Mentiodns » Historique » Version 10
sacha, 25/06/2018 02:15
1 | 1 | sacha | h1. Mentiodns |
---|---|---|---|
2 | |||
3 | Validation des DNS à partir d'une liste sur un unbound et un DNS grand FAI et comparaison des résultats ;) |
||
4 | |||
5 | 4 | sacha | h2. Noeud actifs |
6 | |||
7 | |_. Nom |_. Bloc | |
||
8 | | Mezzanine | domain_names.com_sortedad | |
||
9 | | Millicent | domain_names.com_sortedab | |
||
10 | 9 | sacha | | Sacha | domain_names.org_sortedaa | |
11 | | Sacha | domain_names.org_sortedab | |
||
12 | | Sacha | domain_names.org_sortedab | |
||
13 | 10 | sacha | | Sacha | domain_names.org_sortedac | |
14 | | Sacha | domain_names.org_sortedac | |
||
15 | 4 | sacha | | Taziden | domain_names.com_sortedac | |
16 | |||
17 | h2. Mentio |
||
18 | |||
19 | <pre> |
||
20 | #-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-# |
||
21 | # MENTIODNS : Check for lying DNS (France) # |
||
22 | #--------------------------------------------# |
||
23 | # Version 1.2 - Round robin on DNS_ISP_LIST # |
||
24 | # For each request # |
||
25 | # Version 1.1 - Allow resume on basename # |
||
26 | # Version 1.0 - Parallel process with DIG # |
||
27 | #--------------------------------------------# |
||
28 | # (c) Sacha at Aquilenet.fr part of FFDN.org # |
||
29 | #--------------------------------------------# |
||
30 | 1 | sacha | |
31 | # This shity script intend to bruteforce the ISP lying DNS Servers to identify which one |
||
32 | 4 | sacha | # is going on Ministry of Interior Blocking page and compare the IP result from your favorite DNS server |
33 | 9 | sacha | # Use this script with the following paramters |
34 | # 1 - domain names file (file with list of domain names whithout the tld |
||
35 | 4 | sacha | # 2 - position number if it is not given the script will start at the begining |
36 | 1 | sacha | # If you relanch the script it will check if it has a counter for the given file to resume |
37 | # Blacklisted sites in $BLACKLIST_LOG file |
||
38 | 9 | sacha | # Diff ip from a domain name are in $DIFF_LOG |
39 | 1 | sacha | |
40 | 9 | sacha | ############################# |
41 | # TO CHANGE ! |
||
42 | HOMEDIR="/root/MENTIODNS" |
||
43 | DNS_MY="10.11.12.254" |
||
44 | ############################# |
||
45 | 1 | sacha | |
46 | 9 | sacha | #-------------------------------------- |
47 | # Parameters to the script |
||
48 | # $1 DNS source file name |
||
49 | DNS_SOURCE=$1 |
||
50 | |||
51 | # $2 TLD name (com, org...) |
||
52 | tld=$2 |
||
53 | |||
54 | # line counter from the dns source file, nothing for auto-resuming |
||
55 | COUNT=$3 |
||
56 | #-------------------------------------- |
||
57 | |||
58 | # Number of parallel requests thruw dig |
||
59 | parallel=10 |
||
60 | |||
61 | # Colors |
||
62 | 4 | sacha | RED='\e[31m' |
63 | GREEN='\e[32m' |
||
64 | YELLOW='\e[33m' |
||
65 | NC='\033[0m' # No Color |
||
66 | |||
67 | DNS_SOURCE_BASENAME=`basename $DNS_SOURCE` |
||
68 | DIFF_LOG="$HOMEDIR/DNS_DIFF" |
||
69 | BLACKLIST_LOG="$HOMEDIR/DNS_BLACKLISTED" |
||
70 | |||
71 | lines=`wc -l $DNS_SOURCE|awk -F " " '{print $1}'` |
||
72 | countfile="$HOMEDIR/DNS_Count-$DNS_SOURCE_BASENAME" |
||
73 | |||
74 | DNS_ISP_LIST="$HOMEDIR/check-DNS_ISP_LIST" |
||
75 | |||
76 | DIG_FAST="+timeout=1 +tries=2" |
||
77 | DIG_SLOW="+timeout=5 +tries=3 " |
||
78 | 1 | sacha | |
79 | 4 | sacha | _check(){ |
80 | i=0 |
||
81 | url="" |
||
82 | while [ $i -lt $parallel ] |
||
83 | do |
||
84 | 1 | sacha | n=`expr $count + $i` |
85 | 4 | sacha | ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1` |
86 | url="$url @$ISP_DNS `awk -v n="${n}" 'NR==n {print;exit}' $DNS_SOURCE`.$tld" |
||
87 | i=`expr $i + 1` |
||
88 | done |
||
89 | } |
||
90 | |||
91 | #-------------------------------------- |
||
92 | 9 | sacha | if [ -z $COUNT ]; then |
