jmg
/
privrdns
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A hack to provide some privacy to DNS queries.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
34 KiB
 
 
Tree: 3c62776db1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3c62776db1'
${ noResults }
privrdns/privrdns/__init__.py

214 lines
6.2 KiB
Raw Blame History 

  1. #!/usr/bin/env python

  2. #

  3. # Copyright 2019 John-Mark Gurney.

  4. # All rights reserved.

  5. #

  6. # Redistribution and use in source and binary forms, with or without

  7. # modification, are permitted provided that the following conditions

  8. # are met:

  9. # 1. Redistributions of source code must retain the above copyright

  10. #    notice, this list of conditions and the following disclaimer.

  11. # 2. Redistributions in binary form must reproduce the above copyright

  12. #    notice, this list of conditions and the following disclaimer in the

  13. #    documentation and/or other materials provided with the distribution.

  14. #

  15. # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

  16. # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  17. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  18. # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  19. # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  20. # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  21. # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  22. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  23. # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  24. # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  25. # SUCH DAMAGE.

  26. #

  27. 

  28. __author__ = 'John-Mark Gurney'

  29. __copyright__ = 'Copyright 2019 John-Mark Gurney.  All rights reserved.'

  30. __license__ = '2-clause BSD license'

  31. __version__ = '0.1.0.dev'

  32. 

  33. import asyncio

  34. import dns

  35. import socket

  36. import unittest

  37. 

  38. from dnslib import DNSRecord, DNSQuestion, RR, QTYPE, A, digparser

  39. from ntunnel import async_test, parsesockstr

  40. 

  41. class DNSCache(object):

  42. 	def __init__(self):

  43. 		self._data = {}

  44. 

  45. 		# preload some values:

  46. 		self._data.update({

  47. 			('.', 'DS'): [ ('.', 'IN', 'DS', 20326, 8, 2,

  48. 			    bytes.fromhex('E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D'))],

  49. 		})

  50. 

  51. 	def get(self, name, rtype):

  52. 		return self._data[(name, rtype)]

  53. 

  54. class Resolver(object):

  55. 	'''Resolve DNS names to records.

  56. 

  57. 	Either serve it from the cache, or do a query.  If the query

  58. 	can be DNSSEC validated, do it via the privacy querier if not,

  59. 	via the trusted one.'''

  60. 

  61. def _writepkt(wrr, bts):

  62. 	wrr.write(len(bts).to_bytes(2, 'big'))

  63. 	wrr.write(bts)

  64. 

  65. async def _readpkt(rdr):

  66. 	nbytes = int.from_bytes(await rdr.readexactly(2), 'big')

  67. 	return await rdr.readexactly(nbytes)

  68. 

  69. class ServerResolver(object):

  70. 	'''Ask a specific server a question, and return the result.'''

  71. 

  72. 	def __init__(self, rdrwrr):

  73. 		'''Pass in the reader and writer pair that is connected

  74. 		to the server.'''

  75. 

  76. 		self._reader, self._writer = rdrwrr

  77. 

  78. 	async def resolve(self, q):

  79. 		pkt = DNSRecord(questions=[q])

  80. 		pktbytes = pkt.pack()

  81. 

  82. 		_writepkt(self._writer, pktbytes)

  83. 

  84. 		pkt = await _readpkt(self._reader)

  85. 		resp = DNSRecord.parse(pkt)

  86. 

  87. 		return resp.rr

  88. 

  89. class DNSProc(asyncio.DatagramProtocol):

  90. 	def connection_made(self, transport):

  91. 		#print('cm')

  92. 		self.transport = transport

  93. 

  94. 	def datagram_received(self, data, addr):

  95. 		#print('dr')

  96. 		pkt = DNSRecord.parse(data)

  97. 		#print(repr((pkt, addr)))

  98. 

  99. 		d = pkt.reply()

  100. 		d.add_answer(RR("xxx.abc.com",QTYPE.A,rdata=A("1.2.3.4")))

  101. 		data = d.pack()

  102. 		self.transport.sendto(data, addr)

  103. 

  104. async def dnsprocessor(sockstr):

  105. 	proto, args = parsesockstr(sockstr)

  106. 

