Révision 8 - Historique - Mentiodns - Aquilenet - L'atelier d'Aquilenet

Mentiodns » Historique » Révision 8

Révision 7 (sacha, 17/06/2018 12:56) → Révision 8/59 (sacha, 19/06/2018 14:03)

h1. Mentiodns 

 Validation des DNS à partir d'une liste sur un unbound et un DNS grand FAI et comparaison des résultats ;) 

 h2. Noeud actifs 

 |_. Nom |_. Bloc | 
 | Mezzanine | domain_names.com_sortedad | 
 | Millicent | domain_names.com_sortedab | 
 | Sacha | domain_names.com_sortedaa | 
 | Taziden | domain_names.com_sortedac | 

 h2. Mentio 

 <pre> 
 #-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-# 
 #    MENTIODNS : Check for lying DNS (France)    # 
 #--------------------------------------------# 
 #    Version 1.2 - Round robin on DNS_ISP_LIST # 
 #                  For each request              # 
 #    Version 1.1 - Allow resume on basename      # 
 #    Version 1.0 - Parallel process with DIG     # 
 #--------------------------------------------# 
 # (c) Sacha at Aquilenet.fr part of FFDN.org # 
 #--------------------------------------------# 

 # This shity script intend to bruteforce the ISP lying DNS Servers to identify which one 
 # is going on Ministry of Interior Blocking page and compare the IP result from your favorite DNS server 
 # Use this script with the following paramters  
 # 1 - domain names file (file with list of domain names whithout the tld   
 # 2 - position number if it is not given the script will start at the begining 
 # If you relanch the script it will check if it has a counter for the given file to resume 
 # Blacklisted sites in $BLACKLIST_LOG file 
 # Diff ip from a domain name are in $DIFF_LOG  


 RED='\e[31m' 
 GREEN='\e[32m' 
 YELLOW='\e[33m' 
 NC='\033[0m' # No Color 

 DNS_SOURCE=$1 
 DNS_SOURCE_BASENAME=`basename $DNS_SOURCE` 
 tld="com" 
 HOMEDIR="/root/MENTIODNS" 
 DIFF_LOG="$HOMEDIR/DNS_DIFF" 
 BLACKLIST_LOG="$HOMEDIR/DNS_BLACKLISTED" 

 parallel=10 

 lines=`wc -l $DNS_SOURCE|awk -F " " '{print $1}'` 
 countfile="$HOMEDIR/DNS_Count-$DNS_SOURCE_BASENAME" 

 DNS_ISP_LIST="$HOMEDIR/check-DNS_ISP_LIST" 
 DNS_MY="10.11.12.254" 

 DIG_FAST="+timeout=1 +tries=2" 
 DIG_SLOW="+timeout=5 +tries=3 " 

 echo $DNS_ISP_LIST 
 cat $DNS_ISP_LIST 

 _check(){ 
 i=0 
 url="" 
 while [ $i -lt $parallel ] 
 do 
 n=`expr $count + $i` 
 ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1` 
 url="$url @$ISP_DNS `awk -v n="${n}" 'NR==n {print;exit}' $DNS_SOURCE`.$tld" 
 i=`expr $i + 1` 
 done 
 } 

 #-------------------------------------- 
 if [ -z $2 ]; then 
         if [ -f $countfile ]; then 
         count=`cat $countfile` 
         else 
         count=0 
         echo $count > $countfile 
         fi 
 else count=$2 
 echo $count > $countfile 
 fi 
 #-------------------------------------- 

 while [ "$count" != "$lines" ]; do 
 echo $count > $countfile 
 _check 
 site="$url" 
 echo "-------------------------------------------------------------------------------" 
 echo "#$count `date +%Y%m%d-%H%M%S` SITE:$site" 
 nomentio=`dig +short @$DNS_MY $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
 mentio=`dig +short $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
 if [ -n "$nomentio" ] && [ -n "$mentio" ]; then 
     if [ "$nomentio" != "$mentio" ]; then 
         for i in $site; do 
                 nomentio1=`dig +short $DIG_FAST @$DNS_MY $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
                 ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1` 
                 mentio1=`dig +short $DIG_FAST @$ISP_DNS $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
                         if [ "$nomentio1" != "$mentio1" ]; then 
                                 if [ $mentio1 == "90.85.16.52" ]; then 
                                         echo -e "$RED! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC" 
                                         echo "! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $BLACKLIST_LOG 
                                 else 
                                 echo -e "$YELLOW> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1 $NC" 
                                 echo "> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1" >> $DIFF_LOG 
                                 fi 
                         fi 
         done 
     else 
     echo -e "$GREEN=#$count    SITE: $site    $NC" 
     fi 
 fi 
 #echo "0 SITE: $count PUB: $nomentio PRIV: $mentio" 

 count=`expr $count + $parallel` 

 done 

 </pre> 

 h2. Test (valide au 14/06/18) 

  dig +short shahamat1.com 
  90.85.16.52 

 khilafah.net 

 h2. Liste de serveurs DNS FAI Français 

 h3. Free - ASN12322 

 212.27.40.240 
 212.27.40.241 
 212.27.40.244 
 212.27.40.245 

 h3. Bouygues - ASN5410 

 194.158.122.10 
 194.158.122.15 

 h3. SFR/Numericable - ASN5410 

 89.2.0.1 
 89.2.0.2 

 h3. Orange - ASN3215 

 80.10.246.1 
 80.10.246.2 
 80.10.246.3 
 80.10.246.5 
 80.10.246.7 
 80.10.246.129 
 80.10.246.130 
 80.10.246.132 
 80.10.246.134 
 80.10.246.136 
 81.253.149.1 
 81.253.149.2 
 81.253.149.6 
 81.253.149.9 
 81.253.149.10 

 h3. OBS (ouverts) 

 194.2.0.20 
 194.2.0.50 

 h2. Vigies de la neutralité 

 https://ooni.torproject.org 
 https://respectmynet.eu 

 h2. Cadre légal 

 https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000801164&fastPos;=2&fastReqId;=606073666&categorieLien;=cid&oldAction;=rechTexte#LEGIARTI000029756525         
 le décret https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=LEGITEXT000030315036&dateTexte;=20150305&categorieLien;=cid#LEGITEXT000030315036   
 https://www.legifrance.gouv.fr/affichTexte.do;jsessionid=FE6BFDED672BF1E2EFC5CA70705CF26E.tplgfr21s_3?cidTexte=JORFTEXT000030195477&dateTexte;=20180619

Projet

Général

Profil

Aquilenet

Mentiodns » Historique » Révision 8