在DNS查询中,axfr类型是Authoritative Transfer的缩写,指请求传送某个区域的全部记录。
前面三篇日志中,笔者分别使用nmap、dig、nslookup来查询域传送记录。
本篇介绍自己动手,用python写一个简单的DNS客户端,仅实现axfr查询,并且只处理A记录。
DNS消息的格式
DNS请求和响应,都是由5个区块组成的,如下图所示:
+---------------------+
| Header |
+---------------------+
| Question | the question for the name server
+---------------------+
| Answer | RRs answering the question
+---------------------+
| Authority | RRs pointing toward an authority
+---------------------+
| Additional | RRs holding additional information
+---------------------+
1
2
3
4
5
6
7
8
9
10
11
+---------------------+
|Header|
+---------------------+
|Question|thequestionforthenameserver
+---------------------+
|Answer|RRsansweringthequestion
+---------------------+
|Authority|RRspointingtowardanauthority
+---------------------+
|Additional|RRsholdingadditionalinformation
+---------------------+
axfr请求的包,只填充header和Question区块就可以了。
Header区块的格式
Header的格式是这样的:
1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID |
+--+--+--+--+--+--+--+