Re: [RFC] [NSE] DNS library

[jah <jah () zadkiel plus com>]

Hi Philip,

I've had a chance to look a little at your DNS library.  Great Job!

I've been updating ASN.nse (which in it's current incarnation is a bit
pants) to make use of it and so I've only made use of query() and
reverse() so far, but it works fine for me.
Of course, I've made use of system-dns from your patch which is exactly
what ASN needs and, again, that works lovely.

ASN needs a PTR style TXT query and I've noticed that I only ever get a
single answer even if there are more.  Perhaps query() could return a
table of strings as its first return value when there are more than one
answer?

I've attached a patch for reverse which should handle IPv6 nibbles
[RFC3596 style].  The patch would make dns.lua dependant upon the
version of ipOps I recently posted [1] because it requires an IPv6
address to be fully expanded (and then zero padded) to get 32 parts. 
I've tested reverse() to confirm that it produces the string it's
supposed to, but at this point, I've not had a single answer whilst
using it - either from ASNs TXT queries or from general PTR queries. 
I'm guessing I just haven't found a dns server that wants to play with
me, but there's always the possibility I've mis-understood or missed
something.  The patch is for the version of dns.lua you posted to this list.

Finally, I think it might be useful to return an error string in those
cases where a number is returned.  If I'm reading it right, one would
have to pairs( dns.err ) to find a string to match the error number. 
Maybe you've a reason for it and maybe I'm being really lazy...

Cheers,

jah

[1] http://seclists.org/nmap-dev/2008/q3/0226.html

--- dns.lua.orig        2008-08-15 00:38:46.734375000 +0100
+++ dns.lua     2008-08-15 00:41:33.031250000 +0100
@@ -3,6 +3,7 @@
 -- simple DNS library
 -- packet creation, encoding, decoding, querying
 
+require("ipOps")
 require("stdnse")
 
 get_servers = nmap.get_dns_servers
@@ -207,15 +208,37 @@
 ---
 -- Formats IP for reverse lookup
 --@param ip IP address string
---@return "Domain" style representation of IP as subdomain of in-addr.arpa
+--@return "Domain" style representation of IP as subdomain of in-addr.arpa or ip6.arpa
 function reverse(ip)
+   ip = ipOps.expand_ip(ip)
    if type(ip) ~= "string" then return nil end
-   local ipParts = stdnse.strsplit("%.", ip)
+   local delim = "%."
+   local arpa = ".in-addr.arpa"
+   if ip:match(":") then
+      delim = ":"
+      arpa = ".ip6.arpa"
+   end
+   local ipParts = stdnse.strsplit(delim, ip)
+   if #ipParts == 8 then
+      -- padding
+      local mask = "0000"
+      for i, part in ipairs(ipParts) do
+          ipParts[i] = mask:sub(1, string.len(mask) - string.len(part)) .. part
+      end
+      -- 32 parts from 8
+      local temp = {}
+      for i, hdt in ipairs(ipParts) do
+         for part in hdt:gmatch("%x") do
+          temp[#temp+1] = part
+         end
+      end
+      ipParts = temp
+   end
    local ipReverse = {}
    for i = #ipParts, 1, -1 do
       table.insert(ipReverse, ipParts[i])
    end
-   return table.concat(ipReverse, ".") .. ".in-addr.arpa"
+   return table.concat(ipReverse, ".") .. arpa
 end
 
 ---


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org