Merge pull request #6 from claudex/dns

Use DNS list from http://public-dns.info/
pull/8/head
Alexandre Dulaunoy 2016-08-04 09:57:22 +02:00 committed by GitHub
commit 9d620dd7a5
5 changed files with 96348 additions and 35 deletions

View File

@ -14,7 +14,8 @@ are available in one of the list. The list can be globally enabled or disabled i
- [lists/google](lists/google) - known domains and hostnames from Google
- [lists/ipv6-linklocal](ipv6-linklocal) - IPv6 link local prefix
- [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks
- [lists/public-dns](lists/public-dns) - IP addresses of public DNS resolver
- [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver
- [lists/public-dns-v6](lists/public-dns-v6) - IPv6 addresses and reverse of public DNS resolver
- [lists/rfc1918](lists/rfc1918) - RFC 1918 network subnets
- [lists/rfc3849](lists/rfc3849) - RFC 3849 - Documentation prefix for ipv6
- [lists/rfc5735](lists/rfc5735) - RFC 5735 CIDR blocks - Special Use IPv4 Addresses

96093
lists/public-dns-v4/list.json Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,184 @@
{
"description": "Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set",
"list": [
"2001:1488:800:400::130",
"2001:1608:10:167:342::eb52",
"2001:1620:2777:1::10",
"2001:1620:2777:1::11",
"2001:1620:2777::2",
"2001:1a68::d911:2244",
"2001:1bc0::ffff:aaaa:2",
"2001:1bc0::ffff:bbbb:2",
"2001:2040:39::5",
"2001:418:3ff::1:53",
"2001:418:3ff::53",
"2001:41d0:8:be92::1",
"2001:428:101:100:205:171:2:65",
"2001:428:101:100:205:171:3:65",
"2001:428::1",
"2001:450:2005:1::4",
"2001:450:2005:2::4",
"2001:450:2005:2::5",
"2001:450:2005:3::5",
"2001:468:c80:2101:0:100:0:22",
"2001:468:c80:2101:0:100:0:22",
"2001:468:c80:4101:0:100:0:42",
"2001:468:c80:4101:0:100:0:42",
"2001:470:0:45::2",
"2001:470:0:69::2",
"2001:470:0:78::2",
"2001:470:0:7d::2",
"2001:470:0:8c::2",
"2001:470:0:c0::2",
"2001:470:20::2",
"2001:470:520a::1",
"2001:470:6c:521::2",
"2001:470:6d:521::1",
"2001:470:f032:1::254",
"2001:4860:4860::8844",
"2001:4860:4860::8888",
"2001:4870:6082:3::100",
"2001:4870:6082:3::5",
"2001:4870:8000:3::100",
"2001:4870:8000:3::5",
"2001:4ce8::53",
"2001:4dd0:fb32:3::d",
"2001:4dd0:fd5e::53",
"2001:4f8:0:2::14",
"2001:550:1:1::d",
"2001:5b8:1::5",
"2001:610:1108:5010::130",
"2001:638:902:1::10",
"2001:648:2ffc:100::211",
"2001:678:1::206",
"2001:67c:15e8:d1::18",
"2001:67c:15e8:d1::19",
"2001:67c:2b0::1",
"2001:67c:2b0::2",
"2001:67c:2b24:1000::10",
"2001:67c:2b24:1000::11",
"2001:6b0:3f::a",
"2001:750:2:3::51",
"2001:750:2:3::52",
"2001:7b8:1509::1",
"2001:840:0:200::1",
"2001:840:200::",
"2001:840:2010:413::100",
"2001:910:800::12",
"2001:910:800::40",
"2001:913::8",
"2001:978:1:1::d",
"2001:978:1:2::d",
"2001:b000:168::1",
"2001:b08:2:280::4:1",
"2001:bf0::2",
"2001:da8:202:10::37",
"2001:ec0:1::1",
"2001:ec0:3::3",
"2400:8900::f03c:91ff:fe70:c452",
"2407:9000:0:4::2",
"2600:3c00::20:b1ff",
"2600:3c02::f03c:91ff:fe84:cb54",
"2600::1",
"2600::2",
"2607:fa88:1::2",
"2610:130:100:3::200",
"2620:0:ccc::2",
"2620:0:ccd::2",
"2800:960:0:12:201:217:1:231",
"2a00-1508-0-4--9.puntcat.ip6.guifi.net.",
"2a00:1508:0:4::9",
"2a00:5881:8100:1000::3",
"2a00:dcc0:eda:88:245:71:858e:a15",
"2a01:4f8:161:4109::6",
"2a01:4f8:191:306c::2",
"2a02:180:1:1::517:1045",
"2a02:2178:1:2::2",
"2a02:6b8::feed:ff",
"2a02:940:0:4293::100",
"2a03:4000:6:510b::1",
"2a03:b0c0:3:d0::7c:5001",
"McRip-5-pt.tunnel.tserv26.ber1.ipv6.he.net.",
"canopus.ne2000.nl.",
"copaco-public-resolver-ipv6-b.copaco.com.py.",
"cznic-public-dns-1.nic.cz.",
"dlfw-rdns-01.dlfw.twtelecom.net.",
"dns.cesidianroot.eu.",
"dns.yandex.ru.",
"dns1.host.net.",
"dns1.lon.gblx.net.",
"dns1.phx.gblx.net.",
"dns1.totbb.net.",
"dns2.phx.gblx.net.",
"dns2.roc.gblx.net.",
"dns2.totbb.net.",
"dnsres1.nic.cz.",
"dnvr-rdns-01.dnvr.twtelecom.net.",
"emma.robingroppe.de.",
"eu-res1.dns.cogentco.com.",
"eu-res2.dns.cogentco.com.",
"freya.stelas.de.",
"google-public-dns-a.google.com.",
"google-public-dns-b.google.com.",
"hntp1.hinet.net.",
"homens.b-hs.de.",
"jeru.cns.ipv6.vt.edu.",
"jeru.cns.ipv6.vt.edu.",
"leia.fdn.org.",
"lpc1.stu.neva.ru.",
"mnt1.eutelia.it.",
"mnt2.eutelia.it.",
"na-res1.dns.cogentco.com.",
"ns-3.iastate.edu.",
"ns.ipv6.uni-leipzig.de.",
"ns0.ldn-fai.net.",
"ns1.fdn.org.",
"ns1.init7.net.",
"ns1.probe-networks.de.",
"ns1.sprintlink.net.",
"ns1.twtelecom.net.",
"ns10.init7.net.",
"ns11.init7.net.",
"ns2.all.de.",
"ns2.itandtel.at.",
"ns2.powertech.no.",
"ns2.powertech.no.",
"ns2.probe-networks.de.",
"ns2.sprintlink.net.",
"ns2.twtelecom.net.",
"or.isc.org.",
"ordns.he.net.",
"public-dns-a.primawebtools.de.",
"public-dns-c.ipv6.primawebtools.de.",
"recursif.arn-fai.net.",
"resolver.qwest.net.",
"resolver1.dns.trex.fi.",
"resolver1.ipv6-sandbox.opendns.com.",
"resolver2.dns.trex.fi.",
"resolver2.ipv6-sandbox.opendns.com.",
"rickhunter.ns.ielo.net.",
"rns1.grnet.gr.",
"services.donotuse.de.",
"tserv1.ams1.he.net.",
"tserv1.dal1.he.net.",
"tserv1.fmt2.he.net.",
"tserv1.fra1.he.net.",
"tserv1.mia1.he.net.",
"tserv1.tor1.he.net.",
"tungsten.gparent.org.",
"voip.zee.li.",
"www.cesidianroot.eu.",
"x.ns.gin.ntt.net.",
"y.ns.gin.ntt.net.",
"yardbird.cns.ipv6.vt.edu.",
"yardbird.cns.ipv6.vt.edu.",
"zen.stack.nl."
],
"matching_attribute": [
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known IPv6 public DNS resolvers",
"version": "20160803"
}

