diff -Nru net-dns-fingerprint-0.9.3/apps/fpdns net-dns-fingerprint-20130404/apps/fpdns --- net-dns-fingerprint-0.9.3/apps/fpdns 2005-03-04 14:17:28.000000000 +0000 +++ net-dns-fingerprint-20130404/apps/fpdns 2012-10-19 08:54:24.000000000 +0000 @@ -1,14 +1,12 @@ #!/usr/bin/perl # -# $Id: fpdns,v 1.107 2005/03/04 14:17:28 jakob Exp $ -# # Copyright (c) 2003,2004,2005 Roy Arends & Jakob Schlyter. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: -# +# # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright @@ -16,7 +14,7 @@ # documentation and/or other materials provided with the distribution. # 3. The name of the authors may not be used to endorse or promote products # derived from this software without specific prior written permission. -# +# # THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. @@ -28,149 +26,154 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -require 5.6.0; - use strict; use warnings; -use Net::DNS 0.42; +use Net::DNS; use Net::DNS::Fingerprint; use Getopt::Std; use vars qw/ %opt /; use POSIX ":sys_wait_h"; - my $progname = "fpdns"; -my $version = Net::DNS::Fingerprint->version(); +my $version = Net::DNS::Fingerprint->version(); + +my $IPv4RE = qr/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/; +my $IPv6RE = qr/^(((?=(?>.*?::)(?!.*::)))(::)?([0-9A-F]{1,4}::?){0,5}|([0-9A-F]{1,4}:){6})(\2([0-9A-F]{1,4}(::?|$)){0,2}|((25[0-5]|(2[0-4]|1[0-9]|[1-9])?[0-9])(\.|$)){4}|[0-9A-F]{1,4}:[0-9A-F]{1,4})(?= 0) { - usage(); + usage(); exit(1); } my $engine = Net::DNS::Fingerprint->new( - source => $opt{Q}, - debug => $opt{d}, - timeout => $opt{t}, - retry => $opt{r}, - forcetcp => $opt{T}, - qversion => $opt{v}, - qchaos => $opt{f}, + source => $opt{Q}, + debug => $opt{d}, + timeout => $opt{t}, + retry => $opt{r}, + forcetcp => $opt{T}, + qversion => $opt{v}, + qchaos => $opt{f}, + separator => $opt{S}, ); if ($ARGV[0] eq "-") { - while() { - my $pid = fork; - if ((not defined $pid) and not ($! =~ /Resource temporarily unavailable/)) { - die "Can't fork: $!\n"; - } elsif ($pid == 0) { - chomp; - fingerprint($engine, $_); - exit(0); - } else { - $concurrent++; - $children{$pid} = 1; - while ($concurrent >= $opt{F}) { - my $child = waitpid -1, 0; - $concurrent--; - delete($children{$child}); - } - } - } - while ($concurrent) { - my $child = waitpid -1, 0; - $concurrent--; - delete($children{$child}); - } + while () { + my $pid = fork; + if ((not defined $pid) + and not($! =~ /Resource temporarily unavailable/)) + { + die "Can't fork: $!\n"; + } elsif ($pid == 0) { + chomp; + fingerprint($engine, $_); + exit(0); + } else { + $concurrent++; + $children{$pid} = 1; + while ($concurrent >= $opt{F}) { + my $child = waitpid -1, 0; + $concurrent--; + delete($children{$child}); + } + } + } + while ($concurrent) { + my $child = waitpid -1, 0; + $concurrent--; + delete($children{$child}); + } } else { - while($#ARGV + 1) { + while ($#ARGV + 1) { fingerprint($engine, shift @ARGV); } } } -sub fingerprint -{ - my $engine = shift; - my $server = shift; - +sub fingerprint { + my ($engine, $server) = @_; my @addresses = dnslookup($server); - if ($#addresses >= 0) { - foreach my $a (@addresses) { - my $fp = $engine->string($a, $opt{p}); - if ($opt{s}) { - printf("%-15s %s\n", $a, $fp); - } else { - print "fingerprint ($server, $a): $fp\n"; - } - } + for my $a (@addresses) { + my $fp = $engine->string($a, $opt{p}); + $opt{s} && (printf("%-15s %s\n", $a, $fp)) + || print "fingerprint ($server, $a): $fp\n"; + } } else { - print STDERR "host not found ($server)"; + print STDERR "host not found ($server)\n"; } } -sub dnslookup -{ - my $arg = shift; +sub dnslookup { + my $arg = shift; my @addresses = (); - return $arg if ($arg =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/); + return $arg if ($arg =~ $IPv4RE); + return $arg if ($arg =~ $IPv6RE); - my $resolver = Net::DNS::Resolver->new; - $resolver->srcaddr($opt{Q}); - $resolver->usevc(1) if defined ($opt{T}); + my $resolver = Net::DNS::Resolver->new(usevc => $opt{T}); + $resolver->srcaddr($opt{Q}) if $opt{Q}; if ($opt{D}) { - my $query = $resolver->send($arg, "NS"); - if ($query) { - foreach my $rr ($query->answer) { - my $query_address = $resolver->send($rr->rdatastr, "A") if $rr->type eq "NS"; - if ($query_address) { - foreach my $address_rr ($query_address->answer) { - push @addresses, $address_rr->address if $address_rr->type eq "A"; + my $query = $resolver->send($arg, "NS"); + if ($query) { + for my $rr ($query->answer) { + next unless $rr->type eq "NS"; + my $query_address = $resolver->send($rr->rdatastr, "A"); + if ($query_address) { + for my $address_rr ($query_address->answer) { + push @addresses, $address_rr->address + if $address_rr->type eq "A"; + } + } + $query_address = $resolver->send($rr->rdatastr, "AAAA"); + if ($query_address) { + for my $address_rr ($query_address->answer) { + push @addresses, $address_rr->address + if $address_rr->type eq "AAAA"; + } } - } - } - } - } else { - my $query = $resolver->send($arg, "A"); - if ($query) { - foreach my $rr ($query->answer) { - push @addresses, $rr->address if $rr->type eq "A"; - } - } + } + } + } else { + my $query = $resolver->send($arg, "A"); + if ($query) { + for my $rr ($query->answer) { + push @addresses, $rr->address if $rr->type eq "A"; + } + } + $query = $resolver->send($arg, "AAAA"); + if ($query) { + for my $rr ($query->answer) { + push @addresses, $rr->address if $rr->type eq "AAAA"; + } + } } return @addresses; } -sub usage -{ +sub usage { print STDERR < S<[ B<-c> ]> S<[ B<-d> ]> S<[ B<-f> ]> S<[ B<-F> I ]> +B S<[ B<-d> ]> S<[ B<-f> ]> S<[ B<-F> I ]> S<[ B<-p> I ]> S<[ B<-Q> I ]> S<[ B<-r> I ]> - S<[ B<-s> ]> S<[ B<-t> I ]> S<[ B<-v> ]> [I] + S<[ B<-s> ]> S<[ B<-S> I ]> S<[ B<-t> I ]> S<[ B<-v> ]> [I] =head1 DESCRIPTION @@ -218,10 +221,6 @@ =over 5 -=item B<-c> - -Where appropriate check CH TXT version. Off by default. - =item B<-d> Enable debugging. Off by default. @@ -254,6 +253,10 @@ Short display form. Useful for surveys. +=item B<-S> + +Separator. Defaults to " ". + =item B<-t> I Set the query timeout in seconds. Defaults to 5. diff -Nru net-dns-fingerprint-0.9.3/debian/changelog net-dns-fingerprint-20130404/debian/changelog --- net-dns-fingerprint-0.9.3/debian/changelog 2013-05-15 18:44:56.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/changelog 2014-09-22 18:02:10.000000000 +0000 @@ -1,3 +1,14 @@ +net-dns-fingerprint (20130404-1) unstable; urgency=low + + * new upstream release (Closes: #752401) + * build with current libnet-dns-perl (Closes: #758607) + * debian/copyright: changed to DEP-5 + * debian/watch: sources moved to github + * add debian/README.source + * debian/control: bump standards 3.9.6 (no change required) + + -- Thorsten Alteholz Mon, 22 Sep 2014 19:00:00 +0200 + net-dns-fingerprint (0.9.3-5) unstable; urgency=low * debian/patches/05-Fingerprint.pm-680077.patch: Closes: #680077 diff -Nru net-dns-fingerprint-0.9.3/debian/control net-dns-fingerprint-20130404/debian/control --- net-dns-fingerprint-0.9.3/debian/control 2012-03-10 15:08:55.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/control 2014-09-22 17:45:56.000000000 +0000 @@ -3,13 +3,13 @@ Priority: optional Maintainer: Thorsten Alteholz Build-Depends: debhelper (>= 9), perl (>= 5.6.0-16) -Standards-Version: 3.9.3 -Homepage: http://code.google.com/p/fpdns/ +Standards-Version: 3.9.5 +Homepage: https://github.com/kirei/fpdns Package: libnet-dns-fingerprint-perl Section: perl Architecture: all -Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libnet-dns-perl (>=0.42) +Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, libnet-dns-perl (>=0.77) Description: library to determine DNS server vendor, product and version Identifying individual nameserver implementations is based on "borderline" protocol behaviour. The DNS protocol offers a multitude of message bits, diff -Nru net-dns-fingerprint-0.9.3/debian/copyright net-dns-fingerprint-20130404/debian/copyright --- net-dns-fingerprint-0.9.3/debian/copyright 2012-03-10 14:25:46.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/copyright 2014-06-30 07:56:17.000000000 +0000 @@ -1,35 +1,37 @@ -This package was debianized by Anand Kumria on -Fri, 9 Apr 2004 21:09:34 +1000. +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: fpdns +Source: https://github.com/kirei/fpdns +Files-Excluded: utils -It was downloaded from +Files: * +Copyright: 2003,2004,2005 Roy Arends & Jakob Schlyter +License: BSD3 -Upstream Authors: Roy Arends - Jakob Schlyter +Files: debian/* +Copyright: 2004 Anand Kumria + 2009-2014 Thorsten Alteholz +License: BSD3 -Copyright: - -# Copyright (c) 2003,2004,2005 Roy Arends & Jakob Schlyter. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. The name of the authors may not be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +License: BSD3 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the authors may not be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff -Nru net-dns-fingerprint-0.9.3/debian/patches/01-Fingerprint.pm.patch net-dns-fingerprint-20130404/debian/patches/01-Fingerprint.pm.patch --- net-dns-fingerprint-0.9.3/debian/patches/01-Fingerprint.pm.patch 2012-03-10 14:27:35.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/patches/01-Fingerprint.pm.patch 2014-06-30 08:20:26.000000000 +0000 @@ -1,9 +1,11 @@ From: Thorsten Alteholz Subject: Make separator configurable ---- Net-DNS-Fingerprint-0.9.3/Fingerprint.pm 2005-09-05 15:33:36.000000000 +0200 -+++ net-dns-fingerprint-0.9.3/Fingerprint.pm 2009-10-08 22:23:37.000000000 +0200 -@@ -46,6 +46,7 @@ +Index: net-dns-fingerprint/lib/Net/DNS/Fingerprint.pm +=================================================================== +--- net-dns-fingerprint.orig/lib/Net/DNS/Fingerprint.pm 2014-06-30 10:20:14.000000000 +0200 ++++ net-dns-fingerprint/lib/Net/DNS/Fingerprint.pm 2014-06-30 10:20:14.000000000 +0200 +@@ -43,6 +43,7 @@ debug => 0, qversion => 0, qchaos => 0, @@ -11,12 +13,12 @@ ); my $versionlength = 40; -@@ -470,7 +471,7 @@ +@@ -1987,7 +1988,7 @@ - push @s, "($r{state};$r{id})" if($self->{debug}); + push @s, $r{state} if (defined $r{state} && $self->{debug}); - return join(" ", @s); + return join($self->{separator}, @s); } - sub query_version + sub query_version { diff -Nru net-dns-fingerprint-0.9.3/debian/patches/03-apps-fpdns-548307.patch net-dns-fingerprint-20130404/debian/patches/03-apps-fpdns-548307.patch --- net-dns-fingerprint-0.9.3/debian/patches/03-apps-fpdns-548307.patch 2012-03-10 14:27:35.