lost and found ( for me ? )

How to send DNS queries over HTTPS to Google Public DNS with Python

Here is a sample python script of how to send DNS queries over HTTPS to Google Public DNS.

Reference
https://developers.google.com/speed/public-dns/docs/dns-over-https#supported_parameters

This script sends 3 DNS queries over HTTPS in a row with single TCP connection.
hattori@ubuntu:~/Python_works$ cat dns_over_https_keepalive.py
import requests

s = requests.Session()
res = s.get('https://dns.google.com/resolve?name=www.google.com&edns_client_subnet=100.0.0.0/24')
res_dict = res.json()
#for key, value in res_dict.iteritems():
#    print key, value
print "All responses\n", res_dict, "\n"
print "Question\n", res_dict['Question'], "\n"
print "Answer\n", res_dict['Answer'], "\n"

print "---\n"

res = s.get('https://dns.google.com/resolve?name=www.google.com&edns_client_subnet=30.0.0.0/24')
res_dict = res.json()
print "All responses\n", res_dict, "\n"
print "Question\n", res_dict['Question'], "\n"
print "Answer\n", res_dict['Answer'], "\n"

print "---\n"

res = s.get('https://dns.google.com/resolve?name=www.apple.com&edns_client_subnet=50.0.0.0/24')
res_dict = res.json()
print "All responses\n", res_dict, "\n"
print "Question\n", res_dict['Question'], "\n"
print "Answer\n", res_dict['Answer'], "\n"

Sample output
hattori@ubuntu:~/Python_works$ python dns_over_https_keepalive.py
All responses
{u'Status': 0, u'Comment': u'Response from 216.239.32.10', u'edns_client_subnet': u'100.0.0.0/21', u'AD': False, u'Question': [{u'type': 1, u'name': u'www.google.com.'}], u'CD': False, u'RD': True, u'RA': True, u'Answer': [{u'data': u'172.217.4.196', u'type': 1, u'name': u'www.google.com.', u'TTL': 299}], u'TC': False, u'Additional': []}

Question
[{u'type': 1, u'name': u'www.google.com.'}]

Answer
[{u'data': u'172.217.4.196', u'type': 1, u'name': u'www.google.com.', u'TTL': 299}]

---

All responses
{u'Status': 0, u'Comment': u'Response from 216.239.32.10', u'edns_client_subnet': u'30.0.0.0/32', u'AD': False, u'Question': [{u'type': 1, u'name': u'www.google.com.'}], u'CD': False, u'RD': True, u'RA': True, u'Answer': [{u'data': u'216.58.199.100', u'type': 1, u'name': u'www.google.com.', u'TTL': 299}], u'TC': False, u'Additional': []}

Question
[{u'type': 1, u'name': u'www.google.com.'}]

Answer
[{u'data': u'216.58.199.100', u'type': 1, u'name': u'www.google.com.', u'TTL': 299}]

---

All responses
{u'Status': 0, u'Comment': u'Response from 96.7.248.135', u'edns_client_subnet': u'50.0.0.0/0', u'AD': False, u'Question': [{u'type': 1, u'name': u'www.apple.com.'}], u'CD': False, u'RD': True, u'RA': True, u'Answer': [{u'data': u'www.apple.com.edgekey.net.', u'type': 5, u'name': u'www.apple.com.', u'TTL': 1145}, {u'data': u'www.apple.com.edgekey.net.globalredir.akadns.net.', u'type': 5, u'name': u'www.apple.com.edgekey.net.', u'TTL': 21599}, {u'data': u'e6858.dscc.akamaiedge.net.', u'type': 5, u'name': u'www.apple.com.edgekey.net.globalredir.akadns.net.', u'TTL': 3599}, {u'data': u'104.113.107.126', u'type': 1, u'name': u'e6858.dscc.akamaiedge.net.', u'TTL': 19}], u'TC': False, u'Additional': []}

Question
[{u'type': 1, u'name': u'www.apple.com.'}]

Answer
[{u'data': u'www.apple.com.edgekey.net.', u'type': 5, u'name': u'www.apple.com.', u'TTL': 1145}, {u'data': u'www.apple.com.edgekey.net.globalredir.akadns.net.', u'type': 5, u'name': u'www.apple.com.edgekey.net.', u'TTL': 21599}, {u'data': u'e6858.dscc.akamaiedge.net.', u'type': 5, u'name': u'www.apple.com.edgekey.net.globalredir.akadns.net.', u'TTL': 3599}, {u'data': u'104.113.107.126', u'type': 1, u'name': u'e6858.dscc.akamaiedge.net.', u'TTL': 19}]

run Kali Linux via vagrant and set up Metasploit

- run Kali Linux via vagrant

# vagrant init Sliim/kali-linux-2.0-amd64

# vagrant up

nnn, warning messages.
# vagrant up
Bringing machine 'default' up with 'virtualbox' provider...

   default: Warning: Authentication failure. Retrying...
   default: Warning: Authentication failure. Retrying...
   default: Warning: Authentication failure. Retrying...
   default: Warning: Authentication failure. Retrying...
#

can not access, because I am not sure credentials..
# vagrant ssh
vagrant@127.0.0.1's password:
vagrant@127.0.0.1's password:
vagrant@127.0.0.1's password:
Permission denied (publickey,password).

