blacklist: skip over APNIC's ephemeral DNS nodes

parent cc98f98f
Pipeline #42750 failed with stage
in 1 minute and 8 seconds
......@@ -3,6 +3,11 @@ import dns
from dns.message import Message, from_wire
# dotnxdomain.net and dashnxdomain.net are used by APNIC for ephemeral
# single-query tests so there is no point in asking these repeatedly
_BLACKLIST_SUBDOMAINS = [dns.name.from_text(name) for name in
['dotnxdomain.net.', 'dashnxdomain.net.']]
def extract_packet(packet: bytes) -> Message:
"""
......@@ -30,10 +35,15 @@ def is_blacklisted(packet: bytes) -> bool:
flags = dns.flags.to_text(dnsmsg.flags).split()
if 'QR' in flags: # not a query
return True
dnspacket = dnsmsg.question[0]
if len(dnsmsg.question) != 1:
# weird but valid packet (maybe DNS Cookies)
return False
question = dnsmsg.question[0]
# there is not standard describing common behavior for ANY/RRSIG query
if dnspacket.rdtype in {dns.rdatatype.ANY, dns.rdatatype.RRSIG}:
if question.rdtype in {dns.rdatatype.ANY, dns.rdatatype.RRSIG}:
return True
return False
return any(question.name.is_subdomain(name)
for name in _BLACKLIST_SUBDOMAINS)
except Exception:
# weird stuff, it's better to test resolver with this as well!
return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment