opendns-dnsdb 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +18 -0
- data/.rspec +4 -0
- data/Gemfile +8 -0
- data/LICENSE +20 -0
- data/README.md +64 -0
- data/Rakefile +6 -0
- data/THANKS +1 -0
- data/docs/Makefile +177 -0
- data/docs/_themes/LICENSE +45 -0
- data/docs/_themes/README.rst +25 -0
- data/docs/_themes/flask_theme_support.py +86 -0
- data/docs/_themes/kr/layout.html +32 -0
- data/docs/_themes/kr/relations.html +19 -0
- data/docs/_themes/kr/static/flasky.css_t +469 -0
- data/docs/_themes/kr/static/small_flask.css +70 -0
- data/docs/_themes/kr/theme.conf +7 -0
- data/docs/_themes/kr_small/layout.html +22 -0
- data/docs/_themes/kr_small/static/flasky.css_t +287 -0
- data/docs/_themes/kr_small/theme.conf +10 -0
- data/docs/conf.py +261 -0
- data/docs/index.rst +101 -0
- data/docs/make.bat +242 -0
- data/docs/operations/by_ip.rst +229 -0
- data/docs/operations/by_name.rst +256 -0
- data/docs/operations/label.rst +217 -0
- data/docs/operations/related.rst +127 -0
- data/docs/operations/traffic.rst +126 -0
- data/lib/opendns-dnsdb.rb +5 -0
- data/lib/opendns-dnsdb/dnsdb.rb +58 -0
- data/lib/opendns-dnsdb/dnsdb/by_ip.rb +69 -0
- data/lib/opendns-dnsdb/dnsdb/by_name.rb +93 -0
- data/lib/opendns-dnsdb/dnsdb/label.rb +105 -0
- data/lib/opendns-dnsdb/dnsdb/related.rb +92 -0
- data/lib/opendns-dnsdb/dnsdb/response.rb +41 -0
- data/lib/opendns-dnsdb/dnsdb/rrutils.rb +11 -0
- data/lib/opendns-dnsdb/dnsdb/siphash.rb +94 -0
- data/lib/opendns-dnsdb/dnsdb/traffic.rb +80 -0
- data/lib/opendns-dnsdb/version.rb +5 -0
- data/opendns-dnsdb.gemspec +20 -0
- data/spec/by_ip_spec.rb +54 -0
- data/spec/by_name_spec.rb +88 -0
- data/spec/label_spec.rb +88 -0
- data/spec/related_spec.rb +92 -0
- data/spec/spec_helper.rb +5 -0
- data/spec/traffic_spec.rb +36 -0
- metadata +123 -0
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
Getting information out of a name
|
|
2
|
+
=================================
|
|
3
|
+
|
|
4
|
+
Getting the nameserver IP addresses for a name
|
|
5
|
+
----------------------------------------------
|
|
6
|
+
|
|
7
|
+
.. code-block:: ruby
|
|
8
|
+
|
|
9
|
+
db.nameservers_ips_by_name('github.com')
|
|
10
|
+
|
|
11
|
+
| This returns a ``Response::Distinct`` of IP addresses seen for this name for the past 3
|
|
12
|
+
| months, or an empty list if none have been seen.
|
|
13
|
+
|
|
14
|
+
::
|
|
15
|
+
|
|
16
|
+
[
|
|
17
|
+
[0] "204.13.250.16",
|
|
18
|
+
[1] "204.13.251.16",
|
|
19
|
+
[2] "208.78.70.16",
|
|
20
|
+
[3] "208.78.71.16"
|
|
21
|
+
]
|
|
22
|
+
|
|
23
|
+
Getting the nameserver IPs for a set of names
|
|
24
|
+
---------------------------------------------
|
|
25
|
+
|
|
26
|
+
.. code-block:: ruby
|
|
27
|
+
|
|
28
|
+
db.nameservers_ips_by_name(['github.com', 'github.io'])
|
|
29
|
+
|
|
30
|
+
This returns a ``Response::HashByName``:
|
|
31
|
+
|
|
32
|
+
::
|
|
33
|
+
|
|
34
|
+
{
|
|
35
|
+
"github.com" => [
|
|
36
|
+
[0] "204.13.250.16",
|
|
37
|
+
[1] "204.13.251.16",
|
|
38
|
+
[2] "208.78.70.16",
|
|
39
|
+
[3] "208.78.71.16"
|
|
40
|
+
],
|
|
41
|
+
"github.io" => [
|
|
42
|
+
[0] "204.13.250.16",
|
|
43
|
+
[1] "204.13.251.16",
|
|
44
|
+
[2] "208.78.70.16",
|
|
45
|
+
[3] "208.78.71.16"
|
|
46
|
+
]
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
Getting a list of distinct name servers for a set of names
|
|
50
|
+
----------------------------------------------------------
|
|
51
|
+
|
|
52
|
+
| A very common need is to retrieve the list of IP unique addresses seen
|
|
53
|
+
| for a set of domain names over the past 3 months.
|
|
54
|
+
| This can be achieved as follows:
|
|
55
|
+
|
|
56
|
+
.. code-block:: ruby
|
|
57
|
+
|
|
58
|
+
db.distinct_nameservers_ips_by_name(['github.com', 'github.io'])
|
|
59
|
+
|
|
60
|
+
Returns a ``Response::Distinct``:
|
|
61
|
+
|
|
62
|
+
::
|
|
63
|
+
|
|
64
|
+
[
|
|
65
|
+
[0] "204.13.250.16",
|
|
66
|
+
[1] "204.13.251.16",
|
|
67
|
+
[2] "208.78.70.16",
|
|
68
|
+
[3] "208.78.71.16"
|
|
69
|
+
]
|
|
70
|
+
|
|
71
|
+
| The output is always a ``Response::Distinct`` of distinct IP addresses.
|
|
72
|
+
| This method also works with a single domain name, and is an alias for
|
|
73
|
+
| ``nameservers_ips_by_name`` in that case.
|
|
74
|
+
|
|
75
|
+
Getting the list of IP addresses for a name
|
|
76
|
+
-------------------------------------------
|
|
77
|
+
|
|
78
|
+
| This returns the list of IP addresses seen over the past 3 months for
|
|
79
|
+
| a name:
|
|
80
|
+
|
|
81
|
+
.. code-block:: ruby
|
|
82
|
+
|
|
83
|
+
db.ips_by_name('github.com')
|
|
84
|
+
|
|
85
|
+
Returns a ``Response::Distinct``"
|
|
86
|
+
|
|
87
|
+
::
|
|
88
|
+
|
|
89
|
+
[
|
|
90
|
+
[0] "192.30.252.129",
|
|
91
|
+
[1] "192.30.252.130",
|
|
92
|
+
[2] "192.30.252.131",
|
|
93
|
+
[3] "192.30.252.128",
|
|
94
|
+
[4] "204.232.175.90",
|
|
95
|
+
[5] "207.97.227.239"
|
|
96
|
+
]
|
|
97
|
+
|
|
98
|
+
Getting the list of IP addresses for a set of names
|
|
99
|
+
---------------------------------------------------
|
|
100
|
+
|
|
101
|
+
Bulk lookups can be achieved by providing a list instead of a string:
|
|
102
|
+
|
|
103
|
+
.. code-block:: ruby
|
|
104
|
+
|
|
105
|
+
db.ips_by_name(['github.com', 'github.io'])
|
|
106
|
+
|
|
107
|
+
Returns a ``Response::HashByName``:
|
|
108
|
+
|
|
109
|
+
::
|
|
110
|
+
|
|
111
|
+
{
|
|
112
|
+
"github.com" => [
|
|
113
|
+
[0] "192.30.252.129",
|
|
114
|
+
[1] "192.30.252.130",
|
|
115
|
+
[2] "192.30.252.131",
|
|
116
|
+
[3] "192.30.252.128",
|
|
117
|
+
[4] "204.232.175.90",
|
|
118
|
+
[5] "207.97.227.239"
|
|
119
|
+
],
|
|
120
|
+
"github.io" => [
|
|
121
|
+
[0] "204.232.175.78"
|
|
122
|
+
]
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
Getting the list of unique IP addresses for a set of names
|
|
126
|
+
----------------------------------------------------------
|
|
127
|
+
|
|
128
|
+
.. code-block:: ruby
|
|
129
|
+
|
|
130
|
+
db.distinct_ips_by_name(['github.com', 'github.io'])
|
|
131
|
+
|
|
132
|
+
Returns a ``Response::Distinct``:
|
|
133
|
+
|
|
134
|
+
::
|
|
135
|
+
|
|
136
|
+
[
|
|
137
|
+
[0] "192.30.252.129",
|
|
138
|
+
[1] "192.30.252.130",
|
|
139
|
+
[2] "192.30.252.131",
|
|
140
|
+
[3] "192.30.252.128",
|
|
141
|
+
[4] "204.232.175.90",
|
|
142
|
+
[5] "207.97.227.239",
|
|
143
|
+
[6] "204.232.175.78"
|
|
144
|
+
]
|
|
145
|
+
|
|
146
|
+
Getting the list of mail exchangers for a name
|
|
147
|
+
----------------------------------------------
|
|
148
|
+
|
|
149
|
+
.. code-block:: ruby
|
|
150
|
+
|
|
151
|
+
db.mxs_by_name('github.com')
|
|
152
|
+
|
|
153
|
+
Returns a ``Response::Distinct``:
|
|
154
|
+
|
|
155
|
+
::
|
|
156
|
+
|
|
157
|
+
[
|
|
158
|
+
[0] "alt1.aspmx.l.google.com.",
|
|
159
|
+
[1] "alt2.aspmx.l.google.com.",
|
|
160
|
+
[2] "aspmx.l.google.com.",
|
|
161
|
+
[3] "aspmx2.googlemail.com.",
|
|
162
|
+
[4] "aspmx3.googlemail.com."
|
|
163
|
+
]
|
|
164
|
+
|
|
165
|
+
Getting the list of mail exchangers for a set of names
|
|
166
|
+
------------------------------------------------------
|
|
167
|
+
|
|
168
|
+
.. code-block:: ruby
|
|
169
|
+
|
|
170
|
+
db.mxs_by_name(['github.com', 'github.io'])
|
|
171
|
+
|
|
172
|
+
Returns a ``Response::HashByName``:
|
|
173
|
+
|
|
174
|
+
::
|
|
175
|
+
|
|
176
|
+
{
|
|
177
|
+
"github.com" => [
|
|
178
|
+
[0] "alt1.aspmx.l.google.com.",
|
|
179
|
+
[1] "alt2.aspmx.l.google.com.",
|
|
180
|
+
[2] "aspmx.l.google.com.",
|
|
181
|
+
[3] "aspmx2.googlemail.com.",
|
|
182
|
+
[4] "aspmx3.googlemail.com."
|
|
183
|
+
],
|
|
184
|
+
"github.io" => []
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
Getting the list of unique mail exchangers for a set of names
|
|
188
|
+
-------------------------------------------------------------
|
|
189
|
+
|
|
190
|
+
.. code-block:: ruby
|
|
191
|
+
|
|
192
|
+
db.distinct_mxs_by_name(['github.com', 'github.io'])
|
|
193
|
+
|
|
194
|
+
Returns a ``Response::Distinct`` of unique mail exchangers:
|
|
195
|
+
|
|
196
|
+
::
|
|
197
|
+
|
|
198
|
+
[
|
|
199
|
+
[0] "alt1.aspmx.l.google.com.",
|
|
200
|
+
[1] "alt2.aspmx.l.google.com.",
|
|
201
|
+
[2] "aspmx.l.google.com.",
|
|
202
|
+
[3] "aspmx2.googlemail.com.",
|
|
203
|
+
[4] "aspmx3.googlemail.com."
|
|
204
|
+
]
|
|
205
|
+
|
|
206
|
+
Getting the list of CNAMEs for a name
|
|
207
|
+
-------------------------------------
|
|
208
|
+
|
|
209
|
+
.. code-block:: ruby
|
|
210
|
+
|
|
211
|
+
db.cnames_by_name('www.skyrock.com')
|
|
212
|
+
|
|
213
|
+
| Returns a ``Response::Distinct`` of CNAME records seen over the past 3 months for
|
|
214
|
+
| this name:
|
|
215
|
+
|
|
216
|
+
::
|
|
217
|
+
|
|
218
|
+
[
|
|
219
|
+
[0] "skyrockv4.gslb.skyrock.net."
|
|
220
|
+
]
|
|
221
|
+
|
|
222
|
+
Getting the list of CNAMEs for a set of names
|
|
223
|
+
---------------------------------------------
|
|
224
|
+
|
|
225
|
+
.. code-block:: ruby
|
|
226
|
+
|
|
227
|
+
db.cnames_by_name(['www.skyrock.com', 'www.apple.com'])
|
|
228
|
+
|
|
229
|
+
Returns a ``Response::HashByName``:
|
|
230
|
+
|
|
231
|
+
::
|
|
232
|
+
|
|
233
|
+
{
|
|
234
|
+
"www.skyrock.com" => [
|
|
235
|
+
[0] "skyrockv4.gslb.skyrock.net."
|
|
236
|
+
],
|
|
237
|
+
"www.apple.com" => [
|
|
238
|
+
[0] "www.isg-apple.com.akadns.net."
|
|
239
|
+
]
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
Getting the list of unique CNAMEs seen for a list of names
|
|
243
|
+
----------------------------------------------------------
|
|
244
|
+
|
|
245
|
+
.. code-block:: ruby
|
|
246
|
+
|
|
247
|
+
db.distinct_cnames_by_name(['www.skyrock.com', 'www.apple.com'])
|
|
248
|
+
|
|
249
|
+
Returns a ``Response::Distinct``:
|
|
250
|
+
|
|
251
|
+
::
|
|
252
|
+
|
|
253
|
+
[
|
|
254
|
+
[0] "skyrockv4.gslb.skyrock.net.",
|
|
255
|
+
[1] "www.isg-apple.com.akadns.net."
|
|
256
|
+
]
|
|
@@ -0,0 +1,217 @@
|
|
|
1
|
+
Getting labels
|
|
2
|
+
==============
|
|
3
|
+
|
|
4
|
+
Getting the label for a name
|
|
5
|
+
----------------------------
|
|
6
|
+
|
|
7
|
+
| Domain names can be either benign (part of a whitelist), suspicious
|
|
8
|
+
| (flagged by the OpenDNS security team) or uncategorized.
|
|
9
|
+
|
|
10
|
+
| This method returns the label for a given domain, which can be either
|
|
11
|
+
| ``:suspicious``, ``:benign`` or ``:unknown``.
|
|
12
|
+
|
|
13
|
+
.. code-block:: ruby
|
|
14
|
+
|
|
15
|
+
db.label_by_name('github.com')
|
|
16
|
+
|
|
17
|
+
Returns a ``Symbol``:
|
|
18
|
+
|
|
19
|
+
::
|
|
20
|
+
|
|
21
|
+
:benign
|
|
22
|
+
|
|
23
|
+
Getting the labels for a set of names
|
|
24
|
+
-------------------------------------
|
|
25
|
+
|
|
26
|
+
| Domain names can be either benign (part of a whitelist), suspicious
|
|
27
|
+
| (flagged by the OpenDNS security team) or uncategorized.
|
|
28
|
+
|
|
29
|
+
| This method returns the labels for a set of names, which can be either
|
|
30
|
+
| ``:suspicious``, ``:benign`` or ``:unknown``.
|
|
31
|
+
|
|
32
|
+
.. code-block:: ruby
|
|
33
|
+
|
|
34
|
+
db.labels_by_name(['github.com', 'skyrock.com'])
|
|
35
|
+
|
|
36
|
+
The labels for up to 42,000 names can be queried at once.
|
|
37
|
+
|
|
38
|
+
Returns a ``Response::HashByName``:
|
|
39
|
+
|
|
40
|
+
::
|
|
41
|
+
|
|
42
|
+
{
|
|
43
|
+
"github.com" => :benign
|
|
44
|
+
"skyrock.com" => :benign
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
Testing whether a set of names contains suspicious names
|
|
48
|
+
--------------------------------------------------------
|
|
49
|
+
|
|
50
|
+
.. code-block:: ruby
|
|
51
|
+
|
|
52
|
+
db.include_suspicious?(['github.com', 'skyrock.com'])
|
|
53
|
+
|
|
54
|
+
Returns ``true`` or ``false``:
|
|
55
|
+
|
|
56
|
+
::
|
|
57
|
+
|
|
58
|
+
false
|
|
59
|
+
|
|
60
|
+
Testing whether a set of names contains benign names
|
|
61
|
+
----------------------------------------------------
|
|
62
|
+
|
|
63
|
+
.. code-block:: ruby
|
|
64
|
+
|
|
65
|
+
db.include_benign?(['github.com', 'skyrock.com'])
|
|
66
|
+
|
|
67
|
+
Returns ``true`` or ``false``:
|
|
68
|
+
|
|
69
|
+
::
|
|
70
|
+
|
|
71
|
+
true
|
|
72
|
+
|
|
73
|
+
Testing whether a set of names contains unknown names
|
|
74
|
+
-----------------------------------------------------
|
|
75
|
+
|
|
76
|
+
.. code-block:: ruby
|
|
77
|
+
|
|
78
|
+
db.include_unknown?(['github.com', 'skyrock.com'])
|
|
79
|
+
|
|
80
|
+
Returns ``true`` or ``false``:
|
|
81
|
+
|
|
82
|
+
::
|
|
83
|
+
|
|
84
|
+
false
|
|
85
|
+
|
|
86
|
+
Testing whether a domain is suspicious
|
|
87
|
+
--------------------------------------
|
|
88
|
+
|
|
89
|
+
.. code-block:: ruby
|
|
90
|
+
|
|
91
|
+
db.is_suspicious?('github.com')
|
|
92
|
+
|
|
93
|
+
Returns ``true`` or ``false``:
|
|
94
|
+
|
|
95
|
+
::
|
|
96
|
+
|
|
97
|
+
false
|
|
98
|
+
|
|
99
|
+
Testing whether a domain is benign
|
|
100
|
+
----------------------------------
|
|
101
|
+
|
|
102
|
+
.. code-block:: ruby
|
|
103
|
+
|
|
104
|
+
db.is_benign?('github.com')
|
|
105
|
+
|
|
106
|
+
Returns ``true`` or ``false``:
|
|
107
|
+
|
|
108
|
+
::
|
|
109
|
+
|
|
110
|
+
true
|
|
111
|
+
|
|
112
|
+
Testing whether a domain is unknown
|
|
113
|
+
-----------------------------------
|
|
114
|
+
|
|
115
|
+
.. code-block:: ruby
|
|
116
|
+
|
|
117
|
+
db.is_unknown?('github.com')
|
|
118
|
+
|
|
119
|
+
Returns ``true`` or ``false``:
|
|
120
|
+
|
|
121
|
+
::
|
|
122
|
+
|
|
123
|
+
false
|
|
124
|
+
|
|
125
|
+
Extracting the subset of suspicious names
|
|
126
|
+
-----------------------------------------
|
|
127
|
+
|
|
