[kwlug-disc] Getting external IP

[Ronald Barnes]

bob+kwlug at softscape.ca wrote on 2018-01-29 08:12 AM:

> Did you modify named itself with your custom code? What's actually
> listening on port 53 on your server here?!?

Wrote from scratch in Python as a learning project for Python and a 
handy utility for getting external IPs since I didn't know about the 
other choices at the time.

So, in Python:

> IP_ADDR = '0.0.0.0'
> IP_PORT = 53

> try:
>         s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
>         s.bind(( IP_ADDR, IP_PORT))
>         debugMessage(format("Bound to IP :: port --> %s :: %s " \
>                 % (IP_ADDR, IP_PORT) ), \
>                 verb=0);
>         print >> logFH, time.strftime('%Y-%m-%d %H:%M:%S'), \
>                 "STARTED LISTENING"
> except:
>         print "\nERROR binding to socket at %s :: %d:\n\t%s" \
>                 % (IP_ADDR, IP_PORT, exc_info()[1] )
>         raise SystemExit


Note that this is a non-recursive DNS server, so won't resolve, say, 
google.ca and can't become part of a DNS reflection attack:

> $ dig google.ca @kwvoip.ca
> 
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> google.ca @kwvoip.ca
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22233

"SERVFAIL" should cause client to query its second DNS server.



It does, however, return NXDOMAIN for a small list of sites I'd rather 
not have access too (*cough* advertisers *cough*).

i.e.:

> $ dig doubleclick.net @kwvoip.ca
> 
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> doubleclick.net @kwvoip.ca
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17598

NXDOMAIN indicates "I'm certain this is bad, no need to look further".


This should make it a handy primary DNS server entry at one's router to 
give a bit of an ad-free experience for all connected devices, 
regardless of whether they're running blockers on each device.


Cheers,

r b