Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

tldwild - display TLDs that employ DNS wildcards

by grinder (Bishop)
on Jan 05, 2005 at 09:10 UTC ( #419551=CUFP: print w/ replies, xml ) Need Help??

Top level domains (TLDs) that use wildcards are bad. Or rather, some people consider it poor form. Other people think it's ok. If you think it's bad, the following script will print out the wildcard addresses of all the TLDs that currently employ wildcards.

For instance, try looking up the addresses of the following hosts (at the time of writing, the .museum TLD uses wildcards):

% host grinder.museum grinder.museum has address 195.7.77.20 % host perlmonks.museum perlmonks.museum has address 195.7.77.20

(And I can assure you that these sites do not exists). If you want to know which TLDs use the above trickery, then the following script is for you.

Note: you will need to install Net::DNS and Net::Domain::TLD beforehand.

#! /usr/local/bin/perl -w use strict; use vars '$VERSION'; $VERSION = '1.00'; use Net::DNS; use Net::Domain::TLD; use Socket 'inet_ntoa'; # the script takes a long time to run: set to 1 if you # want to see what is happening. use constant VERBOSE => 0; # look for 4 bogus hostnames (pray they don't really exist) my @bogus = ( join( '' => map { ('a'..'z', 0..9)[rand 36] } 1..24 ), join( '' => map { ('a'..'z', 0..9)[rand 36] } 1..24 ), join( '' => map { ('a'..'z', 0..9)[rand 36] } 1..24 ), join( '' => map { ('a'..'z', 0..9)[rand 36] } 1..24 ), ); my $resolv = Net::DNS::Resolver->new; for my $tld ( sort Net::Domain::TLD->new->All ) { warn ".$tld\n" if VERBOSE; my %ip; for my $dom ( @bogus) { my $host = "$dom.$tld"; if( my $addr = gethostbyname( $host )) { # got an IP address on a hostname $ip{inet_ntoa($addr)}++; } } # skip the rest if all we received were NXDOMAINs. next unless keys %ip; # see the nature of their sins my $domain = "$bogus[0].$tld"; if( my $rr = $resolv->query( $domain, 'MX' )) { for my $mx( $rr->answer ) { next unless $mx->type eq 'MX'; my @addr = get_a( $resolv, $mx->exchange ); @addr or @addr = get_a( $resolv, $domain ); print ".$tld $_\n" for @addr; } } else { # no MX records for the host, try A records. print ".$tld $_\n" for get_a($resolv, $domain); } } sub get_a { my $resolv = shift; my $rec = shift; my @rr; if( my $rr = $resolv->query( $rec, 'A' )) { $_->type eq 'A' and push @rr, $_->address for $rr->answer; } @rr; } =head1 NAME tldwild - list all DNS TLDs that employ wildcards =head1 SYNOPSIS B<tldwild> No command line options are recognised. =head1 DESCRIPTION In the Domain Name System, a query for a host name that does not map to an IP address should return an NXDOMAIN (no such domain) error. Sometimes, within an organisation, it is useful to declare "wildcard" records, in order to map an arbitrary number of host names onto a single server. Some organisations that manage top-level domains (TLDs) also employ such records in an attempt to guide web users who type addresses incorrectly to a single web page where they may find help. (This was the basis of the 2003 Verisign .com/.net wildcard scandal). For small TLDs, this was never much of a problem, but the times they are a-changing. If a spammer uses a sender envelope and HELO connect strings based on inexistent hostnames in these smaller TLDs, and if you perform a lookup on these addresses, they will resolve correctly. The information produced by this script allows you to make better decisions as to whether an address is legitimate or not. This is version 1.00. =head1 EXAMPLES Piping the output of this script through the following one-liner: perl -lane 'print "$F[1]\tREJECT .$F[0] MX wildcard"' ...will produce a Postfix access map suitable for a C<check_sender_mx_access> restriction. Recipes for other MTAs are welcome. =head1 SEE ALSO This script uses code that is documented in L<Net::DNS> and L<Net::Domain::TLD>. RFC 974 - Mail routing and the domain system RFC 1035 - Domain names - implementation and specification =head1 BUGS The script does not deal with MX records that return numeric IP addresses (but this is a violation of the RFC standard anyway, and no TLD appears to do so at present). =head1 AUTHOR David Landgren, eval {join chr(0x40) => qw{david landgren.net}} =head1 COPYRIGHT Copyright (c) 2005 David Landgren. This script is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

