[Twisted-Python] Current twisted dns client just doesn't work

Jean-Paul Calderone exarkun at twistedmatrix.com
Fri Dec 11 08:43:52 MST 2020


On Fri, Dec 11, 2020 at 10:31 AM spam tam <kuchaspama at gmail.com> wrote:

> Yes. I would like to replace ANY with A and AAAA requests.
> I created pull request: https://github.com/twisted/twisted/pull/1488
> It's an easy solution. I just request for A records and if A doesn't
> provide IP I create AAAA request.
>

Thanks for your work on this so far.  Are you interested in finishing up
the PR (at least go down the rest of the checklist)?  If so, wonderful.  If
not, it would be good to know and maybe someone else can pick up the task
from here.

Jean-Paul


>
> On Fri, Dec 11, 2020 at 6:03 PM Barry Scott <barry.scott at forcepoint.com>
> wrote:
>
>> On Friday, 11 December 2020 14:23:49 GMT spam tam wrote:
>> > Dis you read the whole my email?
>> > Did you read this:
>> > https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/
>> >
>> > ANY is not supported by internet. Sometime works sometime not
>>
>> Oh I missed that. That is very interesting.
>> Is that what you are trying to fix in twisted? The use of ANY?
>>
>> Barry
>>
>> >
>> > Пт, 11 дек. 2020 г. в 12:26, Barry Scott <barry.scott at forcepoint.com>:
>> >
>> > > On Thursday, 10 December 2020 23:29:33 GMT spam tam wrote:
>> > > > I would like to find problems with ANY. But I think that there is no
>> > > > problem.
>> > > > DNS servers don't provide standard response for ANY request. My
>> local
>> > > > machine doesn't provide correct response for request:
>> > >
>> > > So you need to fix your network infra not twisted right?
>> > >
>> > > Barry
>> > >
>> > >
>> > > >
>> > > > $ dig amazon.in any
>> > > >
>> > > > ; <<>> DiG 9.16.1-Ubuntu <<>> amazon.in any
>> > > > ;; global options: +cmd
>> > > > ;; connection timed out; no servers could be reached
>> > > >
>> > > > My VPS server provide such response:
>> > > >
>> > > > ; <<>> DiG 9.10.3-P4-Ubuntu <<>> amazon.in any
>> > > > ;; global options: +cmd
>> > > > ;; Got answer:
>> > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54130
>> > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> > > >
>> > > > ;; OPT PSEUDOSECTION:
>> > > > ; EDNS: version: 0, flags:; udp: 512
>> > > > ;; QUESTION SECTION:
>> > > > ;amazon.in.                     IN      ANY
>> > > >
>> > > > ;; ANSWER SECTION:
>> > > > amazon.in.              3599    IN      HINFO   "RFC8482" ""
>> > > >
>> > > > ;; Query time: 40 msec
>> > > > ;; SERVER: 8.8.8.8#53(8.8.8.8)
>> > > > ;; WHEN: Thu Dec 10 22:10:39 UTC 2020
>> > > > ;; MSG SIZE  rcvd: 59
>> > > >
>> > > > It sometimes provides another response. But the problem is that
>> behaviour
>> > > > with ANY is not stable.
>> > > > The present and the future of ANY are hazy. Read more here:
>> > > > https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/
>> > > >
>> > > > If you don't see the problem please provide your opinion. I would
>> like to
>> > > > find solution with ANY but it seems it is impossible.
>> > > >
>> > > > So what do you think?
>> > > >
>> > > > On Thu, Dec 10, 2020 at 8:30 PM Barry Scott <
>> barry.scott at forcepoint.com>
>> > > > wrote:
>> > > >
>> > > > > Answers to but your emails in line.
>> > > > >
>> > > > > I've added the twisted list back in so others can comment.
>> > > > >
>> > > > > On Wednesday, 9 December 2020 21:17:51 GMT spam tam wrote:
>> > > > > > As additional information you can check how operation system
>> works
>> > > with
>> > > > > dns.
>> > > > > > You can run
>> > > > > >
>> > > > > > *sudo tcpdump -i lo -v port 53*
>> > > > > > as UDP local sniffer.
>> > > > >
>> > > > > Agreed great tool to debug this stuff with.
>> > > > > And use wireshark to decode the output.
>> > > > >
>> > > > > > And run
>> > > > > >
>> > > > > > *dig google.com <http://google.com>*
>> > > > > >
>> > > > > > And you will see that it makes A request. Not ANY
>> > > > >
>> > > > > That is the dig default to use A. Use this to do a any query.
>> > > > >
>> > > > >    dig google.com any
>> > > > >
>> > > > > I checked the man page to see if anything extra can be printed
>> but it
>> > > > > looks like
>> > > > > the default is to print everything dig knows how to print. The
>> options
>> > > only
>> > > > > remove output it seems.
>> > > > >
>> > > > > > On Wed, Dec 9, 2020 at 11:42 PM spam tam <kuchaspama at gmail.com>
>> > > wrote:
>> > > > > >
>> > > > > > > Yes. You are correct. My local dns just is not stable. But try
>> > > this:
>> > > > > > >
>> > > > > > > python3.8 dns_lookup6.py amazon.in
>> > > > > > >
>> > > > > > > It provides response:
>> > > > > > >
>> > > > > > > --- dnsLookupDone ([<RR name=amazon.in type=HINFO class=IN
>> > > ttl=3599s
>> > > > > > > auth=False>], [], [])
>> > > > > > > --- dnsLookupDone RR <RR name=amazon.in type=HINFO class=IN
>> > > ttl=3599s
>> > > > > > > auth=False> type 13 payload <HINFO cpu='RFC8482' os=''
>> ttl=3599>
>> > > > > > >
>> > > > > > > There are not CNAME, A, AAAA or NS records. This means that
>> current
>> > > > > > > twisted.names.common.extractRecord will not provide IP.
>> > > > > > > What do you think about this? May be we should replace dns ANY
>> > > request
>> > > > > > > with A and AAAA?
>> > > > >
>> > > > > Now that is interesting because dig returns 54 lines of output
>> from:
>> > > > >
>> > > > >    dig amazon.in any
>> > > > >
>> > > > > (I won't paste the 54 lines).
>> > > > >
>> > > > > I good question is why did twisted not see that huge set of
>> records?
>> > > > >
>> > > > > I'd want to understand why twisted is only seeing the HINFO and
>> not all
>> > > > > the other
>> > > > > records. Fixing that would, I'm guessing, fix a lot of things.
>> > > > >
>> > > > > I'm not sure when I can look at this. Do you want to look at the
>> > > packets
>> > > > > that
>> > > > > twisted sends and receives and compared to dig?
>> > > > >
>> > > > > Barry
>> > > > >
>> > > > >
>> > > > >
>> > > > > > >
>> > > > > > > On Wed, Dec 9, 2020 at 12:16 PM Barry Scott <
>> > > > > barry.scott at forcepoint.com>
>> > > > > > > wrote:
>> > > > > > > >
>> > > > > > > > On Tuesday, 8 December 2020 21:01:56 GMT spam tam wrote:
>> > > > > > > > > I continue to investigate the issue. I try to call your
>> script
>> > > like
>> > > > > > > this:
>> > > > > > > > >
>> > > > > > > > > python dns_lookup6.py www.washingtonexaminer.com
>> > > > > > > > >
>> > > > > > > > > And get response:
>> > > > > > > > > dnsLookupFailed <twisted.python.failure.Failure
>> > > > > > > > > twisted.names.error.DNSServerError: <Message id=55958
>> rCode=2
>> > > > > > > > > maxSize=0 flags=answer,recDes,recAv
>> > > > > > > > > queries=[Query('www.washingtonexaminer.com', 255, 1)]>>
>> > > > > > > > > result.value.__dict__ {}
>> > > > > > > > >
>> > > > > > > > > Is that ok?
>> > > > > > > > >
>> > > > > > > > The output I get is this:
>> > > > > > > >
>> > > > > > > > $ python3.8 dns_lookup6.py www.washingtonexaminer.com
>> > > > > > > > Took: 0.029293
>> > > > > > > > --- dnsLookupDone ([<RR name=www.washingtonexaminer.com
>> > > type=CNAME
>> > > > > > > class=IN ttl=37s auth=False>], [], [])
>> > > > > > > > --- dnsLookupDone RR <RR name=www.washingtonexaminer.com
>> > > type=CNAME
>> > > > > > > class=IN ttl=37s auth=False> type 5 payload <CNAME name=
>> > > > > > > 4067e1ed38.10005.sucurifirewall.com ttl=37>
>> > > > > > > >
>> > > > > > > > And this is the output of dig:
>> > > > > > > >
>> > > > > > > > $ dig www.washingtonexaminer.com
>> > > > > > > >
>> > > > > > > > ; <<>> DiG 9.11.24-RedHat-9.11.24-2.fc32 <<>>
>> > > > > www.washingtonexaminer.com
>> > > > > > > > ;; global options: +cmd
>> > > > > > > > ;; Got answer:
>> > > > > > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61831
>> > > > > > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0,
>> > > ADDITIONAL: 1
>> > > > > > > >
>> > > > > > > > ;; OPT PSEUDOSECTION:
>> > > > > > > > ; EDNS: version: 0, flags:; udp: 4000
>> > > > > > > > ;; QUESTION SECTION:
>> > > > > > > > ;www.washingtonexaminer.com.    IN      A
>> > > > > > > >
>> > > > > > > > ;; ANSWER SECTION:
>> > > > > > > > www.washingtonexaminer.com. 599 IN      CNAME
>> > > > > > > 4067e1ed38.10005.sucurifirewall.com.
>> > > > > > > > 4067e1ed38.10005.sucurifirewall.com. 7199 IN A
>> 192.124.249.5
>> > > > > > > >
>> > > > > > > > ;; Query time: 50 msec
>> > > > > > > > ;; SERVER: 10.5.10.11#53(10.5.10.11)
>> > > > > > > > ;; WHEN: Wed Dec 09 09:13:54 GMT 2020
>> > > > > > > > ;; MSG SIZE  rcvd: 117
>> > > > > > > >
>> > > > > > > > Barry
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > > >
>> > > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>>
>>
>>
>>
>> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20201211/ac54e1fa/attachment.htm>


More information about the Twisted-Python mailing list