AXFR detection in zone file input, to determine if the data is form ICANN or an AXFR against a dns (for source tracking)
This commit is contained in:
parent
a53541c328
commit
6983b8ebec
@ -63,6 +63,9 @@ async def process_data(file_path: str):
|
|||||||
# Initialize the cache
|
# Initialize the cache
|
||||||
last = None
|
last = None
|
||||||
|
|
||||||
|
# Default source for the records
|
||||||
|
source = 'czds'
|
||||||
|
|
||||||
# Determine the zone name from the file path (e.g., /path/to/zones/com.eu.txt -> com.eu zone)
|
# Determine the zone name from the file path (e.g., /path/to/zones/com.eu.txt -> com.eu zone)
|
||||||
zone = '.'.join(file_path.split('/')[-1].split('.')[:-1])
|
zone = '.'.join(file_path.split('/')[-1].split('.')[:-1])
|
||||||
|
|
||||||
@ -76,9 +79,14 @@ async def process_data(file_path: str):
|
|||||||
break
|
break
|
||||||
|
|
||||||
# Skip empty lines and comments
|
# Skip empty lines and comments
|
||||||
if not line or line.startswith(';'):
|
if not line:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
if line.startswith(';'):
|
||||||
|
if 'DiG' in line and 'AXFR' in line: # Zone transfer from an AXFR request
|
||||||
|
source = 'axfr'
|
||||||
|
continue
|
||||||
|
|
||||||
# Split the line into its parts
|
# Split the line into its parts
|
||||||
parts = line.split()
|
parts = line.split()
|
||||||
|
|
||||||
@ -135,7 +143,7 @@ async def process_data(file_path: str):
|
|||||||
'domain' : domain,
|
'domain' : domain,
|
||||||
'zone' : zone,
|
'zone' : zone,
|
||||||
'records' : {record_type: [{'data': data, 'ttl': ttl}]},
|
'records' : {record_type: [{'data': data, 'ttl': ttl}]},
|
||||||
'source' : 'czds',
|
'source' : source,
|
||||||
'seen' : time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime()) # Zone files do not contain a timestamp, so we use the current time
|
'seen' : time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime()) # Zone files do not contain a timestamp, so we use the current time
|
||||||
},
|
},
|
||||||
'doc_as_upsert' : True # This will create the document if it does not exist
|
'doc_as_upsert' : True # This will create the document if it does not exist
|
||||||
|
Loading…
Reference in New Issue
Block a user