Projet

Général

Profil

Mentiodns » Historique » Version 13

sacha, 25/06/2018 17:41

1 1 sacha
h1. Mentiodns
2
3
Validation des DNS à partir d'une liste sur un unbound et un DNS grand FAI et comparaison des résultats ;)
4
5 4 sacha
h2. Noeud actifs
6
7
|_. Nom |_. Bloc |
8
| Mezzanine | domain_names.com_sortedad |
9
| Millicent | domain_names.com_sortedab |
10 9 sacha
| Sacha | domain_names.org_sortedaa |
11
| Sacha | domain_names.org_sortedab |
12
| Sacha | domain_names.org_sortedab |
13 10 sacha
| Sacha | domain_names.org_sortedac |
14
| Sacha | domain_names.org_sortedac |
15 4 sacha
| Taziden | domain_names.com_sortedac |
16
17
h2. Mentio
18
19
<pre>
20
#-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-#
21
#  MENTIODNS : Check for lying DNS (France)  #
22
#--------------------------------------------#
23 13 sacha
#  Version 1.6 - conf file                   # 
24
#  Version 1.5 - test Dig resolving          #
25
#  Version 1.4 - Socat SSL sending results   # 
26
#  Version 1.3 - tld optioN                  #
27 1 sacha
#  Version 1.2 - Round robin on DNS_ISP_LIST #
28 13 sacha
#		 For each request	     #
29 4 sacha
#  Version 1.1 - Allow resume on basename    #
30
#  Version 1.0 - Parallel process with DIG   #
31
#--------------------------------------------#
32 1 sacha
# (c) Sacha at Aquilenet.fr part of FFDN.org #
33
#--------------------------------------------#
34
35
# This shity script intend to bruteforce the ISP lying DNS Servers to identify which one
36 9 sacha
# is going on Ministry of Interior Blocking page and compare the IP result from your favorite DNS server
37 13 sacha
# Use this script with the following paramters 
38
# 1 - domain names file (file with list of domain names whithout the tld  
39 9 sacha
# 2 - position number if it is not given the script will start at the begining
40 1 sacha
# If you relanch the script it will check if it has a counter for the given file to resume
41
# Blacklisted sites in $BLACKLIST_LOG file
42 13 sacha
# Diff ip from a domain name are in $DIFF_LOG 
43 1 sacha
44 13 sacha
# 1st launch creating config file
45
46
# Parameters:
47
# $1 MODE: client server local
48
# $2 File source: list of domain names whithout tld
49
# $3 tld: com, org, ... 
50
# $4 count number (if none from zero or from count file based on file name)
51
52 1 sacha
#############################
53 13 sacha
HOMEDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
54
MENTIOCONF="$HOMEDIR/mentio.conf"
55
# Number of parallel requests thruw dig
56
parallel=10
57 1 sacha
#############################
58
59
#--------------------------------------
60 13 sacha
### CHECK CONFIG
61
if [ ! -f $MENTIOCONF ]; then
62
echo "=================================================================="
63
echo "MENTIODNS"
64
echo "------------------------------------------------------------------" 
65
echo "1st time configuring"
66
echo -n "IP UNBOUND ? "
67
read DNS_MY
68 1 sacha
69 13 sacha
echo 'HOMEDIR="'$HOMEDIR'"' > $MENTIOCONF
70
echo 'DNS_MY="'$DNS_MY'"' >> $MENTIOCONF
71
IP_PUB=`curl ifconfig.io`
72
ASN=`whois -h whois.cymru.com $IP_PUB |cut -d' ' -f1|sed -n "2p"`
73
DNS_LIST="$HOMEDIR/mentio-DNS_ISP_LIST"
74
DNS_ISP_LIST=`grep $ASN $DNS_LIST|cut -d' ' -f3-`
75
echo 'DNS_ISP_LIST="'$DNS_ISP_LIST'"' >> $MENTIOCONF
76
echo "------------------------------------------------------------------"
77
echo " CONFIGURATION FILE:"
78
echo " please check and relaunch"
79
echo "------------------------------------------------------------------"
80
cat $MENTIOCONF
81
echo "------------------------------------------------------------------"
82
exit 1
83
fi
84 1 sacha
85 13 sacha
### Get parameters from config file
86
source $MENTIOCONF
87
88
#-------------------------------------
89
### PARAMETERS to execute the script
90
# Mode Log export with socat "client" "server" "local"
91
MODE=$1
92
# $2 DNS source file name
93
DNS_SOURCE=$2
94
# $3 TLD name (com, org...)
95
tld=$3
96 1 sacha
# line counter from the dns source file, nothing for auto-resuming
97 13 sacha
COUNT=$4
98 4 sacha
99 13 sacha
if [ $MODE == "server" ]; then
100
socat -v -u openssl-listen:65522,fork,reuseaddr,cert=mentio_ssl-server.pem,cafile=mentio_ssl-client.crt OPEN:$HOMEDIR/DNS_DIFF,creat,append 
101
exit 1
102
fi
103
 
