Reputation: 687
Detecting orphaned subdomain using dnspython
I am trying to figure out how I can utilize dnspython to detect orphaned subdomains. To explain this problem, let us consider an example scenario:
A company DNStest owns the domain example.com
Now the blog team and HR team at the company DNStest want to perform subdomain delegation for their subdomains.
The blog team would create blog.example.com and HR team would create hr.example.com hosted zone records in aws route 53 (or could be any other provider)
As a result, the teams get authoritative nameserver records which they send to the DNS team in company DNStest that owns the domain example.com so they can perform subdomain delegation.
After successful subdomain delegation, blog team and HR team are all set to host their services under the subdomains blog.example.com and hr.example.com
At one point, after 6 months let us say the blog team decides to shut down their service. In this case, the DNS team has no way of finding out the blog team has shut down their service and we have to clean up the orphaned records.
I am playing around with the dnspython module
import dns.resolver
def get_records(domain):
try:
answers = dns.resolver.query(domain, 'NS')
for ns in answers:
print(ns)
except Exception as e:
print(e)
if __name__ == '__main__':
get_records('blog.example.com')
print('---------------------------')
get_records('hr.example.com')
the above code helps me to gather the name server records but I am trying to figure out
How I can list blog.example.com as an orphaned subdomain
If a random user creates blog.example.com he/she would also get 4 nameserver records but they are not the authoritative name server records so I want to know how I can use dnspython to list the nonauthoritative name server records....
I read the docs for dnspython but did not find any hints yet. If there are different packages out there, please suggest me the names. I am open to experimenting with them as well.
Thanks!
EDIT In response to the comment below by Patrick: you need to contact the authoritative nameservers and ask them for the delegation and then ask the delegated authoritative nameservers.
I tried the following
import dns.resolver
def get_auth_ns(domain):
resolver = dns.resolver.Resolver(configure=False)
resolver.timeout = 5
# Query google name server
ns = '8.8.8.8'
resolver.nameservers = [ns]
try:
name_server_records = resolver.query(domain, 'NS')
return domain + " : ", [name_server_record.to_text() for
name_server_record in name_server_records]
except Exception as e:
print(e)
auth_name_servers = get_auth_ns('blog.example.com')
I see All nameservers failed to answer the query blog.example.com IN NS: Server 8.8.8.8 UDP port 53 answered SERVFAIL
Upvotes: 4
Views: 787
Answers (0)
Related Questions
- How can I create a subdomain in AWS Route53 when the parent domain is also configured in Route53?
- Finding primary domain using Python
- AWS Python SDK | Route 53 - delete resource record
- Check whether domain is registered
- how to print domain name for route53 DNS
- Managing only a subdomain in Route53
- How can I check if a domain/subdomain has a specific A record?
- Boto Route53 or Area53 - How to add multiple ipaddress to a subdomain
- Python: how to distinguish unavailable DNS server from non-existing address
- Subdomains on AWS