So i'm currently using Wireshark to investigate DNS traffic. In the command prompt, i am running the query nslookup to lookup a domain. In wireshark i am getting the following response:
Flags: 0x8183 Standard query response, No such name
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0011 = Reply code: No such name (3)
What exactly does 'No such name' mean and why is it being displayed?
Look at the description of NXDOMAIN in RFC 1035 section 4.1.1:
https://www.rfc-editor.org/rfc/rfc1035#section-4.1.1
3 Name Error - Meaningful only for
responses from an authoritative name
server, this code signifies that the
domain name referenced in the query does
not exist.
Related
I used the following Python code to retrieve a web page behind a login page successfully for some years:
username = 'user'
password = 'pass'
login_url = 'https://company.com/login?url='
redirect_url = 'https://epaper.company.com/'
data = { 'email' : username, 'pass' : password }
initial_url = login_url + quote(redirect_url)
response = requests.post(initial_url, data=data)
Then something changed at company.com about 2 months ago, and the request returned status code 400. I tried changing the data parameter to json (response = requests.post(initial_url, json=data)) which gave me a 200 response telling me a wrong password was provided.
Any ideas what I could try to debug?
Thanks,
Jan
Update: I just tried using a requests session to retrieve the csrf_token from the login page (as suggested here), so now my code reads:
with requests.Session() as sess:
response = sess.get(login_url)
signin = BeautifulSoup(response._content, 'html.parser')
data['csrf_token'] = signin.find('input', {'name':'csrf_token'})['value']
response = sess.post(initial_url, data=data)
Unfortunately, the response is still 400 (and 200/wrong password with the json parameter).
First: When you send data=data, used {"Content-Type":"application/x-www-form-urlencoded"}; if you send json=data, in headers response should be used {"Content-Type":"application/json"}
Second: Perhaps redirects have been added. Try to add:
response = sess.post(url, data=data)
print("URL you expect", url)
print("Last request URL:", response.url)
Be sure to check:
print(sess.cookies.get_dict())
print(response.headers)
If you get an unexpected result when checking, change the code like this:
response = sess.post(url, data=data, allow_redirects=False)
getting a strange error when trying simple gRPC implementation I.e. following the standard python example. Server seems to run OK, but get the error when I ping it with a client
grpc:
package pas;
// The PAS service definition
service PAS {
// analyze single file
rpc getPhotonRecords (PhotonRecordsRequest) returns (PhotonRecordsReply) {}
}
message PhotonRecordsRequest {
string fileName = 1;
}
message PhotonRecordsReply {
repeated uint32 PhotonRecords = 1;
}
client:
with grpc.insecure_channel("localhost:50051") as channel:
stub = pas_pb2_grpc.PASStub(channel)
msg = pas_pb2.PhotonRecordsRequest(fileName='testingFilename.flb')
response = stub.getPhotonRecords(msg)
server:
class PAS_GRPC(pas_pb2_grpc.PASServicer):
def getPhotonRecords(self, request: pas_pb2.PhotonRecordsRequest, context):
# check for required fields and error if not there or valid
# update any optional fields that the request has specified
PhotonRecordsReply = pas_pb2.PhotonRecordsReply()
PhotonRecordsReply.PhotonRecords.extend([1, 3, 7])
return pas_pb2.PhotonRecordsReply
client error:
<_InactiveRpcError of RPC that terminated with:
status = StatusCode.INTERNAL
details = "Failed to serialize response!"
server error:
TypeError: IsInitialized() missing 1 required positional argument: 'self'
Your server method getPhotonRecords returns the type:
return pas_pb2.PhotonRecordsReply
But it should return the variable you created:
return PhotonRecordsReply
You may want to use snake_case for variables to help differentiate from CamelCase class names, i.e.:
photon_records_reply = pas_pb2.PhotonRecordsReply()
...
I am chasing down some weird DNS behaviour in our network, and I would appreciate your help:
We have an old router that also acts as a local DNS server (DrayTek 2830n) at 192.168.1.1. The symptom is that a Windows 10 machine can successfully query that server whereas an Ubuntu 20.04 LTS does not get any response (although that machine can query 1.1.1.1 or 8.8.8.8 without any problems).
When I wireshark'ed the traffic, the first difference I noticed was the "AD flag". The query from the Windows machine (either through the browser or by nslookup from the command line) looks like this,
User Datagram Protocol, Src Port: 58922, Dst Port: 53
Domain Name System (query)
Transaction ID: 0x0002
Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
while the corresponding query from the Ubuntu machine is
User Datagram Protocol, Src Port: 35155, Dst Port: 53
Domain Name System (query)
Transaction ID: 0x85ee
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Indeed, the AD flag is the culprit. When I explicitly unset it in the query from the Ubuntu machine, say, dig +noadflag #192.168.1.1 www.somewhere.edu then the router does respond to the query. Public servers such as 1.1.1.1 or 8.8.8.8, however, always respond.
Now my questions are these
what is the purpose of the AD bit in the DNS query?
why does Windows 10 unset it whereas Linux usually sets it?
why might our router respond only when the flag is unset whereas every other DNS server that I tried, responds irrespectively of that flag?
Thank your in advance for your help.
HPF
I want to implement an http4s server that receives the content from another service, processes it and return the response.
The original service uses redirects so I added the Follow redirect middleware. I also added the Logger middleware to check the logs produced.
