rogue_one 0.1.4 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a8a159994892e276c84f9854aea0d1bb1ed915da4d1441e362cd3df81967a029
-  data.tar.gz: aeb889e5a15df10f85822fc78fb285a55f86268f7a6287e34f604698172ad0b0
+  metadata.gz: 36b1d9ea6171500c42fd1930ba0807e74d8df4908fdec5eb47f1b88b0262caf6
+  data.tar.gz: 3836ad7bc6a13b68e1fa07d5d584ccbe0da64c8a4c1ee31e16d8f6e5037ada7f
 SHA512:
-  metadata.gz: 2d49d2e63096010fae8beb77c5b0ff0eadcb83b350663a7f048a5f2402378b65ee99bd91ba83c6659a0cac87250d91c4a377d0c1a1f5e924e74b7aa4af670472
-  data.tar.gz: 52f2ea2c904088b2f3c817653427e4d92ca04e1584a11754163a5ade8ee6a5075d4350e5fde3468cb87dc865caadcc6acc3de3edd98005d89dd5386214ed9505
+  metadata.gz: 8659b118ceaf22a6ec4756d4f883f8bda633ddf1230aab126c2666ad967df887dd7b1fed576b2f3608ed0adefea695067030ed079b3a915af8c06b1398bd2bd0
+  data.tar.gz: 3c6debab123e645b9765627dda48bc5c2674ee9101f53da0c8bb967a72d54cea411213cc6b6d2354263f1034b73d75282058872779f75a1ac07ec3e5bb77a63d

data/.travis.yml

@@ -4,4 +4,5 @@ language: ruby
 cache: bundler
 rvm:
   - 2.6
-before_install: gem install bundler -v 2.0.1
+  - 2.7
+before_install: gem install bundler -v 2.1

data/README.md

@@ -1,9 +1,25 @@
-# Rogue one: a rogue DNS detector
+# Rogue one
 
 [![Gem Version](https://badge.fury.io/rb/rogue_one.svg)](https://badge.fury.io/rb/rogue_one)
-[![Build Status](https://travis-ci.org/ninoseki/rogue_one.svg?branch=master)](https://travis-ci.org/ninoseki/rogue_one)
+[![Build Status](https://travis-ci.com/ninoseki/rogue_one.svg?branch=master)](https://travis-ci.com/ninoseki/rogue_one)
+[![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/rogue_one/badge)](https://www.codefactor.io/repository/github/ninoseki/rogue_one)
 [![Coverage Status](https://coveralls.io/repos/github/ninoseki/rogue_one/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/rogue_one?branch=master)
 
+A PoC tool for analyzing a rogue DNS server.
+
+This tool could be used for checking maliciousness of a DNS server and extracting landing pages.
+
+## How it works
+
+![image](./images/eyecatch.png)
+
+IPv4 space is vast. But an attacker could secure a few numbers of IP addresses for landing pages.
+It means you can (probably) find malicious landing pages by using the following methods.
+
+- Resolving a bunch of domains by using a DNS server.
+- Finding frequent IPv4s from the resolutions. They might be landing pages.
+- If a DNS server has landing pages, it might be a rogue one.
+
 ## Installation
 
 ```bash
@@ -18,6 +34,21 @@ Commands:
   rogue_one help [COMMAND]       # Describe available commands or one specific command
   rogue_one report [DNS_SERVER]  # Show a report of a given DNS server
 
+$ rogue_one help report
+Usage:
+  rogue_one report [DNS_SERVER]
+
+Options:
+  [--custom-list=CUSTOM_LIST]    # A path to a custom list of domains
+  [--default-list=DEFAULT_LIST]  # A default list of top 100 domains (Alexa or Fortune)
+                                 # Default: alexa
+  [--record-type=RECORD_TYPE]    # A type of the DNS resource to check
+                                 # Default: A
+  [--threshold=N]                # Threshold value for determining malicious or not
+  [--verbose], [--no-verbose]
+
+Show a report of a given DNS server
+
 $ rogue_one report 1.1.1.1
 {
   "verdict": "benign one",
@@ -35,12 +66,23 @@ $ rogue_one report 1.53.252.215
     "61.230.102.66"
   ]
 }
+
+$ rogue_one report 171.244.3.111 --custom-list tmp/roaming.yml
+{
+  "verdict": "rogue one",
+  "landing_pages": [
+    "154.223.53.53",
+    "58.82.243.9"
+  ]
+}
+# Note: a custom list should be an array of domains in YAML format.
 ```
 
-| Key           | Desc.                                            |
-|---------------|--------------------------------------------------|
-| verdict       | A detection result (`rogue one` or `benign one`) |
-| landing_pages | An array of IP of landing pages                  |
+| Key           | Desc.                                                                    |
+|---------------|--------------------------------------------------------------------------|
+| verdict       | A detection result (`rogue one` or `benign one`)                         |
+| landing_pages | An array of IP of landing pages                                          |
+| results       | DNS resolution results (only available if --verbose option is specified) |
 
 ## Notes
 

data/lib/rogue_one.rb

@@ -2,7 +2,8 @@
 
 require "rogue_one/version"
 
-require "rogue_one/resolver"
+require "rogue_one/domain_list"
+
 require "rogue_one/detector"
 require "rogue_one/ping"
 require "rogue_one/cli"

data/lib/rogue_one/cli.rb

@@ -5,12 +5,36 @@ require "json"
 
 module RogueOne
   class CLI < Thor
+    class << self
+      def exit_on_failure?
+        true
+      end
+    end
+
     desc "report [DNS_SERVER]", "Show a report of a given DNS server"
+    method_option :custom_list, type: :string, desc: "A path to a custom list of domains"
+    method_option :default_list, type: :string, default: "alexa", desc: "A default list of top 100 domains (Alexa or Fortune)"
+    method_option :record_type, type: :string, default: "A", desc: "A type of the DNS resource to check"
+    method_option :threshold, type: :numeric, desc: "Threshold value for determining malicious or not"
+    method_option :verbose, type: :boolean
     def report(dns_server)
       with_error_handling do
         Ping.pong? dns_server
 
-        detector = Detector.new(target: dns_server)
+        custom_list = options["custom_list"]
+        default_list = options["default_list"].downcase
+        record_type = options["record_type"].upcase
+        threshold = options["threshold"]
+        verbose = options["verbose"]
+
+        detector = Detector.new(
+          custom_list: custom_list,
+          default_list: default_list,
+          record_type: record_type,
+          target: dns_server,
+          threshold: threshold,
+          verbose: verbose,
+        )
         puts JSON.pretty_generate(detector.report)
       end
     end

data/lib/rogue_one/data/alexa_100.yml

@@ -0,0 +1,101 @@
+---
+- google.com
+- youtube.com
+- tmall.com
+- baidu.com
+- qq.com
+- sohu.com
+- facebook.com
+- login.tmall.com
+- wikipedia.org
+- taobao.com
+- yahoo.com
+- jd.com
+- 360.cn
+- amazon.com
+- sina.com.cn
+- weibo.com
+- pages.tmall.com
+- reddit.com
+- live.com
+- vk.com
+- okezone.com
+- netflix.com
+- blogspot.com
+- office.com
+- csdn.net
+- alipay.com
+- xinhuanet.com
+- stackoverflow.com
+- yahoo.co.jp
+- instagram.com
+- google.com.hk
+- aliexpress.com
+- microsoft.com
+- babytree.com
+- naver.com
+- twitter.com
+- bing.com
+- livejasmin.com
+- amazon.co.jp
+- tribunnews.com
+- ebay.com
+- salesforce.com
+- twitch.tv
+- google.co.in
+- force.com
+- microsoftonline.com
+- apple.com
+- tianya.cn
+- adobe.com
+- pornhub.com
+- msn.com
+- zhanqi.tv
+- dropbox.com
+- linkedin.com
+- yandex.ru
+- wordpress.com
+- myshopify.com
+- amazon.in
+- mail.ru
+- panda.tv
+- imdb.com
+- caijing.com.cn
+- china.com.cn
+- mama.cn
+- amazonaws.com
+- google.com.br
+- trello.com
+- bongacams.com
+- google.de
+- medium.com
+- google.co.jp
+- soso.com
+- booking.com
+- w3schools.com
+- amazon.co.uk
+- spotify.com
+- amazon.de
+- rednet.cn
+- bbc.com
+- detail.tmall.com
+- xvideos.com
+- espn.com
+- detik.com
+- github.com
+- cnn.com
+- instructure.com
+- ok.ru
+- indeed.com
+- yy.com
+- tumblr.com
+- huanqiu.com
+- stackexchange.com
+- nytimes.com
+- imgur.com
+- soundcloud.com
+- whatsapp.com
+- rakuten.co.jp
+- nih.gov
+- sogou.com
+- google.cn