93 | 4 | sacha | if [ -f $countfile ]; then |
94 | count=`cat $countfile` |
||
95 | else |
||
96 | count=0 |
||
97 | echo $count > $countfile |
||
98 | fi |
||
99 | 9 | sacha | else count=$COUNT |
100 | 4 | sacha | echo $count > $countfile |
101 | fi |
||
102 | #-------------------------------------- |
||
103 | |||
104 | while [ "$count" != "$lines" ]; do |
||
105 | echo $count > $countfile |
||
106 | _check |
||
107 | site="$url" |
||
108 | echo "-------------------------------------------------------------------------------" |
||
109 | echo "#$count `date +%Y%m%d-%H%M%S` SITE:$site" |
||
110 | nomentio=`dig +short @$DNS_MY $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` |
||
111 | mentio=`dig +short $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` |
||
112 | if [ -n "$nomentio" ] && [ -n "$mentio" ]; then |
||
113 | if [ "$nomentio" != "$mentio" ]; then |
||
114 | for i in $site; do |
||
115 | nomentio1=`dig +short $DIG_FAST @$DNS_MY $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` |
||
116 | ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1` |
||
117 | mentio1=`dig +short $DIG_FAST @$ISP_DNS $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` |
||
118 | if [ "$nomentio1" != "$mentio1" ]; then |
||
119 | if [ $mentio1 == "90.85.16.52" ]; then |
||
120 | echo -e "$RED! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC" |
||
121 | echo "! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $BLACKLIST_LOG |
||
122 | else |
||
123 | echo -e "$YELLOW> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1 $NC" |
||
124 | echo "> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1" >> $DIFF_LOG |
||
125 | fi |
||
126 | fi |
||
127 | done |
||
128 | else |
||
129 | echo -e "$GREEN=#$count SITE: $site $NC" |
||
130 | fi |
||
131 | fi |
||
132 | #echo "0 SITE: $count PUB: $nomentio PRIV: $mentio" |
||
133 | |||
134 | count=`expr $count + $parallel` |
||
135 | |||
136 | done |
||
137 | |||
138 | </pre> |
||
139 | |||
140 | h2. Test (valide au 14/06/18) |
||
141 | |||
142 | dig +short shahamat1.com |
||
143 | 5 | sacha | 90.85.16.52 |
144 | |||
145 | 1 | sacha | h2. Liste de serveurs DNS FAI Français |
146 | |||
147 | 7 | sacha | h3. Free - ASN12322 |
148 | 3 | sacha | |
149 | 1 | sacha | 212.27.40.240 |
150 | 212.27.40.241 |
||
151 | 212.27.40.244 |
||
152 | 212.27.40.245 |
||
153 | |||
154 | 7 | sacha | h3. Bouygues - ASN5410 |
155 | 3 | sacha | |
156 | 2 | sacha | 194.158.122.10 |
157 | 194.158.122.15 |
||
158 | 1 | sacha | |
159 | 7 | sacha | h3. SFR/Numericable - ASN5410 |
160 | 3 | sacha | |
161 | 1 | sacha | 89.2.0.1 |
162 | 89.2.0.2 |
||
163 | |||
164 | 7 | sacha | h3. Orange - ASN3215 |
165 | 3 | sacha | |
166 | 1 | sacha | 80.10.246.1 |
167 | 80.10.246.2 |
||
168 | 80.10.246.3 |
||
169 | 80.10.246.5 |
||
170 | 80.10.246.7 |
||
171 | 80.10.246.129 |
||
172 | 80.10.246.130 |
||
173 | 80.10.246.132 |
||
174 | 80.10.246.134 |
||
175 | 80.10.246.136 |
||
176 | 81.253.149.1 |
||
177 | 81.253.149.2 |
||
178 | 81.253.149.6 |
||
179 | 81.253.149.9 |
||
180 | 81.253.149.10 |
||
181 | |||
182 | 2 | sacha | h3. OBS (ouverts) |
183 | 3 | sacha | |
184 | 1 | sacha | 194.2.0.20 |
185 | 194.2.0.50 |
||
186 | 6 | sacha | |
187 | h2. Vigies de la neutralité |
||
188 | |||
189 | https://ooni.torproject.org |
||
190 | https://respectmynet.eu |
||
191 | 8 | sacha | |
192 | h2. Cadre légal |
||
193 | |||
194 | https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000801164&fastPos;=2&fastReqId;=606073666&categorieLien;=cid&oldAction;=rechTexte#LEGIARTI000029756525 |
||
195 | le décret https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=LEGITEXT000030315036&dateTexte;=20150305&categorieLien;=cid#LEGITEXT000030315036 |
||
196 | https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=JORFTEXT000030195477&dateTexte;=20180619 |