This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] Easy way to view DNS results?
- Previous message (by thread): [atlas] Easy way to view DNS results?
- Next message (by thread): [atlas] Easy way to view DNS results?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Seth David Schoen
schoen at loyalty.org
Tue Jul 25 07:31:46 CEST 2023
Micha Bailey writes:
> Hi, I’m wondering if I’m missing something - I ran a DNS measurement with
> 110 probes, and the results are in, but the site UI seems to only show the
> result status and time elapsed until response, but not the results
> themselves. Looking at the JSON from the result endpoint I’m seeing that it
> seems to return the raw binary response - is there a particular reason it
> can’t be parsed and displayed in a more human-readable format? I know there
> are libraries and tools that do result parsing, but being on mobile at the
> moment (and often) means those are somewhat less accessible as far as I’m
> aware.
Hi Micha,
Do you mean the way that the JSON contains the "abuf" field with the
base64-encoded DNS response?
I have actually not worked with these before, but I was able to make some
progress in Python as follows (using the python3-dnspython package).
You could modify the "to_text()" call to print out some more specific
information from the DNS reply of interest to you, or modify the enclosing
print() to save it elsewhere.
I don't know why there isn't a parsed version of the reply included in
the JSON, but perhaps the idea is that the literal details are of
interest to some researchers. One example that I happened to notice
in trying to answer your question: in parsing a sample DNS measurement
this way, I notice the use of DNS case randomization (also called "0x20
randomization") in some replies but not in others. Having the literal
DNS query reply could help with analyzing the prevalence of this
mechanism, whereas it might be obscured by a parser that was written by
someone who believed that DNS replies are not case insensitive (which
is true from one point of view, but not from another point of view!).
#!/usr/bin/env python3
import json
import base64
from dns import message
import sys
measurements = json.load(open(sys.argv[1]))
for measurement in measurements:
if "resultset" in measurement:
for resultsetitem in measurement["resultset"]:
if "result" in resultsetitem:
abuf = resultsetitem["result"]["abuf"]
msg = message.from_wire(base64.b64decode(abuf))
print(msg.to_text())
print()
- Previous message (by thread): [atlas] Easy way to view DNS results?
- Next message (by thread): [atlas] Easy way to view DNS results?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]