4

I am trying to figure out how I can utilize dnspython to detect orphaned subdomains. To explain this problem, let us consider an example scenario:

A company DNStest owns the domain example.com

Now the blog team and HR team at the company DNStest want to perform subdomain delegation for their subdomains.

The blog team would create blog.example.com and HR team would create hr.example.com hosted zone records in aws route 53 (or could be any other provider)

As a result, the teams get authoritative nameserver records which they send to the DNS team in company DNStest that owns the domain example.com so they can perform subdomain delegation.

After successful subdomain delegation, blog team and HR team are all set to host their services under the subdomains blog.example.com and hr.example.com

At one point, after 6 months let us say the blog team decides to shut down their service. In this case, the DNS team has no way of finding out the blog team has shut down their service and we have to clean up the orphaned records.

I am playing around with the dnspython module

import dns.resolver

def get_records(domain):

    try:
        answers = dns.resolver.query(domain, 'NS')
        for ns in answers:
            print(ns)

    except Exception as e:
        print(e)

if __name__ == '__main__':
    get_records('blog.example.com') 
    print('---------------------------')
    get_records('hr.example.com')

the above code helps me to gather the name server records but I am trying to figure out

  1. How I can list blog.example.com as an orphaned subdomain

  2. If a random user creates blog.example.com he/she would also get 4 nameserver records but they are not the authoritative name server records so I want to know how I can use dnspython to list the nonauthoritative name server records....

I read the docs for dnspython but did not find any hints yet. If there are different packages out there, please suggest me the names. I am open to experimenting with them as well.

Thanks!

EDIT In response to the comment below by Patrick: you need to contact the authoritative nameservers and ask them for the delegation and then ask the delegated authoritative nameservers.

I tried the following 

import dns.resolver

def get_auth_ns(domain):
    resolver = dns.resolver.Resolver(configure=False)
    resolver.timeout = 5
    # Query google name server
    ns = '8.8.8.8'
    resolver.nameservers = [ns]

    try:
       name_server_records = resolver.query(domain, 'NS')
       return domain + " : ", [name_server_record.to_text() for 
       name_server_record in name_server_records]
    except Exception as e:
       print(e)


 auth_name_servers = get_auth_ns('blog.example.com')

I see All nameservers failed to answer the query blog.example.com IN NS: Server 8.8.8.8 UDP port 53 answered SERVFAIL

InquisitiveGirl
  • 667
  • 3
  • 12
  • 31
  • I am not sure to have understood your question (and please obfuscate using RFC2606 which means using `example.com` as name) but anyway you need to contact the authoritative nameservers and ask them for the delegation and then ask the delegated authoritative nameservers. If those do not reply properly then the delegation at parent should be fixed, as you have a case of lame delegation. – Patrick Mevzek Dec 27 '19 at 09:30
  • Hey @PatrickMevzek I tried to find the authoritative name servers for an orphaned subdomain but it doesn't seem to work - please see the edits. – InquisitiveGirl Dec 31 '19 at 18:11
  • @InquisitiveGirl Are you asking this as if you are the blog team? And what exactly happens when "the blog team decides to shut down their service"? – kimbo Feb 29 '20 at 07:15
  • Asking the authoritative nameservers mean to start from the root. In your edit you contact a recursive nameserver to get NS records so you get the values on the child part of the delegation, which is not what you want. – Patrick Mevzek Mar 28 '20 at 21:24

0 Answers0