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/patches/03-apps-fpdns-548307.patch 2014-07-06 09:16:52.000000000 +0000 @@ -6,14 +6,16 @@ apps/fpdns | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/apps/fpdns -+++ b/apps/fpdns -@@ -76,7 +76,7 @@ - timeout => $opt{t}, - retry => $opt{r}, - forcetcp => $opt{T}, -- qversion => $opt{v}, -+ qversion => $opt{c}, - qchaos => $opt{f}, - separator=> $opt{S}, +Index: net-dns-fingerprint/apps/fpdns +=================================================================== +--- net-dns-fingerprint.orig/apps/fpdns 2014-07-06 11:12:39.000000000 +0200 ++++ net-dns-fingerprint/apps/fpdns 2014-07-06 11:16:38.000000000 +0200 +@@ -70,7 +70,7 @@ + timeout => $opt{t}, + retry => $opt{r}, + forcetcp => $opt{T}, +- qversion => $opt{v}, ++ qversion => $opt{c}, + qchaos => $opt{f}, + separator => $opt{S}, ); diff -Nru net-dns-fingerprint-0.9.3/debian/patches/04-Fingerprint.pm-282096.patch net-dns-fingerprint-20130404/debian/patches/04-Fingerprint.pm-282096.patch --- net-dns-fingerprint-0.9.3/debian/patches/04-Fingerprint.pm-282096.patch 2013-05-15 18:34:46.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/patches/04-Fingerprint.pm-282096.patch 2014-06-30 08:42:21.000000000 +0000 @@ -1,8 +1,8 @@ From: Thorsten Alteholz Subject: ISC BIND has newer version results for NLnetLabs are not reliable ---- net-dns-fingerprint-0.9.3/Fingerprint.pm.org 2009-10-27 20:58:14.000000000 +0100 -+++ net-dns-fingerprint-0.9.3/Fingerprint.pm 2009-10-27 21:30:22.000000000 +0100 +--- net-dns-fingerprint-0.9.3/lib/Net/DNS/Fingerprint.pm.org 2009-10-27 20:58:14.000000000 +0100 ++++ net-dns-fingerprint-0.9.3/lib/Net/DNS/Fingerprint.pm 2009-10-27 21:30:22.000000000 +0100 @@ -197,27 +197,27 @@ }, diff -Nru net-dns-fingerprint-0.9.3/debian/patches/05-Fingerprint.pm-680077.patch net-dns-fingerprint-20130404/debian/patches/05-Fingerprint.pm-680077.patch --- net-dns-fingerprint-0.9.3/debian/patches/05-Fingerprint.pm-680077.patch 2013-05-15 19:09:42.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/patches/05-Fingerprint.pm-680077.patch 2014-06-30 08:43:46.000000000 +0000 @@ -2,8 +2,8 @@ Author: mainly: Duane Wessels dwessels at verisign.com Index: net-dns-fingerprint/Fingerprint.pm =================================================================== ---- net-dns-fingerprint.orig/Fingerprint.pm 2013-05-15 20:37:16.000000000 +0200 -+++ net-dns-fingerprint/Fingerprint.pm 2013-05-15 21:04:28.000000000 +0200 +--- net-dns-fingerprint.orig/lib/Net/DNS/Fingerprint.pm 2013-05-15 20:37:16.000000000 +0200 ++++ net-dns-fingerprint/lib/Net/DNS/Fingerprint.pm 2013-05-15 21:04:28.000000000 +0200 @@ -632,11 +632,11 @@ return join(",", @list); } diff -Nru net-dns-fingerprint-0.9.3/debian/patches/06-Fingerprint.pm-cheryy-pick.patch net-dns-fingerprint-20130404/debian/patches/06-Fingerprint.pm-cheryy-pick.patch --- net-dns-fingerprint-0.9.3/debian/patches/06-Fingerprint.pm-cheryy-pick.patch 1970-01-01 00:00:00.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/patches/06-Fingerprint.pm-cheryy-pick.patch 2014-07-06 10:58:09.000000000 +0000 @@ -0,0 +1,27 @@ +commit ca0391377ad7150e61ff300cb5195c97a154233b +Author: Jakob Schlyter +Date: Wed Aug 28 10:24:11 2013 +0200 + + do not set header counters unless changed + +diff --git a/lib/Net/DNS/Fingerprint.pm b/lib/Net/DNS/Fingerprint.pm +index d4a2e5a..e096d42 100644 +--- a/lib/Net/DNS/Fingerprint.pm ++++ b/lib/Net/DNS/Fingerprint.pm +@@ -2171,10 +2171,12 @@ sub fp2header { + $header->ad(shift @list); + $header->cd(shift @list); + $header->rcode(shift @list); +- $header->qdcount(shift @list); +- $header->ancount(shift @list); +- $header->nscount(shift @list); +- $header->arcount(shift @list); ++ ++ my ($qdcount, $ancount, $nscount, $arcount) = @list; ++ $header->qdcount($qdcount) unless $qdcount == $header->qdcount; ++ $header->qdcount($ancount) unless $ancount == $header->ancount; ++ $header->qdcount($nscount) unless $nscount == $header->nscount; ++ $header->qdcount($arcount) unless $arcount == $header->arcount; + } + + sub probe { diff -Nru net-dns-fingerprint-0.9.3/debian/patches/series net-dns-fingerprint-20130404/debian/patches/series --- net-dns-fingerprint-0.9.3/debian/patches/series 2013-05-15 18:37:34.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/patches/series 2014-07-06 10:58:19.000000000 +0000 @@ -1,5 +1,6 @@ 01-Fingerprint.pm.patch -02-apps-fpdns.patch -03-apps-fpdns-548307.patch -04-Fingerprint.pm-282096.patch -05-Fingerprint.pm-680077.patch +#applied upstream: 02-apps-fpdns.patch +#applied upstream: option -c no longer available: 03-apps-fpdns-548307.patch +#applied upstream: new format of ruleset: 04-Fingerprint.pm-282096.patch +#applied upstream: 05-Fingerprint.pm-680077.patch +06-Fingerprint.pm-cheryy-pick.patch diff -Nru net-dns-fingerprint-0.9.3/debian/README.source net-dns-fingerprint-20130404/debian/README.source --- net-dns-fingerprint-0.9.3/debian/README.source 1970-01-01 00:00:00.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/README.source 2014-06-30 07:56:09.000000000 +0000 @@ -0,0 +1,5 @@ +As we do not want to build the rails_implementation or other utils, +these files are excluded via debian/copyright. + + -- Thorsten Alteholz Sun, 29 Jun 2014 19:00:00 +0200 + diff -Nru net-dns-fingerprint-0.9.3/debian/watch net-dns-fingerprint-20130404/debian/watch --- net-dns-fingerprint-0.9.3/debian/watch 2012-03-10 14:25:46.000000000 +0000 +++ net-dns-fingerprint-20130404/debian/watch 2014-06-29 17:32:53.000000000 +0000 @@ -1,4 +1,15 @@ +#version=3 +# +#http://code.google.com/p/fpdns/downloads/list \ +# http://fpdns.googlecode.com/files/Net-DNS-Fingerprint-(.