search

MISP / misp-warninglists

Warning lists to inform users of MISP about potential false-positives or other information in indicators
http://misp.github.io/misp-warninglists/
532 stars 173 forks source link

Why hard-coded nameservers in tools/generator.py? #256

Open hkelley opened 12 months ago

hkelley commented 12 months ago

Outbound DNS is blocked in my environment. I can make the following changes locally, but a), I'm wondering what the original design objective was and b) how to make this change so that I'm not having to merge my local version with the latest git version every time I update.

https://github.com/MISP/misp-warninglists/blob/e868e50c461b2e57c0c4306bad622bc7f658ce39/tools/generator.py#L180

def create_resolver() -> dns.resolver.Resolver:
    resolver = dns.resolver.Resolver() #(configure=False)
    resolver.timeout = 30
    resolver.lifetime = 30
    resolver.cache = dns.resolver.LRUCache()
    # resolver.nameservers = ["193.17.47.1", "185.43.135.1"]  # CZ.NIC nameservers
    return resolver
adulau commented 11 months ago

The original design was to have a consistent output for the generation. We had issue that due to geo-based DNS, we had different records sets coming from different public resolver. Maybe we should improve the script to make it configurable?

hkelley commented 11 months ago

Yes, configurable (including the option to use the OS default resolver) would work for my scenario.