Projet

Général

Profil

Mentiodns » Historique » Version 10

sacha, 25/06/2018 02:15

1 1 sacha
h1. Mentiodns
2
3
Validation des DNS à partir d'une liste sur un unbound et un DNS grand FAI et comparaison des résultats ;)
4
5 4 sacha
h2. Noeud actifs
6
7
|_. Nom |_. Bloc |
8
| Mezzanine | domain_names.com_sortedad |
9
| Millicent | domain_names.com_sortedab |
10 9 sacha
| Sacha | domain_names.org_sortedaa |
11
| Sacha | domain_names.org_sortedab |
12
| Sacha | domain_names.org_sortedab |
13 10 sacha
| Sacha | domain_names.org_sortedac |
14
| Sacha | domain_names.org_sortedac |
15 4 sacha
| Taziden | domain_names.com_sortedac |
16
17
h2. Mentio
18
19
<pre>
20
#-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-#
21
#  MENTIODNS : Check for lying DNS (France)  #
22
#--------------------------------------------#
23
#  Version 1.2 - Round robin on DNS_ISP_LIST #
24
#                For each request            #
25
#  Version 1.1 - Allow resume on basename    #
26
#  Version 1.0 - Parallel process with DIG   #
27
#--------------------------------------------#
28
# (c) Sacha at Aquilenet.fr part of FFDN.org #
29
#--------------------------------------------#
30 1 sacha
31
# This shity script intend to bruteforce the ISP lying DNS Servers to identify which one
32 4 sacha
# is going on Ministry of Interior Blocking page and compare the IP result from your favorite DNS server
33 9 sacha
# Use this script with the following paramters
34
# 1 - domain names file (file with list of domain names whithout the tld
35 4 sacha
# 2 - position number if it is not given the script will start at the begining
36 1 sacha
# If you relanch the script it will check if it has a counter for the given file to resume
37
# Blacklisted sites in $BLACKLIST_LOG file
38 9 sacha
# Diff ip from a domain name are in $DIFF_LOG
39 1 sacha
40 9 sacha
#############################
41
# TO CHANGE !
42
HOMEDIR="/root/MENTIODNS"
43
DNS_MY="10.11.12.254"
44
#############################
45 1 sacha
46 9 sacha
#--------------------------------------
47
# Parameters to the script
48
# $1 DNS source file name
49
DNS_SOURCE=$1
50
51
# $2 TLD name (com, org...)
52
tld=$2
53
54
# line counter from the dns source file, nothing for auto-resuming
55
COUNT=$3
56
#--------------------------------------
57
58
# Number of parallel requests thruw dig
59
parallel=10
60
61
# Colors
62 4 sacha
RED='\e[31m'
63
GREEN='\e[32m'
64
YELLOW='\e[33m'
65
NC='\033[0m' # No Color
66
67
DNS_SOURCE_BASENAME=`basename $DNS_SOURCE`
68
DIFF_LOG="$HOMEDIR/DNS_DIFF"
69
BLACKLIST_LOG="$HOMEDIR/DNS_BLACKLISTED"
70
71
lines=`wc -l $DNS_SOURCE|awk -F " " '{print $1}'`
72
countfile="$HOMEDIR/DNS_Count-$DNS_SOURCE_BASENAME"
73
74
DNS_ISP_LIST="$HOMEDIR/check-DNS_ISP_LIST"
75
76
DIG_FAST="+timeout=1 +tries=2"
77
DIG_SLOW="+timeout=5 +tries=3 "
78 1 sacha
79 4 sacha
_check(){
80
i=0
81
url=""
82
while [ $i -lt $parallel ]
83
do
84 1 sacha
n=`expr $count + $i`
85 4 sacha
ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1`
86
url="$url @$ISP_DNS `awk -v n="${n}" 'NR==n {print;exit}' $DNS_SOURCE`.$tld"
87
i=`expr $i + 1`
88
done
89
}
90
91
#--------------------------------------
92 9 sacha
if [ -z $COUNT ]; then
93 4 sacha
        if [ -f $countfile ]; then
94
        count=`cat $countfile`
95
        else
96
        count=0
97
        echo $count > $countfile
98
        fi
99 9 sacha
else count=$COUNT
100 4 sacha
echo $count > $countfile
101
fi
102
#--------------------------------------
103
104
while [ "$count" != "$lines" ]; do
105
echo $count > $countfile
106
_check
107
site="$url"
108
echo "-------------------------------------------------------------------------------"
109
echo "#$count `date +%Y%m%d-%H%M%S` SITE:$site"
110
nomentio=`dig +short @$DNS_MY $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '`
111
mentio=`dig +short $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '`
112
if [ -n "$nomentio" ] && [ -n "$mentio" ]; then
113
    if [ "$nomentio" != "$mentio" ]; then
114
        for i in $site; do
115
                nomentio1=`dig +short $DIG_FAST @$DNS_MY $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '`
116
                ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1`
117
                mentio1=`dig +short $DIG_FAST @$ISP_DNS $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '`
118
                        if [ "$nomentio1" != "$mentio1" ]; then
119
                                if [ $mentio1 == "90.85.16.52" ]; then
120
                                        echo -e "$RED! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC"
121
                                        echo "! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $BLACKLIST_LOG
122
                                else
123
                                echo -e "$YELLOW> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1 $NC"
124
                                echo "> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1" >> $DIFF_LOG
125
                                fi
126
                        fi
127
        done
128
    else
129
    echo -e "$GREEN=#$count  SITE: $site  $NC"
130
    fi
131
fi
132
#echo "0 SITE: $count PUB: $nomentio PRIV: $mentio"
133
134
count=`expr $count + $parallel`
135
136
done
137
138
</pre>
139
140
h2. Test (valide au 14/06/18)
141
142
 dig +short shahamat1.com
143 5 sacha
 90.85.16.52
144
145 1 sacha
h2. Liste de serveurs DNS FAI Français
146
147 7 sacha
h3. Free - ASN12322
148 3 sacha
149 1 sacha
212.27.40.240
150
212.27.40.241
151
212.27.40.244
152
212.27.40.245
153
154 7 sacha
h3. Bouygues - ASN5410
155 3 sacha
156 2 sacha
194.158.122.10
157
194.158.122.15
158 1 sacha
159 7 sacha
h3. SFR/Numericable - ASN5410
160 3 sacha
161 1 sacha
89.2.0.1
162
89.2.0.2
163
164 7 sacha
h3. Orange - ASN3215
165 3 sacha
166 1 sacha
80.10.246.1
167
80.10.246.2
168
80.10.246.3
169
80.10.246.5
170
80.10.246.7
171
80.10.246.129
172
80.10.246.130
173
80.10.246.132
174
80.10.246.134
175
80.10.246.136
176
81.253.149.1
177
81.253.149.2
178
81.253.149.6
179
81.253.149.9
180
81.253.149.10
181
182 2 sacha
h3. OBS (ouverts)
183 3 sacha
184 1 sacha
194.2.0.20
185
194.2.0.50
186 6 sacha
187
h2. Vigies de la neutralité
188
189
https://ooni.torproject.org
190
https://respectmynet.eu
191 8 sacha
192
h2. Cadre légal
193
194
https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000801164&fastPos;=2&fastReqId;=606073666&categorieLien;=cid&oldAction;=rechTexte#LEGIARTI000029756525        
195
le décret https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=LEGITEXT000030315036&dateTexte;=20150305&categorieLien;=cid#LEGITEXT000030315036  
196
https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=JORFTEXT000030195477&dateTexte;=20180619