*).tar.gz +# +#version=3 +#opts=uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)[\-\.]?\d*)$/$1~$2/,\ +#downloadurlmangle=s%.*/([^/]*)/downloads/detail\?name=([^=&]*).*%http://$1.googlecode.com/files/$2%,filenamemangle=s/.*name=([^&]+).*/$1/ \ +#http://code.google.com/p/fpdns/downloads/list?can=1 .*=Net-DNS-Fingerprint-(\d.*)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz)|zip).* +## Bart Martens Sat, 19 Jan 2013 13:20:44 +0000 +# +# project moved to github version=3 - -http://code.google.com/p/fpdns/downloads/list \ - http://fpdns.googlecode.com/files/Net-DNS-Fingerprint-(.*).tar.gz +opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/net-dns-fingerprint-$1\.tar\.gz/ \ + https://github.com/kirei/fpdns/tags .*/v?(\d\S*)\.tar\.gz diff -Nru net-dns-fingerprint-0.9.3/Fingerprint.pm net-dns-fingerprint-20130404/Fingerprint.pm --- net-dns-fingerprint-0.9.3/Fingerprint.pm 2005-09-05 13:33:36.000000000 +0000 +++ net-dns-fingerprint-20130404/Fingerprint.pm 1970-01-01 00:00:00.000000000 +0000 @@ -1,701 +0,0 @@ -#!/usr/bin/perl -# -# $Id: Fingerprint.pm,v 1.17 2005/09/05 13:33:36 jakob Exp $ -# -# Copyright (c) 2003,2004,2005 Roy Arends & Jakob Schlyter. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. The name of the authors may not be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -require 5.6.0; - -package Net::DNS::Fingerprint; - -use strict; -use warnings; -use Net::DNS 0.42; - -our $VERSION = "0.9.3"; - -my %default = ( - source => undef, - timeout => 5, - retry => 1, - forcetcp => 0, - debug => 0, - qversion => 0, - qchaos => 0, -); - -my $versionlength = 40; - -my @qy = ("0,IQUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", - "0,NS_NOTIFY_OP,0,0,0,0,0,0,NOERROR,0,0,0,0", - "0,QUERY,0,0,0,0,0,0,NOERROR,0,0,0,0", - "0,IQUERY,0,0,0,0,1,1,NOERROR,0,0,0,0", - "0,QUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0", - "0,IQUERY,1,0,1,1,1,1,NOERROR,0,0,0,0", - "0,UPDATE,0,0,0,1,0,0,NOERROR,0,0,0,0", - "0,QUERY,1,1,1,1,1,1,NOERROR,0,0,0,0", - "0,QUERY,0,0,0,0,0,1,NOERROR,0,0,0,0", - ); - -my %initrule = (header => $qy[0], query => ". IN A", ); -my @iq = ("1,IQUERY,0,0,1,0,0,0,FORMERR,0,0,0,0", # iq0 - "1,IQUERY,0,0,1,0,0,0,FORMERR,1,0,0,0", # iq1 - "1,IQUERY,0,0,1,0,0,0,NOTIMP,0,0,0,0", # iq2 - "1,IQUERY,0,0,1,0,0,0,NOTIMP,1,0,0,0", # iq3 - "1,IQUERY,0,0,1,1,0,0,FORMERR,0,0,0,0", # iq4 - "1,IQUERY,0,0,1,1,0,0,NOTIMP,0,0,0,0", # iq5 - "1,IQUERY,0,0,1,1,0,0,NOTIMP,1,0,0,0", # iq6 - "1,IQUERY,1,0,1,0,0,0,NOTIMP,1,0,0,0", # iq7 - "1,QUERY,1,0,1,0,0,0,NOTIMP,1,0,0,0", - "1,QUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0", - "1,IQUERY,0,0,1,1,0,0,FORMERR,1,0,0,0", # iq10 - "1,NS_NOTIFY_OP,0,0,0,0,0,0,FORMERR,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,0,0,0,NOTIMP,0,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,0,0,0,NOTIMP,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,0,0,0,NXDOMAIN,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,0,0,0,REFUSED,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,0,0,0,SERVFAIL,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,1,0,0,FORMERR,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,1,0,0,NOTIMP,0,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,1,0,0,NOTIMP,1,0,0,0", - "1,NS_NOTIFY_OP,0,0,0,1,0,0,REFUSED,1,0,0,0", # iq20 - "1,NS_NOTIFY_OP,0,0,0,1,0,0,SERVFAIL,1,0,0,0", - "1,NS_NOTIFY_OP,1,0,0,0,0,0,NOTIMP,1,0,0,0", - "1,QUERY,1,0,0,0,0,0,NOTIMP,1,0,0,0", - "1,NS_NOTIFY_OP,1,0,0,0,0,0,SERVFAIL,1,0,0,0", - "1,IQUERY,0,0,0,0,1,1,NOTIMP,0,0,0,0", - "1,IQUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0", - "1,IQUERY,0,0,1,1,1,1,FORMERR,0,0,0,0", - "1,IQUERY,1,0,1,1,1,1,FORMERR,0,0,0,0", - "1,QUERY,.,0,1,.,.,.,NOTIMP,.+,.+,.+,.+", - "1,QUERY,.,0,1,.,.,.,.+,.+,.+,.+,.+", #iq30 - "1,QUERY,0,0,.,.,0,0,NXDOMAIN,1,0,0,0", - "1,QUERY,0,0,.,.,0,0,FORMERR,1,0,0,0", - "1,UPDATE,0,0,0,0,0,0,NOTIMP,0,0,0,0", - "1,UPDATE,0,0,0,1,0,0,NOTIMP,0,0,0,0", - "1,QUERY,0,0,1,0,0,0,NOERROR,1,0,0,0", - "1,QUERY,1,1,1,1,1,1,NOTIMP,1,0,0,0", - "1,QUERY,0,0,0,0,0,0,NOERROR,1,0,.+,0", - "1,QUERY,0,0,1,0,0,0,FORMERR,1,0,0,0", - "1,IQUERY,0,0,1,0,1,1,NOTIMP,1,0,0,0", - "1,IQUERY,0,0,0,1,1,1,REFUSED,1,0,0,0", #iq40 - "1,UPDATE,0,0,0,1,0,0,REFUSED,1,0,0,0", - "1,IQUERY,0,0,0,1,1,1,FORMERR,0,0,0,0", - "1,IQUERY,0,0,0,1,0,0,NOTIMP,0,0,0,0", - "1,QUERY,1,0,1,0,0,0,FORMERR,1,0,0,0", - "1,UPDATE,0,0,0,0,0,0,FORMERR,1,0,0,0", - "1,UPDATE,0,0,0,0,0,0,FORMERR,0,0,0,0", - "1,QUERY,0,0,1,0,0,0,FORMERR,0,0,0,0", - "1,QUERY,0,0,1,0,0,0,SERVFAIL,1,0,0,0", #iq48 - "1,QUERY,1,0,1,0,0,0,NXDOMAIN,1,0,1,0", - "1,QUERY,0,0,1,0,0,0,REFUSED,1,0,0,0", #iq50 - "1,QUERY,0,0,1,0,0,0,NOERROR,1,1,0,0", - "1,IQUERY,0,0,1,0,0,0,REFUSED,0,0,0,0", - "1,QUERY,0,0,0,0,0,0,FORMERR,0,0,0,0", - "1,QUERY,0,0,1,1,1,0,NOERROR,1,0,1,0", - "1,QUERY,0,0,1,1,0,0,NOERROR,1,0,1,0", - "1,QUERY,0,0,1,0,1,0,NOERROR,.+,.+,.+,.+", - "1,QUERY,0,0,1,0,0,0,.+,.+,.+,.+,.