checking cache download in /var/cache/lxc/raring/rootfs-amd64 ...
Copy /var/cache/lxc/raring/rootfs-amd64 to /var/lib/lxc/ubuntu-cn1/rootfs ...
Copying rootfs to /var/lib/lxc/ubuntu-cn1/rootfs ...
Generating locales...
 en_US.UTF-8... done
Generation complete.

##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##

'ubuntu' template installed
'ubuntu-cn1' created

start the container.
# lxc-list
WARNING: lxc-list is deprecated, please use lxc-ls --fancy.
        This symlink will be dropped in LXC 1.0.

NAME        STATE    IPV4  IPV6  AUTOSTART
------------------------------------------
ubuntu-cn1  STOPPED  -     -     NO

# lxc-start -n ubuntu-cn1
<4>init: ureadahead main process (6) terminated with status 5
<4>init: udev-fallback-graphics main process (56) terminated with status 1
<4>init: console-font main process (80) terminated with status 1
<4>init: setvtrgb main process (92) terminated with status 1
<4>init: console-setup main process (97) terminated with status 1
<30>udevd[130]: starting version 175
<4>init: failsafe main process (147) killed by TERM signal


Ubuntu 13.04 ubuntu-cn1 console

ubuntu-cn1 login:

root@ubuntu-cn1:~# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.04"

root@ubuntu-cn1:~# uname -ri
3.8.0-25-generic x86_64

The building time of the next container is very fast, because my box has already cached.
# time lxc-create -t ubuntu -n ubuntu-cn2

lxc-create: No config file specified, using the default config /etc/lxc/default.conf
Checking cache download in /var/cache/lxc/raring/rootfs-amd64 ...
Copy /var/cache/lxc/raring/rootfs-amd64 to /var/lib/lxc/ubuntu-cn2/rootfs ...
Copying rootfs to /var/lib/lxc/ubuntu-cn2/rootfs ...
Generating locales...
 ja_JP.UTF-8... up-to-date
Generation complete.

##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##

'ubuntu' template installed
'ubuntu-cn2' created

real    0m5.033s
user    0m3.144s
sys     0m2.404s

send TCP fall back DNS queries with dnspython

Here’s how to send TCP fallback DNS queries with dnspython.
dnspython supports TCP fallback since version 1.10.

many thanks.

Looking into the code also helps me understand dns.resolver.Resolver.

install dnspython on ubuntu 13.04
# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.04"

# uname -ri
3.8.0-25-generic x86_64

# apt-get install python-dnspython –y

[ enable EDN0 ]

# cat enable_edns0.py -n
# cat -n enable_edns0.py
    1  #!/usr/bin/env python
    2
    3  import dns.resolver
    4
    5  myresolver = dns.resolver.Resolver(configure=False)
    6  myresolver.use_edns(0,0,4096)
    7  myresolver.nameservers = ['192.168.10.200']
    8  result = myresolver.query('www.foo.bar','a',source="192.168.10.100")
    9  for i in result:
   10          print i

use_edns(0,0,4096)

enable edns0 = 0 , disable edns0 =  -1 ,
edns version
payload size

capture data when dnspython sending a query to the DNS server.
   Queries
       www.foo.bar: type A, class IN
           Name: www.foo.bar
           Type: A (Host address)
           Class: IN (0x0001)
   Additional records
       <Root>: type OPT
           Name: <Root>
           Type: OPT (EDNS0 option)
           UDP payload size: 4096
           Higher bits in extended RCODE: 0x0
           EDNS0 version: 0
           Z: 0x0
           Data length: 0

[ disable EDNS0 ]

# cat disable_edns0.py -n
    1  #!/usr/bin/env python
    2
    3  import dns.resolver
    4
    5  myresolver = dns.resolver.Resolver(configure=False)
    6  myresolver.use_edns(-1,0,4096)
    7  myresolver.nameservers = ['192.168.10.200']
    8  result = myresolver.query('www.foo.bar','a',tcp=False,source="192.168.10.100",source_port=50000)
    9  for i in result:
   10          print i

or you can disable edns0 by just removing the line “use_edns ..” .

cap data (  dnspython to DNS server )
   Queries
       www.foo.bar: type A, class IN
           Name: www.foo.bar
           Type: A (Host address)
           Class: IN (0x0001)

[ send only TCP queries without sending UDP queries ]

# cat -n send_TCP_queries.py
    1  #!/usr/bin/env python
    2
    3  import dns.resolver
    4
    5  myresolver = dns.resolver.Resolver(configure=False)
    6  myresolver.use_edns(0,0,4096)
    7  myresolver.nameservers = ['192.168.10.200']
    8  result = myresolver.query('www.foo.bar','a',tcp=True,source="192.168.10.100")
    9  for i in result:
   10          print i

nice tool!