View File

@ -1,34 +0,0 @@
{
"name": "List of known public DNS resolvers",
"version": 3,
"description": "Event contains one or more public DNS resolvers as attribute with an IDS flag set",
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"list": [
"8.8.8.8",
"8.8.4.4",
"208.67.222.222",
"208.67.220.220",
"195.46.39.39",
"195.46.39.40",
"4.2.2.4",
"209.244.0.3",
"209.244.0.4",
"64.6.64.6",
"64.6.65.6",
"84.200.69.80",
"84.200.70.40",
"8.26.56.26",
"8.20.247.20",
"156.154.70.1",
"156.154.71.1",
"199.85.126.10",
"199.85.127.10",
"81.218.119.11",
"209.88.198.133"
]
}

69
tools/generate-publicdns.py Executable file
View File

@ -0,0 +1,69 @@
#!/usr/bin/env python3
import csv
import datetime
import logging
import ipaddress
import json
import os
import requests
servers_url = 'http://public-dns.info/nameservers.csv'
csv_path = 'nameservers.csv'
dns4_path = 'list4.json'
dns6_path = 'list6.json'
if os.path.isfile(csv_path):
logging.warning('Not erasing local csv file')
else:
req = requests.get(servers_url)
with open(csv_path, 'wb') as fd:
for chunk in req.iter_content(4096):
fd.write(chunk)
ip4_list = []
ip6_list = []
with open(csv_path) as csv_file:
servers_list = csv.reader(csv_file, delimiter=',', quotechar='"')
for row in servers_list:
if row[5] == '':
try:
ip = ipaddress.ip_address(row[0])
if ip.version == 4:
list = ip4_list
else:
list = ip6_list
list.append(ip.compressed)
if len(row[1]) > 0 and row[1] != '.':
list.append(row[1])
except ValueError as exc:
logging.warning(str(exc))
version = datetime.datetime.now().strftime('%Y%m%d')
out4_list = {}
out4_list['name'] = 'List of known IPv4 public DNS resolvers'
out4_list['version'] = version
out4_list['description'] = 'Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set'
out4_list['matching_attribute'] = [ 'ip-src', 'ip-dst', 'domain|ip' ]
out4_list['list'] = sorted(ip4_list)
out6_list = {}
out6_list['name'] = 'List of known IPv6 public DNS resolvers'
out6_list['version'] = version
out6_list['description'] = 'Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set'
out6_list['matching_attribute'] = [ 'ip-src', 'ip-dst', 'domain|ip' ]
out6_list['list'] = sorted(ip6_list)
#print(json.dumps(out4_list, indent=True))
with open(dns4_path, 'w') as dns4_file:
dns4_file.write(json.dumps(out4_list, indent=4, sort_keys=True))
with open(dns6_path, 'w') as dns6_file:
dns6_file.write(json.dumps(out6_list, indent=4, sort_keys=True))