Closed goofsec closed 3 years ago
elceef
commented
3 years ago This will not work with DNSPython 1.16
>>> import dns.resolver
>>> resolv = dns.resolver.Resolver()
>>> resolv.resolve('github.com')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'Resolver' object has no attribute 'resolve'However, as a workaround, I will configure stub resolver object with empty search list:
resolv.search = []
goofsec
commented
3 years ago It will work however with the most up-to-date version of DNSPython (2.0.0):
>>> import dns.resolver
>>> resolv = dns.resolver.Resolver()
>>> resolv.resolve("github.com")
<dns.resolver.Answer object at 0x7f94a94974a8>
>>> print (dns.__version__)
2.0.0
>>>I'm going to switch once 2.x is widely adopted.
goofsec
commented
3 years ago Just tried your workaround and it does not fix my problem with getting false-positives (line 3):
>>> resolv.search = []
>>> resolv.query("doesnotexist.aaa")
<dns.resolver.Answer object at 0x7f94a9497780>
>>> resolv.resolve("doesnotexist.aaa")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.6/dist-packages/dns/resolver.py", line 1030, in resolve
(request, answer) = resolution.next_request()
File "/usr/local/lib/python3.6/dist-packages/dns/resolver.py", line 585, in next_request
responses=self.nxdomain_responses)
dns.resolver.NXDOMAIN: The DNS query name does not exist: doesnotexist.aaa.Added support with backward compatibility in 05aa0655e25d2e0566b1630195c44a8182a3c273
Using resolve instead of query lowers the chance of false-positives due to misconfigured local resolvers and search lists.