104
#--------------------------------------
105
### SOCAT
106
SERVER="10.11.12.22:65522"
107
SENDSOCAT="socat stdio openssl-connect:$SERVER,verify=0,cert=$HOMEDIR/mentio_ssl-client.pem,cafile=$HOMEDIR/mentio_ssl-server.crt"
108
#--------------------------------------
109
### COLORS 
110 1 sacha
RED='\e[31m'
111
GREEN='\e[32m'
112
YELLOW='\e[33m'
113 13 sacha
GRAY='\e[90m'
114 1 sacha
NC='\033[0m' # No Color
115 13 sacha
#--------------------------------------
116 4 sacha
DNS_SOURCE_BASENAME=`basename $DNS_SOURCE`
117
DIFF_LOG="$HOMEDIR/DNS_DIFF"
118
BLACKLIST_LOG="$HOMEDIR/DNS_BLACKLISTED"
119 1 sacha
lines=`wc -l $DNS_SOURCE|awk -F " " '{print $1}'`
120
countfile="$HOMEDIR/DNS_Count-$DNS_SOURCE_BASENAME"
121 13 sacha
dateus=`date +%Y%m%d-%H%M%S`
122
#--------------------------------------
123
DIG_FAST="+nodnssec +short +timeout=1 +tries=2"
124
DIG_SLOW="+nodnssec +short +timeout=5 +tries=3 "
125
#--------------------------------------
126 1 sacha
127
_check(){
128
i=0
129
url=""
130
while [ $i -lt $parallel ]
131
do
132
n=`expr $count + $i`
133 13 sacha
ISP_DNS=`echo $DNS_ISP_LIST | xargs -n 1| sort -R | head -n 1`
134 1 sacha
url="$url @$ISP_DNS `awk -v n="${n}" 'NR==n {print;exit}' $DNS_SOURCE`.$tld"
135
i=`expr $i + 1`
136
done
137
}
138
139 13 sacha
140 1 sacha
#--------------------------------------
141
if [ -z $COUNT ]; then
142 13 sacha
	if [ -f $countfile ]; then
143
	count=`cat $countfile`
144
	else
145
	count=0
146
	echo $count > $countfile
147
	fi
148 4 sacha
else count=$COUNT
149
echo $count > $countfile
150
fi
151
#--------------------------------------
152
153
while [ "$count" != "$lines" ]; do
154
echo $count > $countfile
155
_check
156
site="$url"
157
echo "-------------------------------------------------------------------------------"
158 13 sacha
echo "#$count $dateus SITE:$site"
159
if nomentio=`dig @$DNS_MY $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$nomentio" ]; then
160
	echo -e "$GRAY Unknown zone $site $NC" 
161
fi
162
if mentio=`dig $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$mentio" ]; then
163
	echo -e "$GRAY Unknown zone $site $NC"
164
fi
165
166 4 sacha
if [ -n "$nomentio" ] && [ -n "$mentio" ]; then
167
    if [ "$nomentio" != "$mentio" ]; then
168 13 sacha
	for i in $site; do
169
		if nomentio1=`dig $DIG_FAST @$DNS_MY $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$nomentio1" ]; then
170
			echo -e "$GRAY Unknown zone $i $NC"
171
		fi
172
		ISP_DNS=`echo $DNS_ISP_LIST | xargs -n 1| sort -R | head -n 1`
173
		if mentio1=`dig $DIG_FAST @$ISP_DNS $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` && [ -z "$mentio1" ]; then
174
			echo -e "$GRAY Unknown zone $i $NC"
175
		fi
176
			if [ "$nomentio1" != "$mentio1" ]; then
177
        			if [[ $mentio1 == 90.85.* ]]; then
178
		                        if [ $MODE == "client" ]; then
179
                		        	echo "!!! $dateus `hostname` SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC" | $SENDSOCAT
180
                        		fi
181
					echo -e "$RED !!! $dateus SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC"
182
					echo "!!! $dateus SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $BLACKLIST_LOG
183
				else
184
                        			if [ $MODE == "client" ]; then
185
                        				echo ">>> $dateus `hostname` SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" | $SENDSOCAT
186
                        			fi                   
187
					echo -e "$YELLOW >>> SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC"
188
					echo ">>> $dateus SITE:$i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $DIFF_LOG
189
				fi
190
			fi
191
	done
192 1 sacha
    else
193 13 sacha
    echo -e "$GREEN#$count  SITE:$site  $NC"
194 3 sacha
    fi
195 1 sacha
fi
196
197
count=`expr $count + $parallel`
198
199
done
200 7 sacha
</pre>
201 3 sacha
202 2 sacha
h2. Test (valide au 14/06/18)
203
204 1 sacha
 dig +short shahamat1.com
205 7 sacha
 90.85.16.52
206 3 sacha
207 1 sacha
h2. Liste de serveurs DNS FAI Français
208
209
h3. Free - ASN12322
210 11 sacha
211 12 sacha
212.27.40.240
212 11 sacha
212.27.40.241
213
212.27.40.244
214
212.27.40.245
215 7 sacha
216 3 sacha
h3. Bouygues - ASN5410
217 1 sacha
218
194.158.122.10
219
194.158.122.15
220
221
h3. SFR/Numericable - ASN5410
222
223
89.2.0.1
224
89.2.0.2
225
226
h3. SFR - ASN15557
227
228
109.0.66.10
229
109.0.66.20
230
231
h3. Orange - ASN3215
232
233 2 sacha
80.10.246.1
234 3 sacha
80.10.246.2
235 1 sacha
80.10.246.3
236
80.10.246.5
237 6 sacha
80.10.246.7
238
80.10.246.129
239
80.10.246.130
240
80.10.246.132
241
80.10.246.134
242 8 sacha
80.10.246.136
243
81.253.149.1
244
81.253.149.2
245
81.253.149.6
246 1 sacha
81.253.149.9
247 11 sacha
81.253.149.10
248 1 sacha
249
h3. OBS (ouverts)
250
251
194.2.0.20
252
194.2.0.50
253
254
h2. Vigies de la neutralité
255
256
https://ooni.torproject.org
257
https://respectmynet.eu
258
259
h2. Cadre légal
260
261
https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000801164&fastPos;=2&fastReqId;=606073666&categorieLien;=cid&oldAction;=rechTexte#LEGIARTI000029756525        
262
le décret https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=LEGITEXT000030315036&dateTexte;=20150305&categorieLien;=cid#LEGITEXT000030315036  
263
https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=JORFTEXT000030195477&dateTexte;=20180619