data/lib/rogue_one/data/fortune_100.yml

@@ -0,0 +1,101 @@
+---
+- walmart.com
+- exxonmobil.com
+- berkshirehathaway.com
+- apple.com
+- unitedhealthgroup.com
+- mckesson.com
+- cvshealth.com
+- amazon.com
+- att.com
+- gm.com
+- ford.com
+- amerisourcebergen.com
+- chevron.com
+- cardinalhealth.com
+- costco.com
+- verizon.com
+- kroger.com
+- ge.com
+- walgreensbootsalliance.com
+- jpmorganchase.com
+- fanniemae.com
+- abc.xyz
+- homedepot.com
+- bankofamerica.com
+- express-scripts.com
+- wellsfargo.com
+- boeing.com
+- phillips66.com
+- antheminc.com
+- microsoft.com
+- valero.com
+- citigroup.com
+- comcastcorporation.com
+- ibm.com
+- delltechnologies.com
+- statefarm.com
+- jnj.com
+- freddiemac.com
+- target.com
+- lowes.com
+- marathonpetroleum.com
+- pg.com
+- metlife.com
+- ups.com
+- pepsico.com
+- intel.com
+- dow-dupont.com
+- adm.com
+- aetna.com
+- fedex.com
+- utc.com
+- prudential.com
+- albertsons.com
+- sysco.com
+- disney.com
+- humana.com
+- pfizer.com
+- hp.com
+- lockheedmartin.com
+- aig.com
+- centene.com
+- cisco.com
+- hcahealthcare.com
+- energytransfer.com
+- caterpillar.com
+- nationwide.com
+- morganstanley.com
+- libertymutual.com
+- newyorklife.com
+- gs.com
+- aa.com
+- bestbuy.com
+- cigna.com
+- charter.com
+- delta.com
+- facebook.com
+- honeywell.com
+- merck.com
+- allstate.com
+- tysonfoods.com
+- united.com
+- oracle.com
+- techdata.com
+- tiaa.org
+- tjx.com
+- americanexpress.com
+- coca-colacompany.com
+- publix.com
+- nike.com
+- andeavor.com
+- wfscorp.com
+- exeloncorp.com
+- massmutual.com
+- riteaid.com
+- conocophillips.com
+- chsinc.com
+- 3m.com
+- timewarner.com
+- generaldynamics.com
+- usaa.com

data/lib/rogue_one/detector.rb

@@ -1,23 +1,53 @@
 # frozen_string_literal: true
 
+require "async"
+require "async/barrier"
+require "async/dns"
+require "async/reactor"
+require "async/semaphore"
+require "resolv"
 require "yaml"
-require "parallel"
+require "etc"
 
 module RogueOne
   class Detector
+    attr_reader :custom_list
+    attr_reader :default_list
+    attr_reader :max_concurrency
+    attr_reader :record_type
     attr_reader :target
+    attr_reader :verbose
 
     GOOGLE_PUBLIC_DNS = "8.8.8.8"
 
-    def initialize(target:)
+    def initialize(target:,
+                   custom_list: nil,
+                   default_list: "alexa",
+                   record_type: "A",
+                   threshold: nil,
+                   verbose: false)
       @target = target
+
+      @custom_list = custom_list
+      @default_list = default_list
+      @record_type = record_type.upcase.to_sym
+      @threshold = threshold
+      @verbose = verbose
+
+      @max_concurrency = Etc.nprocessors * 2
       @memo = {}
+      @verbose_memo = nil
     end
 
     def report
       inspect
 
-      { verdict: verdict, landing_pages: landing_pages }
+      {
+        verdict: verdict,
+        landing_pages: landing_pages,
+        results: results,
+        meta: meta
+      }.compact
     end
 
     private
@@ -30,35 +60,129 @@ module RogueOne
       !landing_pages.empty?
     end
 
+    def threshold
+      @threshold ||= (domains.length.to_f / 10.0).ceil
+    end
+
+    def meta
+      return nil unless verbose
+
+      {
+        record_type: record_type,
+        threshold: threshold,
+      }
+    end
+
     def landing_pages
       @memo.map do |ip, count|
-        count > 10 ? ip : nil
+        count > threshold ? ip : nil
       end.compact.sort
     end
 
+    def results
+      return nil unless verbose
+
+      {
+        resolutions: resolutions,
+        occurrences: occurrences
+      }
+    end
+
+    def resolutions
+      (@verbose_memo || {}).sort_by { |_, v| v }.to_h
+    end
+
+    def occurrences
+      @memo.sort_by{ |_, v| -v }.to_h
+    end
+
     def inspect
       return unless @memo.empty?
 
-      results = Parallel.map(top_100_domains) do |domain|
-        normal_result = normal_resolver.dig(domain, "A")
-        target_result = target_resolver.dig(domain, "A")
+      # read domains outside of the async blocks
+      load_domains
+
+      normal_resolutions = bulk_resolve(normal_resolver, domains)
+      resolutions = bulk_resolve(target_resolver, domains)
 
-        target_result if target_result && normal_result != target_result
-      end.compact
+      results = resolutions.map do |domain, addresses|
+        normal_addresses = normal_resolutions.dig(domain) || []
+        address = (addresses || []).first
+        [domain, address] if address && !normal_addresses.include?(address)
+      end.compact.to_h
 
-      @memo = results.group_by(&:itself).map { |k, v| [k, v.length] }.to_h
+      @memo = results.values.group_by(&:itself).map { |k, v| [k, v.length] }.to_h
+      @verbose_memo = results if verbose
+    end
+
+    def load_domains
+      domains
+    end
+
+    def domains
+      @domains ||= custom_list ? custom_domains : top_100_domains
+    end
+
+    def custom_domains
+      read_domains custom_list
     end
 
     def top_100_domains
-      @top_100_domains ||= YAML.safe_load(File.read(File.expand_path("./data/top_100.yml", __dir__)))
+      case default_list
+      when "alexa"
+        read_domains File.expand_path("./data/alexa_100.yml", __dir__)
+      when "fortune"
+        read_domains File.expand_path("./data/fortune_100.yml", __dir__)
+      end
+    end
+
+    def read_domains(path)
+      list = DomainList.new(path)
+      return list.domains if list.valid?
+
+      raise ArgumentError, "Inputted an invalid list. #{path} is not eixst." unless list.exists?
+      raise ArgumentError, "Inputted an invalid list. Please input a list as an YAML file." unless list.valid_format?
+    end
+
+    def bulk_resolve(resolver, domains)
+      results = []
+
+      Async do
+        barrier = Async::Barrier.new
+        semaphore = Async::Semaphore.new(max_concurrency, parent: barrier)
+
+        domains.each do |domain|
+          semaphore.async do
+            addresses = []
+            begin
+              addresses = resolver.addresses_for(domain, dns_resource_by_record_type, { retries: 1 }).map(&:to_s)
+            rescue Async::DNS::ResolutionFailure
+              # do nothing
+            end
+            results << [domain, addresses]
+          end
+        end
+      end
+      results.to_h
     end
 
     def normal_resolver
-      @normal_resolver ||= Resolver.new(nameserver: GOOGLE_PUBLIC_DNS)
+      Async::DNS::Resolver.new([[:udp, GOOGLE_PUBLIC_DNS, 53], [:tcp, GOOGLE_PUBLIC_DNS, 53]])
     end
 
     def target_resolver
-      @target_resolver ||= Resolver.new(nameserver: target)
+      Async::DNS::Resolver.new([[:udp, target, 53], [:tcp, target, 53]])
+    end
+
+    def dns_resource_by_record_type
+      @dns_resource_by_record_type ||= dns_resources.dig(record_type)
+    end
+
+    def dns_resources
+      {
+        A: Resolv::DNS::Resource::IN::A,
+        AAAA: Resolv::DNS::Resource::IN::AAAA,
+      }
     end
   end
 end

data/lib/rogue_one/domain_list.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module RogueOne
+  class DomainList
+    attr_reader :path
+
+    def initialize(path)
+      @path = path.to_s
+    end
+
+    def valid?
+      exists? && valid_format?
+    end
+
+    def domains
+      @domains ||= exists? ? YAML.safe_load(File.read(path)) : nil
+    end
+
+    def exists?
+      File.exist?(path)
+    end
+
+    def valid_format?
+      domains.is_a? Array
+    end
+  end
+end

data/lib/rogue_one/ping.rb

@@ -1,16 +1,27 @@
 # frozen_string_literal: true
 
+require "resolv"
+
 module RogueOne
   class Ping
     attr_reader :resolver
+    attr_reader :nameserver
 
     def initialize(nameserver)
-      @resolver = Resolver.new(nameserver: nameserver)
+      @nameserver = nameserver
+      @resolver = Resolv::DNS.new(nameserver: [nameserver])
+      @resolver.timeouts = 5
+    end
+
+    def get_a_record
+      resolver.getresource("example.com", Resolv::DNS::Resource::IN::A)
+    rescue Resolv::ResolvError => _e
+      nil
     end
 
     def pong?
-      result = resolver.dig("example.com", "A")
-      raise Error, "DNS resolve error: there is no resopnse from #{resolver.nameserver}" unless result
+      result = get_a_record
+      raise Error, "DNS resolve error: there is no resopnse from #{nameserver}" unless result
 
       true
     end

data/lib/rogue_one/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RogueOne
-  VERSION = "0.1.4"
+  VERSION = "0.4.2"
 end

data/renovate.json

@@ -0,0 +1,5 @@
+{
+  "extends": [
+    "config:base"
+  ]
+}

data/rogue_one.gemspec

@@ -10,8 +10,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Manabu Niseki"]
   spec.email         = ["manabu.niseki@gmail.com"]
 
-  spec.summary       = "Rogue one: a rogue DNS detector"
-  spec.description   = 'Rogue one: a rogue DNS detector'
+  spec.summary       = "A rogue DNS detector"
+  spec.description   = "A rogue DNS detector"
   spec.homepage      = "https://github.com/ninoseki/rogue_one"
   spec.license       = "MIT"
 
@@ -24,11 +24,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "bundler", "~> 2.1"
   spec.add_development_dependency "coveralls", "~> 0.8"
-  spec.add_development_dependency "rake", "~> 12.3"
-  spec.add_development_dependency "rspec", "~> 3.8"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.9"
 
-  spec.add_dependency "parallel", "~> 1.17"
-  spec.add_dependency "thor", "~> 0.19"
+  spec.add_dependency "async-dns", "~> 1.2"
+  spec.add_dependency "thor", "~> 1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rogue_one
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.4.2
 platform: ruby
 authors:
 - Manabu Niseki
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-06-09 00:00:00.000000000 Z
+date: 2020-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -44,57 +44,57 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
-  name: parallel
+  name: async-dns
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.19'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.19'
-description: 'Rogue one: a rogue DNS detector'
+        version: '1.0'
+description: A rogue DNS detector
 email:
 - manabu.niseki@gmail.com
 executables:
@@ -112,19 +112,22 @@ files:
 - bin/console
 - bin/setup
 - exe/rogue_one
+- images/eyecatch.png
 - lib/rogue_one.rb
 - lib/rogue_one/cli.rb
-- lib/rogue_one/data/top_100.yml
+- lib/rogue_one/data/alexa_100.yml
+- lib/rogue_one/data/fortune_100.yml
 - lib/rogue_one/detector.rb
+- lib/rogue_one/domain_list.rb
 - lib/rogue_one/ping.rb
-- lib/rogue_one/resolver.rb
 - lib/rogue_one/version.rb
+- renovate.json
 - rogue_one.gemspec
 homepage: https://github.com/ninoseki/rogue_one
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -139,8 +142,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
-summary: 'Rogue one: a rogue DNS detector'
+summary: A rogue DNS detector
 test_files: []