128
|
+
Given a set of names, return a subset of names flagged as suspicious:
|
|
129
|
+
|
|
130
|
+
.. code-block:: ruby
|
|
131
|
+
|
|
132
|
+
db.suspicious_names(['github.com', 'excue.ru'])
|
|
133
|
+
|
|
134
|
+
Returns a ``Response::Distinct``:
|
|
135
|
+
|
|
136
|
+
::
|
|
137
|
+
|
|
138
|
+
['excue.ru']
|
|
139
|
+
|
|
140
|
+
Extracting the subset of names not flagged as suspicious
|
|
141
|
+
--------------------------------------------------------
|
|
142
|
+
|
|
143
|
+
Given a set of names, return a subset of names not flagged as
|
|
144
|
+
suspicious:
|
|
145
|
+
|
|
146
|
+
.. code-block:: ruby
|
|
147
|
+
|
|
148
|
+
db.not_suspicious_names(['github.com', 'excue.ru'])
|
|
149
|
+
|
|
150
|
+
Returns a ``Response::Distinct``:
|
|
151
|
+
|
|
152
|
+
::
|
|
153
|
+
|
|
154
|
+
['github.com']
|
|
155
|
+
|
|
156
|
+
Extracting the subset of benign names
|
|
157
|
+
-------------------------------------
|
|
158
|
+
|
|
159
|
+
Given a set of names, return a subset of names flagged as benign:
|
|
160
|
+
|
|
161
|
+
.. code-block:: ruby
|
|
162
|
+
|
|
163
|
+
db.benign_names(['github.com', 'excue.ru'])
|
|
164
|
+
|
|
165
|
+
Returns a ``Response::Distinct``:
|
|
166
|
+
|
|
167
|
+
::
|
|
168
|
+
|
|
169
|
+
['github.com']
|
|
170
|
+
|
|
171
|
+
Extracting the subset of names not flagged as benign
|
|
172
|
+
----------------------------------------------------
|
|
173
|
+
|
|
174
|
+
Given a set of names, return a subset of names not flagged as
|
|
175
|
+
benign:
|
|
176
|
+
|
|
177
|
+
.. code-block:: ruby
|
|
178
|
+
|
|
179
|
+
db.not_benign_names(['github.com', 'excue.ru'])
|
|
180
|
+
|
|
181
|
+
Returns a ``Response::Distinct``:
|
|
182
|
+
|
|
183
|
+
::
|
|
184
|
+
|
|
185
|
+
['excue.ru']
|
|
186
|
+
|
|
187
|
+
Extracting the subset of unknown names
|
|
188
|
+
--------------------------------------
|
|
189
|
+
|
|
190
|
+
Given a set of names, return a subset of names flagged as unknown:
|
|
191
|
+
|
|
192
|
+
.. code-block:: ruby
|
|
193
|
+
|
|
194
|
+
db.unknown_names(['github.com', 'exue.ru'])
|
|
195
|
+
|
|
196
|
+
Returns a ``Response::Distinct``:
|
|
197
|
+
|
|
198
|
+
::
|
|
199
|
+
|
|
200
|
+
['exue.ru']
|
|
201
|
+
|
|
202
|
+
Extracting the subset of names flagged as benign or suspicious
|
|
203
|
+
---------------------------------------------------------------
|
|
204
|
+
|
|
205
|
+
Given a set of names, return a subset of names flagged as benign or
|
|
206
|
+
suspicious:
|
|
207
|
+
|
|
208
|
+
.. code-block:: ruby
|
|
209
|
+
|
|
210
|
+
db.not_unknown_names(['github.com', 'excue.ru'])
|
|
211
|
+
|
|
212
|
+
Returns a ``Response::Distinct``:
|
|
213
|
+
|
|
214
|
+
::
|
|
215
|
+
|
|
216
|
+
['github.com', 'excue.ru']
|
|
217
|
+
|