At the time of writing, the script produced the following output:

.cx 203.119.12.43 .mp 66.135.225.102 .museum 195.7.77.20 .nu 69.25.75.72 .nu 212.181.91.6 .ph 203.119.4.6 .pw 69.20.6.147 .tk 195.20.32.77 .tk 195.20.32.78 .ws 216.35.187.251

- another intruder with the mooring in the heart of the Perl

Comment on tldwild - display TLDs that employ DNS wildcards
Select or Download Code
Re: tldwild - display TLDs that employ DNS wildcards
by huguei (Scribe) on Mar 24, 2006 at 18:36 UTC
    It seems that Net::Domain::TLD has changed its API. The Net::Domain::TLD->new->All line throws an error. I solved it replacing that line by:
    my my @all_tlds = Net::Domain::TLD::tlds; for my $tld ( sort @all_tlds ) {
    And the output at the time of writing is:
    .cd 66.113.70.101
    .mp 66.135.225.102
    .museum 195.7.77.20
    .nu 62.4.64.119
    .nu 69.25.75.72
    .nu 212.181.91.6
    .ph 203.167.64.64
    .pw 69.20.61.189
    .so 127.0.0.3
    .st 195.178.186.40
    .tk 195.20.32.77
    .tk 195.20.32.78
    .vg 66.113.70.101
    .ws 216.35.187.251
    Hugo
      Greetings,
      @huguei thanks for the API update.
      For the record, the update @ line 24 should read:
      my @all_tlds = Net::Domain::TLD::tlds; for my $tld ( sort @all_tlds ) {

      Please note the extra my at the beginning of yours. :)
      Here's the listing my run returned:
      .kr 222.231.8.226 .mp 65.99.230.31 .ph 203.119.6.168 .st 94.254.0.40 .sy 91.144.20.76 .tk 71.6.218.116 .tk 209.126.220.134 .tk 216.75.44.103 .tk 71.6.218.118 .tk 71.6.218.113 .tk 66.240.232.110 .tk 216.75.55.110 .to 208.73.210.178 .ws 64.70.19.33

      hoowee! will 'ya look at all those .tk entries!
      For those running Sendmail, it may be of interest to note, that opening your access file and entering the following, will send an informative bounce message to any addresses returned by this script, that you choose to add to it. For example, using the ones above, might look like this:
      222.231.8.226: ERROR:"550 BOGUS MX DETECTED!" 65.99.230.31: ERROR:"550 BOGUS MX DETECTED!" 203.119.6.168: ERROR:"550 BOGUS MX DETECTED!" 94.254.0.40: ERROR:"550 BOGUS MX DETECTED!" 91.144.20.76: ERROR:"550 BOGUS MX DETECTED!" 71.6.218.116: ERROR:"550 BOGUS MX DETECTED!" 209.126.220.134: ERROR:"550 BOGUS MX DETECTED!" 216.75.44.103: ERROR:"550 BOGUS MX DETECTED!" 71.6.218.118: ERROR:"550 BOGUS MX DETECTED!" 71.6.218.113: ERROR:"550 BOGUS MX DETECTED!" 208.73.210.178: ERROR:"550 BOGUS MX DETECTED!" 64.70.19.33: ERROR:"550 BOGUS MX DETECTED!"

      If you're fortunate enough to be running a *BSD boxen,
      assuming you're already in /etc/mail
      run
      # make aliases.db
      Done! :)
      Thanks @grinder for this great script!
      --Chris
      #!/usr/bin/perl -Tw
      use perl::always;
      my $perl_version = "5.12.4";
      print $perl_version;
Re: tldwild - display TLDs that employ DNS wildcards
by Anonymous Monk on Mar 19, 2007 at 13:53 UTC
    .ac 216.117.170.115
    .cg 64.22.91.27
    .cm 72.51.27.58
    .mp 72.249.38.50
    .museum 195.7.77.20
    .ni 165.98.1.2
    .nu 212.181.91.6
    .nu 62.4.64.119
    .nu 69.25.75.72
    .ph 72.51.36.133
    .pw 69.20.61.189
    .rw 64.22.91.27
    .st 195.178.186.40
    .tk 195.20.32.78
    .tk 195.20.32.77
    .tm 216.117.170.115
    .vg 66.113.70.101
    .ws 64.70.19.33

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: CUFP [id://419551]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (11)
As of 2014-08-01 09:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (257 votes), past polls