data/lib/rogue_one/data/top_100.yml

@@ -1,101 +0,0 @@
----
-- google.com
-- facebook.com
-- youtube.com
-- yahoo.com
-- baidu.com
-- wikipedia.org
-- qq.com
-- taobao.com
-- twitter.com
-- amazon.com
-- linkedin.com
-- live.com
-- google.co.in
-- sina.com.cn
-- hao123.com
-- blogspot.com
-- weibo.com
-- tmall.com
-- vk.com
-- wordpress.com
-- yahoo.co.jp
-- sohu.com
-- yandex.ru
-- ebay.com
-- google.de
-- bing.com
-- pinterest.com
-- google.co.uk
-- 163.com
-- 360.cn
-- google.fr
-- ask.com
-- instagram.com
-- google.co.jp
-- tumblr.com
-- msn.com
-- google.com.br
-- mail.ru
-- microsoft.com
-- xvideos.com
-- paypal.com
-- google.ru
-- soso.com
-- adcash.com
-- google.es
-- google.it
-- imdb.com
-- apple.com
-- imgur.com
-- neobux.com
-- craigslist.org
-- amazon.co.jp
-- t.co
-- xhamster.com
-- stackoverflow.com
-- reddit.com
-- google.com.mx
-- google.com.hk
-- cnn.com
-- google.ca
-- fc2.com
-- go.com
-- ifeng.com
-- bbc.co.uk
-- vube.com
-- people.com.cn
-- blogger.com
-- aliexpress.com
-- odnoklassniki.ru
-- wordpress.org
-- alibaba.com
-- gmw.cn
-- adobe.com
-- huffingtonpost.com
-- google.com.tr
-- xinhuanet.com
-- googleusercontent.com
-- youku.com
-- godaddy.com
-- pornhub.com
-- akamaihd.net
-- thepiratebay.se
-- kickass.to
-- google.com.au
-- amazon.de
-- clkmon.com
-- ebay.de
-- alipay.com
-- google.pl
-- espn.go.com
-- dailymotion.com
-- about.com
-- bp.blogspot.com
-- blogspot.in
-- netflix.com
-- vimeo.com
-- dailymail.co.uk
-- redtube.com
-- rakuten.co.jp
-- conduit.com

data/lib/rogue_one/resolver.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require "resolv"
-
-module RogueOne
-  class Resolver
-    attr_reader :nameserver
-
-    def initialize(nameserver:)
-      @nameserver = nameserver
-    end
-
-    def dig(domain, type)
-      _resolver.getresource(domain, resource_by_type(type)).address.to_s
-    rescue Resolv::ResolvError => e
-      nil
-    end
-
-    private
-
-    def _resolver
-      @_resolver ||= Resolv::DNS.new(nameserver: [nameserver])
-      @_resolver.timeouts = 5
-      @_resolver
-    end
-
-    def resource_by_type(type)
-      resources.dig(type.upcase.to_sym)
-    end
-
-    def resources
-      {
-        ANY: Resolv::DNS::Resource::IN::ANY,
-        NS: Resolv::DNS::Resource::IN::NS,
-        CNAME: Resolv::DNS::Resource::IN::CNAME,
-        SOA: Resolv::DNS::Resource::IN::SOA,
-        HINFO: Resolv::DNS::Resource::IN::HINFO,
-        MINFO: Resolv::DNS::Resource::IN::MINFO,
-        MX: Resolv::DNS::Resource::IN::MX,
-        TXT: Resolv::DNS::Resource::IN::TXT,
-        A: Resolv::DNS::Resource::IN::A,
-        WKS: Resolv::DNS::Resource::IN::WKS,
-        PTR: Resolv::DNS::Resource::IN::PTR,
-        AAAA: Resolv::DNS::Resource::IN::AAAA,
-        SRV: Resolv::DNS::Resource::IN::SRV,
-      }
-    end
-  end
-end