stop VM
# vagrant halt

download a private key.
# wget https://raw.githubusercontent.com/Sliim/pentest-env/master/ssh-keys/pentest-env

edit Vagrant file
# egrep 'private_key|username' Vagrantfile
 config.ssh.username = "root"
 config.ssh.private_key_path = "/home/foobar/Vagrant_works/Kali_linux/pentest-env"

start VM
# vagrant up

access to the VM over ssh.
Okay, I was able to access to the VM over ssh.
# vagrant ssh

root@kali:~#

root@kali:~# cat /etc/lsb-release
DISTRIB_ID=Kali
DISTRIB_RELEASE=2.0
DISTRIB_CODENAME=sana
DISTRIB_DESCRIPTION="Kali GNU/Linux 2.0"

- set up Metasploit

Reference
http://docs.kali.org/general-use/starting-metasploit-framework-in-kali

root@kali:~# service postgresql start
root@kali:~#
root@kali:~# service postgresql status
● postgresql.service - PostgreSQL RDBMS
  Loaded: loaded (/lib/systemd/system/postgresql.service; disabled)
  Active: active (exited) since Wed 2016-05-25 08:50:35 EDT; 6s ago
 Process: 1297 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 1297 (code=exited, status=0/SUCCESS)
root@kali:~#
root@kali:~# lsof -ni:5432
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
postgres 1280 postgres    6u  IPv6  18924      0t0  TCP [::1]:postgresql (LISTEN)
postgres 1280 postgres    7u  IPv4  18925      0t0  TCP 127.0.0.1:postgresql (LISTEN)
root@kali:~#

initialize DB
root@kali:~# msfdb init
Creating database user 'msf'
Enter password for new role:
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema
root@kali:~#

root@kali:~# msfconsole

msf > db_status
[*] postgresql connected to msf
msf >

Install and configure dnsdist : load balnces DNS queries based on RD bit

About dnsdist

In short, dnsdist is a software load balancer specified for DNS protocol.
Here are logs when installing dnsdist and having dnsdist forward queries based on RD bit.

Install dnsdist
$ vagrant ssh dnsdist

vagrant@dnsdist:~$ tail -1 /etc/apt/sources.list
deb [arch=amd64] http://repo.powerdns.com/ubuntu trusty-dnsdist-master main

vagrant@dnsdist:~$ cat /etc/apt/preferences.d/dnsdist
Package: dnsdist*
Pin: origin repo.powerdns.com
Pin-Priority: 600


vagrant@dnsdist:~$ sudo apt-get update ; sudo apt-get install dnsdist

Configure dnsdist

If RD bit is 0, forward DNS queries to caching name servers, 192.168.50.11.
If RD bit is 1, forward DNS queries to authoritative servers, 192.168.50.12.

Client --- vip 192.168.50.10 dnsdist --- cache ( 192.168.50.11 )
                                                        --- auth ( 192.168.50.12 )

/etc/dnsdist/dnsdist.conf
newServer({address="192.168.50.11", pool="cache"})
newServer({address="192.168.50.12", pool="auth"})

function splitSetup(servers, dq)
        if(dq.dh:getRD() == true)
        then
               print("forward queries to cache")
               return leastOutstanding.policy(getPoolServers("cache"), dq)
        else
               print("forward queries to auth")
               return leastOutstanding.policy(getPoolServers("auth"), dq)
        end
end

setServerPolicyLua("splitsetup", splitSetup)

Run dnsdist

# dnsdist -l 192.168.50.10:53
Added downstream server 192.168.50.11:53
Added downstream server 192.168.50.12:53
Listening on 192.168.50.10:53
dnsdist 0.0.980g327cbc6 comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
ACL allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10
Marking downstream 192.168.50.11:53 as 'up'
Marking downstream 192.168.50.12:53 as 'up'

> showServer
showServerPolicy() showServers()     
> showServers()
#   Name                 Address                       State     Qps    Qlim Ord Wt    Queries   Drops Drate   Lat Outstanding Pools
0                        192.168.50.11:53                 up     0.0       0   1  1          0       0   0.0   0.0           0 cache
1                        192.168.50.12:53                 up     0.0       0   1  1          0       0   0.0   0.0           0 auth
All                                                              0.0                         0       0                         
>

Dnsdist load balances non recursion queries to auth servers.
$ dig @192.168.50.10 www.foo.com +norec +short
192.168.0.100
hattori@ubuntu:~$ dig @192.168.50.10 www.foo.com +norec

; <<>> DiG 9.10.4b2 <<>> @192.168.50.10 www.foo.com +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1661
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.foo.com. IN A

;; ANSWER SECTION:
www.foo.com. 604800 IN A 192.168.0.100

;; AUTHORITY SECTION:
foo.com. 604800 IN NS localhost.

;; ADDITIONAL SECTION:
localhost. 604800 IN A 127.0.0.1
localhost. 604800 IN AAAA ::1


Dnsdist load balances recursion desired queries to cache name servers.
$ dig @192.168.50.10 www.google.com

; <<>> DiG 9.10.4b2 <<>> @192.168.50.10 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30594
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 186 IN A 172.217.25.228