The skeleton of the service is:
implicit val clientResource = BlazeClientBuilder[F](global).resource
val wikidataEntityUrl = "http://www.wikidata.org/entity/Q"
def routes(implicit timer: Timer[F]): HttpRoutes[F] = HttpRoutes.of[F] {
case GET -> Root / "e" / entity => {
val uri = uri"http://www.wikidata.org/entity/" / ("Q" + entity)
val req: Request[F] = Request(uri = uri)
clientResource.use { c => {
val req: Request[F] = Request(Method.GET, uri)
def cb(resp: Response[F]): F[Response[F]] = Ok(resp.bodyAsText)
val redirectClient = Logger(true,true,_ => false)(FollowRedirect[F](10, _ => true)(c))
redirectClient.fetch[Response[F]](req)(cb)
}}}}
When I try to access the service with curl as:
curl -v http://localhost:8080/e/33
The response contains the first part of the original content and finnishes with:
transfer closed with outstanding read data remaining
* Closing connection 0
Looking at the logs, they content the following line:
ERROR o.h.s.blaze.Http1ServerStage$$anon$1 - Error writing body
org.http4s.InvalidBodyException: Received premature EOF.
which suggests that there was an error receiving a premature EOF.
I found a possible answer in this issue: but the answers suggest to use deprecated methods like tohttpService.
I think I would need to rewrite the code using a streams, but I am not sure what's the more idiomatic way to do it. Some suggestions?
I received some help in the http4s gitter channel to use the toHttpApp method instead of the fetch method.
I was also suggested also to pass the client as a parameter.
The resulting code is:
case GET -> Root / "s" / entity => {
val uri = uri"http://www.wikidata.org/entity/" / ("Q" + entity)
val req: Request[F] = Request(Method.GET, uri)
val redirectClient = Logger(true,true,_ => false)(FollowRedirect[F](10, _ => true)(client))
redirectClient.toHttpApp.run(req)
}
and now it works as expected.
The toHttpApp method is intended for use in proxy servers.
Is there a windows command to list the process IDs and Names of application holding a specific URL registration?
I am after the applications that has made registrations under the following URL namespace.
http://localhost:55987/
I am aware that URL Reservations can be listed using
netsh http show urlacl
The reservation states that
Reserved URL : http://localhost:55987/
User: \Everyone
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;WD)
But how do I find the registrations made under the reserved URL namespace?
You can find the processId for the registered urls using the following command:
netsh http show servicestate view=requestq verbose=no
It's going to return a table like the following:
Request queue name: Request queue is unnamed.
Version: 2.0
State: Active
Request queue 503 verbosity level: Basic
Max requests: 1000
Number of active processes attached: 1
Process IDs:
3604
URL groups:
URL group ID: F100000040000003
State: Active
Request queue name: Request queue is unnamed.
Number of registered URLs: 1
Registered URLs:
HTTP://+:8022/
Server session ID: F200000020000007
Version: 2.0
State: Active
Request queue name: Request queue is unnamed.
Version: 2.0
State: Active
Request queue 503 verbosity level: Basic
Max requests: 1000
Number of active processes attached: 1
Process IDs:
3604
URL groups:
URL group ID: D400000040001E9C
State: Active
Request queue name: Request queue is unnamed.
Number of registered URLs: 1
Registered URLs:
HTTP://+:3799/API
Server session ID: D6000000200013C1
Version: 2.0
State: Active
I`ve also made a powershell function who parses this output to return an object list.
Result sample:
ProcessId ControllerProcessId RegisteredUrl
--------- ------------------- -------------
1860 HTTP://+:8022/
1020 HTTPS://+:5986/WSMAN/
function Parse-HttpSysReqQueue() {
[string[]]$rawHttpSysQueue = netsh http show servicestate view=requestq verbose=no
$urls = #()
$output = #()
$recordIsOpen = $false
$index = 0
$rawHttpSysQueue | ForEach-Object {
$line = $_
# Whether is the begining of a new request queue record.
$newRecordToken = "Request queue name"
if ($line.StartsWith($newRecordToken)) {
$recordIsOpen = $true
$index++; return
}
# We are iterating through a request-queue record.
if ($recordIsOpen) {
# Obtain Process ID
if ($line.Contains("Process IDs:")) {
$rawPid = $rawHttpSysQueue[$index+1]
if($rawPid.Trim() -match '^\d+$'){
$processId = $rawPid.Trim()
} else {
$processId = $null
}
$index++; return
}
# Obtain Controller Process ID (generally IIS)
if ($line.Contains("Controller process ID:")) {
$controllerProcessId = $line.Split(":")[1].Trim()
$index++; return
}
# Read all registered urls from current record.
if ($line.Contains("Registered URLs:")) {
$urlLineIndex = $index+1
while ($rawHttpSysQueue[$urlLineIndex].Trim().StartsWith("HTTP://") -or $rawHttpSysQueue[$urlLineIndex].Trim().StartsWith("HTTPS://")) {
$urls += $rawHttpSysQueue[$urlLineIndex].Trim()
$urlLineIndex++
}
# Add record to output list.
$urls | ForEach-Object {
$output += New-Object PSObject -Property #{
ProcessId = $processId
RegisteredUrl = $_
ControllerProcessId = $controllerProcessId
}
}
# Already read all the urls from this request-queue, consider the record closed.
$processId = $null
$controllerProcessId = $null
$urls = #()
$recordIsOpen = $false
}
}
$index++
}
return $output
}