collinsullivanhub
commented
3 years ago To be more clear, when using a tool like dig, the rdata field produces several NS and responses. I can link a pcap if it makes it easier.
Open collinsullivanhub opened 3 years ago
collinsullivanhub
commented
3 years ago To be more clear, when using a tool like dig, the rdata field produces several NS and responses. I can link a pcap if it makes it easier.
Trying to parse DNS responses with Scapy (see function below). My issue is all of the answers in the rdata[] field are not showing. When I do a packet capture with Wireshark, I see multiple answers in the rdata[] field, there are usually two or three answers in a single response packet for those unfamiliar with DNS.
I am only returned with one of the answers (the first). I have tried using sr() instead of sr1() and have also tried adding multi=True as a parameter when sending the packet but neither of these work.
Any ideas? I think this may be a bug
def send_query_recursion(resolver, target): dns_req = IP(dst=f'{resolver}')/UDP(dport=53)/DNS(qr=0, rd=1, qd=DNSQR(qname=f'{target}')) answer = sr1(dns_req, verbose=1) for received in answer: if received.haslayer(DNS): for x in received: print(str(x[DNS].id)) print("rrname: " + str(x[DNSRR].rrname)) print("Type: " + str(x[DNSRR].type)) if str(x[DNSRR].rclass) == "1": print("Class: " + str(x[DNSRR].rclass) + " IN") print("TTL: " + str(x[DNSRR].ttl)) print("Resource Data Length: " + str(x[DNSRR].rdlen)) print("Resource Data: " + str(x[DNSRR].rdata[:-1]))