+", - "1,QUERY,1,0,1,0,0,0,NOERROR,1,1,0,0", - "1,QUERY,0,0,1,1,0,0,SERVFAIL,1,0,0,0", - "1,QUERY,1,0,1,1,0,0,NOERROR,1,1,0,0", #iq60 - "1,QUERY,0,0,1,1,0,0,REFUSED,1,0,0,0", - "1,QUERY,0,0,0,0,0,0,NOTIMP,1,0,0,0", - "1,QUERY,1,0,1,1,0,0,NOERROR,1,0,1,0", - "1,IQUERY,0,0,1,1,1,1,NOTIMP,0,0,0,0", - "1,UPDATE,0,0,0,0,0,0,REFUSED,0,0,0,0", - "1,IQUERY,0,0,0,1,1,1,NOTIMP,1,0,0,0", - "1,IQUERY,0,0,0,1,0,0,NOTIMP,1,0,0,0", - "1,QUERY,0,1,1,1,1,1,NOERROR,1,0,.,0", - "1,QUERY,0,1,1,1,0,1,NOERROR,1,0,.,0", - "1,IQUERY,0,0,1,0,0,0,REFUSED,1,0,0,0", #iq70 - "1,IQUERY,1,0,1,1,1,1,NOTIMP,1,0,0,0", - "1,IQUERY,0,0,1,0,0,0,NOERROR,1,0,0,0", - "1,QUERY,1,0,1,1,0,0,NOERROR,1,0,0,0", - "1,IQUERY,1,0,1,1,0,0,NXDOMAIN,1,0,0,0", - "1,UPDATE,0,0,0,1,0,0,FORMERR,0,0,0,0", - "1,IQUERY,1,0,1,0,0,0,NXDOMAIN,1,0,0,0", - "1,QUERY,0,0,1,1,0,0,FORMERR,1,0,0,0", - "1,QUERY,0,0,0,1,0,0,SERVFAIL,1,0,0,0", - "1,QUERY,0,0,1,1,0,0,NOERROR,1,1,0,0", - "1,IQUERY,1,0,1,0,0,0,NOERROR,1,0,0,0", #iq80 - "1,IQUERY,1,0,1,1,0,0,NOTIMP,1,0,0,0", - "1,QUERY,0,0,1,1,0,0,NOERROR,1,0,0,0", - "1,QUERY,1,0,1,1,0,0,NOERROR,1,1,1,.+", - "1,QUERY,0,0,1,1,0,0,REFUSED,0,0,0,0", - "1,UPDATE,0,0,0,1,0,0,NOTIMP,1,0,0,0", - "1,QUERY,1,0,0,1,0,0,NXDOMAIN,1,0,0,0", - "1,QUERY,0,0,0,1,0,0,NOTIMP,0,0,0,0", - "1,QUERY,0,0,0,0,0,0,REFUSED,1,0,0,0", - "1,QUERY,1,0,1,1,0,0,NXDOMAIN,1,0,0,0", - "1,QUERY,1,0,0,0,0,0,NOERROR,1,1,0,0", #iq90 - "1,IQUERY,1,0,1,1,0,1,NOTIMP,1,0,0,0", - "1,QUERY,0,0,0,1,0,0,NOTIMP,1,0,0,0", - "1,QUERY,0,0,1,0,0,1,SERVFAIL,1,0,0,0", -); - -my @ruleset = ( - { fingerprint => "query timed out" , header => $qy[0], query => "com. IN A", ruleset => [ - { fingerprint => "query timed out", header => $qy[7], query => ". CH A", ruleset => [ - { fingerprint => "query timed out", header => $qy[6], query => ". IN A", ruleset => [ - { fingerprint => $iq[38], result => { vendor => "Digital Lumber", product => "Oak DNS", version =>"" }, qv => "version.oak",}, - { fingerprint => "query timed out", result => "TIMEOUT",}, - { fingerprint => ".+", state => "q0tq0tq7tq6r?", }, ] - }, - { fingerprint => $iq[35], result => { vendor => "XBILL", product => "jnamed (dnsjava)", version => "" }, }, - { fingerprint => $iq[36], result => { vendor => "menandmice", product => "QuickDNS", version => ""}, }, - { fingerprint => $iq[37], result => { vendor => "unknown", product => "NonSequitur DNS", version => ""}, }, - { fingerprint => ".+", state => "q0tq0tq7r?", }, ] - }, - { fingerprint => $iq[35], result => { vendor => "eNom", product => "eNom DNS", version =>""}, }, - { fingerprint => ".+", state => "q0tq0r?", },] - }, - - { fingerprint => $iq[0], header => $qy[1], query=> "jjjjjjjjjjjj IN A", ruleset => [ - { fingerprint => $iq[12], result => { vendor => "ISC", product => "BIND", version => "8.4.1-p1" }, qv => "version.bind",}, - { fingerprint => $iq[13], result => { vendor => "ISC", product => "BIND", version => "8 plus root server modifications"}, qv => "version.bind",}, - { fingerprint => $iq[15], result => { vendor => "Cisco", product => "CNR", version => ""}, }, - { fingerprint => $iq[16], header => $qy[2], query => "hostname.bind CH TXT", ruleset => [ - { fingerprint => $iq[58], result => { vendor => "ISC", product => "BIND", version => "8.3.0-RC1 -- 8.4.4"}, qv => "version.bind",}, - { fingerprint => $iq[50], result => { vendor => "ISC", product => "BIND", version => "8.3.0-RC1 -- 8.4.4"}, qv => "version.bind",}, - { fingerprint => $iq[48], result => { vendor => "ISC", product => "BIND", version => "8.2.2-P3 -- 8.3.0-T2A"}, qv => "version.bind",}, - { fingerprint => ".+", state => "q0r0q1r16q2r?", },] - }, - { fingerprint => ".+", state => "q0r0q1r?", },] - }, - - { fingerprint => $iq[1], header => $qy[2], query => ". IN IXFR", ruleset => [ - { fingerprint => $iq[31], result => { vendor => "Microsoft", product => "Windows DNS", version => "2000" }, }, - { fingerprint => $iq[32], result => { vendor => "Microsoft", product => "Windows DNS", version => "NT4" }, }, - { fingerprint => $iq[50], result => { vendor => "Microsoft", product => "Windows DNS", version => "2003"}, }, - { fingerprint => ".+", state => "q0r1q2r?", }, ] - }, - - { fingerprint => $iq[2], header => $qy[1], ruleset => [ - { fingerprint => $iq[11], result => { vendor => "ISC", product => "BIND", version => "9.2.3rc1 -- 9.4.0a0" }, qv => "version.bind",}, - { fingerprint => $iq[12], header => $qy[3], ruleset => [ - { fingerprint => $iq[25], header => $qy[6], ruleset => [ - { fingerprint => $iq[33], result => { vendor => "bboy", product => "MyDNS", version => "" },}, - { fingerprint => $iq[34], header => $qy[2], query => "012345678901234567890123456789012345678901234567890123456789012.012345678901234567890123456789012345678901234567890123456789012.012345678901234567890123456789012345678901234567890123456789012.0123456789012345678901234567890123456789012345678901234567890. IN A", ruleset => [ - { fingerprint => $iq[47], result => { vendor => "NLnetLabs", product => "NSD", version => "1.0.3 -- 1.2.1"}, qv => "version.server", }, - { fingerprint => $iq[48], header => $qy[2], query => "hostname.bind CH TXT", ruleset => [ - { fingerprint => $iq[50], result => { vendor => "NLnetLabs", product => "NSD", version => "1.2.2" }, qv => "version.server", }, - { fingerprint => $iq[51], header => $qy[8], query => ". IN A", ruleset => [ - { fingerprint => $iq[93], result => { vendor => "NLnetLabs", product => "NSD", version => "1.2.3 -- 2.1.2" } , qv => "version.server", }, - { fingerprint => $iq[48], result => { vendor => "NLnetLabs", product => "NSD", version => "2.1.3" }, qv => "version.server", }, - { fingerprint => ".+", state => "q0r2q1r12q3r25q6r34q2r48q2r51q8r?", }, ] - }, - { fingerprint => ".