  107. 	if proto == 'udp':

  108. 		loop = asyncio.get_event_loop()

  109. 		#print('pre-cde')

  110. 		trans, protocol = await loop.create_datagram_endpoint(DNSProc,

  111. 		    local_addr=(args.get('host', '127.0.0.1'), args['port']))

  112. 		#print('post-cde', repr((trans, protocol)), trans is protocol.transport)

  113. 	else:

  114. 		raise ValueError('unknown protocol: %s' % repr(proto))

  115. 

  116. def _asyncsockpair():

  117. 	'''Create a pair of sockets that are bound to each other.

  118. 	The function will return a tuple of two coroutine's, that

  119. 	each, when await'ed upon, will return the reader/writer pair.'''

  120. 

  121. 	socka, sockb = socket.socketpair()

  122. 

  123. 	return (asyncio.open_connection(sock=socka),

  124. 	    asyncio.open_connection(sock=sockb))

  125. 

  126. class Tests(unittest.TestCase):

  127. 	@async_test

  128. 	async def test_processdnsfailures(self):

  129. 		port = 5

  130. 		with self.assertRaises(ValueError):

  131. 			dnsproc = await dnsprocessor(

  132. 			    'tcp:host=127.0.0.1,port=%d' % port)

  133. 			#print('post-dns')

  134. 

  135. 	@async_test

  136. 	async def test_processdns(self):

  137. 		# start the dns processor

  138. 		port = 38394

  139. 		dnsproc = await dnsprocessor(

  140. 			    'udp:host=127.0.0.1,port=%d' % port)

  141. 

  142. 		# submit a query to it

  143. 		digproc = await asyncio.create_subprocess_exec('dig',

  144. 		    '@127.0.0.1', '-p', str(port), '+dnssec', '+time=1',

  145. 		    'www.funkthat.com.',

  146. 		    stdout=asyncio.subprocess.PIPE)

  147. 

  148. 		# make sure it exits successfully

  149. 		self.assertEqual(await digproc.wait(), 0)

  150. 

  151. 		stdout, stderr = await digproc.communicate()

  152. 

  153. 		rep = list(digparser.DigParser(stdout))

  154. 		self.assertEqual(len(rep), 1)

  155. 		#print('x', repr(list(rep)))

  156. 

  157. 	def test_cache(self):

  158. 		# test that the cache

  159. 		cache = DNSCache()

  160. 

  161. 		# has the root trust anchors in it

  162. 		dsrs = cache.get('.', 'DS')

  163. 

  164. 		self.assertEqual(dsrs, [ ('.', 'IN', 'DS', 20326, 8, 2,

  165. 		    bytes.fromhex('E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D')) ])

  166. 

  167. 	@async_test

  168. 	async def xtest_query(self):

  169. 		# test that the query function

  170. 		q = await query_record('com.', 'DS')

  171. 

  172. 	@async_test

  173. 	async def test_realresolver(self): # pragma: no cover

  174. 		# This is to test against a real resolver.

  175. 		host = 'gold'

  176. 		res = ServerResolver(await asyncio.open_connection(host, 53))

  177. 

  178. 		resquestion = DNSQuestion('example.com')

  179. 		print(repr(await res.resolve(resquestion)))

  180. 

  181. 	@async_test

  182. 	async def test_questionresolver(self):

  183. 		client, server = _asyncsockpair()

  184. 		res = ServerResolver(await client)

  185. 

  186. 		rdr, wrr = await server

  187. 

  188. 		# constants

  189. 		resquestion = DNSQuestion('example.com')

  190. 		resanswer = RR.fromZone('example.com. A 192.0.2.10\nexample.com. A 192.0.2.11')

  191. 

  192. 		# start the query

  193. 		ans = asyncio.create_task(res.resolve(resquestion))

  194. 

  195. 		# Fetch the question

  196. 		question = await _readpkt(rdr)

  197. 		dnsrec = DNSRecord.parse(question)

  198. 

  199. 		# Make sure we got the correct question

  200. 		self.assertEqual(dnsrec.get_q(), resquestion)

  201. 

  202. 		# Generate the reply

  203. 		rep = dnsrec.reply()

  204. 		rep.add_answer(*resanswer)

  205. 		repbytes = rep.pack()

  206. 

  207. 		# Send the reply

  208. 		_writepkt(wrr, repbytes)

  209. 		wrr.write_eof()

  210. 

  211. 		# veryify the received answer

  212. 		ans = await ans

  213. 		self.assertEqual(ans, resanswer)