+", state => "q0r2q1r12q3r25q6r34q2r48q2r?", }, ] - }, - { fingerprint => $iq[49], header => $qy[2], query => "hostname.bind CH TXT", ruleset => [ - { fingerprint => $iq[50], result => { vendor => "NLnetLabs", product => "NSD", version => "1.2.2 [root]"} , qv => "version.server", }, - { fingerprint => $iq[51], result => { vendor => "NLnetLabs", product => "NSD", version => "1.2.3 [root]"}, qv => "version.server", }, - { fingerprint => ".+", state => "q0r2q1r12q3r25q6r34q2r49q2r?", }, ] - }, - { fingerprint => $iq[53], result => { vendor => "NLnetLabs", product=>"NSD", version => "1.0.2"}, qv => "version.server", }, - { fingerprint => ".+", state => "q0r2q1r12q3r25q6r34q2a?", },] - }, - { fingerprint => ".+", state => "q0r2q1r12q3r25q6r?", },] - }, - { fingerprint => $iq[26], result => { vendor => "VeriSign", product => "ATLAS", version => ""},}, - { fingerprint => ".+", state => "q0r2q1r12q3r?", },] - }, - { fingerprint => $iq[15], header => $qy[6], ruleset => [ - { fingerprint => $iq[45], result => { vendor => "Nominum", product =>"ANS", version =>""}, qv => "version.bind",}, - { fingerprint => $iq[65], result => { vendor => "ISC", product => "BIND", version => "9.2.3rc1 -- 9.4.0a0" }, qv => "version.bind",}, - { fingerprint => $iq[46], header => $qy[7], ruleset => [ - { fingerprint => $iq[56], result => { vendor => "ISC", product => "BIND", version => "9.0.0b5 -- 9.0.1" }, qv => "version.bind",}, - { fingerprint => $iq[57], result => { vendor => "ISC", product => "BIND", version => "9.1.0 -- 9.1.3" }, qv => "version.bind",}, - { fingerprint => ".+", state => "q0r2q1r15q6r46q7r?", }, ] - }, - { fingerprint => ".+", state => "q0r2q1r15q6r?", },] - }, - { fingerprint => $iq[16], header => $qy[4], ruleset => [ - { fingerprint => $iq[29], result => { vendor => "ISC", product => "BIND", version => "9.2.0a1 -- 9.2.0rc3"}, qv => "version.bind",}, - { fingerprint => $iq[30], header => $qy[0], query => ". A CLASS0" , ruleset => [ - { fingerprint => $iq[2], result => { vendor=>"ISC", product => "BIND", version =>"9.2.0rc7 -- 9.2.2-P3"}, qv => "version.bind", }, - { fingerprint => $iq[0], result => { vendor=>"ISC", product => "BIND", version =>"9.2.0rc4 -- 9.2.0rc6"}, qv => "version.bind", }, - { fingerprint => ".+", result => { vendor => "ISC", product => "BIND", version =>"9.2.0rc4 -- 9.2.2-P3"}, qv => "version.bind", }, ] - }, - { fingerprint => ".+", state => "q0r2q1r16q4r?", },] - }, - { fingerprint => ".+", state => "q0r2q1r?", }, ] - }, - - { fingerprint => $iq[3], header => $qy[1], ruleset => [ - { fingerprint => "query timed out", header => $qy[5], ruleset => [ - { fingerprint => $iq[3], result => { vendor => "sourceforge", product =>"Dents", version =>""}, qv => "version.bind", }, - { fingerprint => $iq[81], result => { vendor => "Microsoft", product => "Windows DNS", version => "2003" },}, - { fingerprint => $iq[91], result => { vendor => "Microsoft", product => "Windows DNS", version => "2003" },}, - { fingerprint => ".+", state => "q0r3q1tq5r?", }, ] - - }, - { fingerprint => $iq[14], result => { vendor => "UltraDNS", product => "", version =>"v2.7.0.2 -- 2.7.3"}, qv => "version.bind", }, - { fingerprint => $iq[13], header => $qy[5], ruleset => [ - { fingerprint => $iq[39], result => { vendor => "pliant", product => "DNS Server", version =>""},}, - { fingerprint => $iq[7], result => { vendor => "JHSOFT", product => "simple DNS plus", version =>""}, }, - { fingerprint => $iq[71], header => $qy[6], ruleset => [ - { fingerprint => $iq[41], result => { vendor =>"Netnumber", product =>"ENUM server", version =>""}, }, - { fingerprint => $iq[85], result => { vendor =>"Raiden", product => "DNSD", version => ""}, }, ] - }, - { fingerprint => ".+", state => "q0r3q1r13q5r?", }, ] - }, - { fingerprint => ".+", state => "q0r3q1r?", }, ] - }, - - { fingerprint => $iq[4], header => $qy[1], query=> "jjjjjjjjjjjj IN A", ruleset => [ - { fingerprint => $iq[17], result => { vendor => "ISC", product => "BIND", version =>"9.0.0b5 -- 9.0.1 [rcursion enabled]"},qv => "version.bind", }, - { fingerprint => $iq[18], header => $qy[5], query=> ". IN A" , ruleset => [ - { fingerprint => $iq[27], result => { vendor => "ISC", product => "BIND", version => "4.9.3 -- 4.9.11"}, qv => "version.bind", }, - { fingerprint => $iq[28], result => { vendor => "ISC", product => "BIND", version => "4.8 -- 4.8.3"}, }, - { fingerprint => ".+", state => "q0r4q1r18q5r?", }, ] - }, - { fingerprint => $iq[19], result => {vendor => "ISC", product =>"BIND", version => "8.2.1 [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => $iq[20], header => $qy[3], query=> ". IN A", ruleset => [ - { fingerprint => $iq[42], result => {vendor => "ISC", product =>"BIND", version =>"8.1-REL -- 8.2.1-T4B [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => ".+", state => "q0r4q1r20q3r?", },] - }, - { fingerprint => $iq[21], header => $qy[2], query => "hostname.bind CH TXT", ruleset => [ - { fingerprint => $iq[60], result => {vendor =>"ISC", product => "BIND", version => "8.3.0-RC1 -- 8.4.4 [recursion enabled]"}, qv => "version.bind",}, - { fingerprint => $iq[59], header => $qy[7], query=> ". IN A", ruleset => [ - { fingerprint => $iq[68], result => {vendor =>"ISC", product => "BIND", version => "8.1-REL -- 8.2.1-T4B [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => $iq[69], result => {vendor =>"ISC", product => "BIND", version => "8.2.2-P3 -- 8.3.0-T2A [recursion enabled]"}, qv => "version.bind",}, - { fingerprint => "connection failed", result => { vendor =>"Runtop", product => "dsl/cable", version =>""},}, - { fingerprint => ".+", state => "q0r4q1r21q2r59q7r?", },] - }, - - { fingerprint => $iq[58], result => {vendor => "ISC", product =>"BIND", version => "8.3.0-RC1 -- 8.4.4 [recursion local]"}, qv => "version.bind",}, - { fingerprint => $iq[50], result => {vendor => "ISC", product =>"BIND", version => "8.3.0-RC1 -- 8.4.4 [recursion local]"}, qv => "version.bind",}, - { fingerprint => $iq[61], result => {vendor => "ISC", product =>"BIND", version => "8.3.0-RC1 -- 8.4.4 [recursion local]"}, qv => "version.bind",}, - { fingerprint => $iq[48], result => {vendor => "ISC", product =>"BIND", version => "8.2.2-P3 -- 8.3.0-T2A [recursion local]"}, qv => "version.bind",}, - { fingerprint => ".+", state => "q0r4q1r21q2r?", },] - }, - { fingerprint => ".+", state => "q0r4q1r?", }, ] - }, - - { fingerprint => $iq[5], header => $qy[1], ruleset => [ - { fingerprint => $iq[11], result => { vendor => "ISC", product => "BIND", version => "9.2.3rc1 -- 9.4.0a0", option => "recursion enabled,split view" }, qv => "version.bind",}, - { fingerprint => $iq[17], result => {vendor => "ISC", product =>"BIND", version => "9.2.3rc1 -- 9.4.0a0 [recursion enabled]"}, qv => "version.bind",}, - { fingerprint => $iq[18], header => $qy[5], ruleset => [ - { fingerprint => $iq[5], header => $qy[7], query => ". IN A", ruleset => [ - { fingerprint => $iq[84], result => {vendor => "Nominum", product =>"CNS", version => ""}, qv => "version.bind",}, - { fingerprint => $iq[59], result => {vendor => "Mikrotik", product =>"dsl/cable", version => ""}, }, - { fingerprint => $iq[82], result => {vendor => "Mikrotik", product =>"dsl/cable", version => ""}, }, - { fingerprint => ".+", state => "q0r5q1r18q5r5q7r?", }, ] - }, - { fingerprint => $iq[64], result => "unknown, smells like old BIND 4", }, - { fingerprint => ".+", state => "q0r5q1r18q5r?", }, ] - }, - { fingerprint => $iq[20], header => $qy[7], ruleset => [ - { fingerprint => $iq[54], result => {vendor => "ISC", product =>"BIND", version => "9.0.0b5 -- 9.0.1 [recursion enabled]"}, qv => "version.bind",}, - { fingerprint => $iq[55], result => {vendor => "ISC", product =>"BIND", version => "9.1.0 -- 9.1.3 [recursion enabled]"}, qv => "version.bind",}, - { fingerprint => $iq[63], result => {vendor => "ISC", product =>"BIND", version => "4.9.3 -- 4.9.11 [recursion enabled]"}, qv => "version.bind",}, - { fingerprint => $iq[61], result => {vendor => "ISC", product =>"BIND", version => "9.0.0b5 -- 9.1.3 [recursion local]"}, qv => "version.bind",}, - { fingerprint => ".+", state => "q0r5q1r20q7r?", }, ] - }, - { fingerprint => $iq[21], header => $qy[4], ruleset => [ - { fingerprint => "query timed out", result => {vendor => "ISC", product =>"BIND", version => "9.2.0a1 -- 9.2.2-P3 [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => $iq[29], result => {vendor => "ISC", product =>"BIND", version => "9.2.0a1 -- 9.2.0rc3 [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => $iq[61], header => $qy[0], query => ". A CLASS0" , ruleset => [ - { fingerprint => $iq[2], result => {vendor => "ISC", product =>"BIND", version => "9.2.0rc7 -- 9.2.2-P3 [recursion local]"}, qv => "version.bind", }, - { fingerprint => $iq[0], result => {vendor => "ISC", product =>"BIND", version => "9.2.0a1 -- 9.2.0rc6 [recursion local]"}, qv => "version.bind", }, - { fingerprint => ".+", result => {vendor => "ISC", product =>"BIND", version => "9.2.0a1 -- 9.2.2-P3 [recursion local]"}, qv => "version.bind", }, ] - }, - { fingerprint => $iq[30], header => $qy[0], query => ". A CLASS0" , ruleset => [ - { fingerprint => $iq[2], result => {vendor => "ISC", product =>"BIND", version => "9.2.0rc7 -- 9.2.2-P3 [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => $iq[0], result => {vendor => "ISC", product =>"BIND", version => "9.2.0rc4 -- 9.2.0rc6 [recursion enabled]"}, qv => "version.bind", }, - { fingerprint => ".+", result => {vendor => "ISC", product =>"BIND", version => "9.2.0rc4 -- 9.2.2-P3 [recursion enabled]"}, qv => "version.bind", }, ] - }, - { fingerprint => ".+", state => "q0r5q1r21q4r?", }, ] - }, - { fingerprint => ".+", state => "q0r5q1r?", }, ] - }, - - { fingerprint => $iq[6], header => $qy[1], ruleset => [ - { fingerprint => $iq[15], result => {vendor => "incognito", product =>"DNS commander", version => "v2.3.1.1 -- 4.0.5.1"}, qv => "version.bind", }, - { fingerprint => $iq[19], header => $qy[3], ruleset => [ - { fingerprint => $iq[66], result => {vendor => "vermicelli", product =>"totd", version => ""}, }, - { fingerprint => $iq[67], result => {vendor => "JHSOFT", product =>"simple DNS plus", version => "[recursion enabled]"}, }, - { fingerprint => ".+", state => "q0r6q1r19q3r?", }, ] - }, - { fingerprint => ".+", state => "q0r6q1r?", }, ] - }, - - { fingerprint => $iq[7], header => $qy[1], ruleset => [ - { fingerprint => $iq[22], result => {vendor => "PowerDNS", product =>"PowerDNS", version => "2.9.4 -- 2.9.11"}, qv => "version.bind", }, - { fingerprint => $iq[24], result => {vendor => "PowerDNS", product =>"PowerDNS", version => "2.8 -- 2.9.3"}, qv => "version.bind", }, - { fingerprint => ".+", state => "q0r7q1r?", }, ] - }, - - { fingerprint => $iq[8], header => $qy[1], ruleset => [ - { fingerprint => $iq[23], header => $qy[2] , query => ". CH A", ruleset => [ - { fingerprint => "query timed out", result => { vendor => "DJ Bernstein", product => "TinyDNS", version => "1.04"} ,}, - { fingerprint => $iq[32], result => {vendor => "DJ Bernstein", product => "TinyDNS", version => "1.05"} ,}, - { fingerprint => ".+", state => "q0r8q1r23q2r?",},] - }, - { fingerprint => ".+", state => "q0r8q1r?", }, ] - }, - - { fingerprint => $iq[9], header => $qy[1], ruleset => [ - { fingerprint => $iq[9], result => { vendor => "Sam Trenholme", product =>"MaraDNS", version => ""}, qv => "erre-con-erre-cigarro.maradns.org"}, - { fingerprint => ".+", state => "q0r9q1r?", }, ] - }, - - { fingerprint => $iq[10], result => { vendor => "Microsoft", product =>"?", version => ""}, }, - { fingerprint => $iq[26], result => { vendor => "Meilof Veeningen", product =>"Posadis", version =>""}, }, - { fingerprint => $iq[43], header => $qy[6], ruleset => [ - { fingerprint => $iq[34], result => { vendor => "Paul Rombouts", product =>"pdnsd", version =>""}, }, - { fingerprint => $iq[75], result => { vendor => "antirez", product =>"Yaku-NS", version =>""}, }, - { fingerprint => ".+", state => "q0r43q6r?", }, ] - }, - - { fingerprint => $iq[44], result => { vendor =>"cpan", product=>"Net::DNS Nameserver", version =>""}, qv => "version.bind", }, - { fingerprint => $iq[52], result => { vendor =>"NLnetLabs", product=>"NSD", version => "1.0 alpha"}, }, - { fingerprint => $iq[55], result => { vendor =>"robtex", product=>"Viking DNS module", version=>""}, }, - { fingerprint => $iq[59], result => { vendor =>"Max Feoktistov", product=>"small HTTP server [recursion enabled]", version =>""}, }, - { fingerprint => $iq[60], result => { vendor =>"Axis", product=>"video server", version =>""}, }, - { fingerprint => $iq[62], header => $qy[7], query => "1.0.0.127.in-addr.arpa. IN PTR", ruleset => [ - { fingerprint => $iq[62], result => { vendor =>"Michael Tokarev", product=>"rbldnsd",version=>""}, qv => "version.bind", }, - { fingerprint => $iq[79], result => { vendor =>"4D", product=>"WebSTAR", version=>""}, }, - { fingerprint => $iq[83], result => { vendor =>"Netopia", product =>"dsl/cable", version => ""},}, - { fingerprint => $iq[90], result => { vendor =>"TZO", product=>"Tzolkin DNS",version=>""}, }, - { fingerprint => "query timed out", result => { vendor =>"Netopia", product =>"dsl/cable", version=>""},}, - { fingerprint => ".+", state => "q0r62q7r?", }, ] - }, - { fingerprint => $iq[70], result => { vendor =>"Yutaka Sato", product=>"DeleGate DNS", version=>""},}, - { fingerprint => $iq[72], result => { vendor =>"", product =>"sheerdns", version=>""}, }, - { fingerprint => $iq[73], result => { vendor =>"Matthew Pratt", product=>"dproxy", version=>""}, }, - { fingerprint => $iq[74], result => { vendor =>"Brad Garcia", product=>"dnrd",version=>""}, }, - { fingerprint => $iq[76], result => { vendor =>"Sourceforge", product=>"JDNSS",version=>""}, }, - { fingerprint => $iq[77], result => { vendor =>"Dan Kaminsky", product=>"nomde DNS tunnel",version=>""}, }, - { fingerprint => $iq[78], result => { vendor =>"Max Feoktistov", product=>"small HTTP server", version =>""}, }, - { fingerprint => $iq[79], result => { vendor =>"robtex", product=>"Viking DNS module", version=>""}, }, - { fingerprint => $iq[80], result => { vendor =>"Fasthosts", product=>"Envisage DNS server", version=>""}, }, - { fingerprint => $iq[81], result => { vendor =>"WinGate", product=>"Wingate DNS", version=>""},}, - { fingerprint => $iq[82], result => { vendor =>"Ascenvision", product=>"SwiftDNS", version=>""},}, - { fingerprint => $iq[86], result => { vendor =>"Nortel Networks", product=>"Instant Internet",version=>""}, }, - { fingerprint => $iq[87], result => { vendor =>"ATOS", product=>"Stargate ADSL", version=>""},}, - { fingerprint => $iq[88], result => { vendor =>"3Com", product=>"Office Connect Remote", version=>""},}, - { fingerprint => $iq[89], result => { vendor =>"Alteon", product=>"ACEswitch", version=>""},}, - { fingerprint => $iq[90], result => { vendor =>"javaprofessionals", product=>"javadns/jdns", version=>""},}, - - { fingerprint => $iq[92], result => { vendor =>"Beehive", product=>"CoDoNS",version=>""}, }, - { fingerprint => ".+", state => "q0r?", }, - -); - -###################################################################### - -sub new -{ - my $proto = shift; - my $class = ref($proto) || $proto; - my $self = {}; - - my %config = @_; - - foreach my $k (keys %default) { - if (defined $config{$k}) { - $self->{$k} = $config{$k}; - } else { - $self->{$k} = $default{$k}; - } - } - - bless $self, $class; - return $self; -} - -sub hash -{ - my $self = shift; - - my $addr = shift; - my $port = shift; - - $port = 53 unless($port); - - return $self->init($addr, $port); -} - -sub string -{ - my $self = shift; - - my $addr = shift; - my $port = shift; - - $port = 53 unless($port); - - my %r = $self->hash($addr, $port); - - my @s = (); - - if (defined $r{error}) { - push @s, $r{error}; - } elsif (defined $r{result}) { - push @s, $r{result}; - } else { - push @s, $r{vendor} if(defined $r{vendor}); - push @s, $r{product} if(defined $r{product}); - push @s, $r{version} if(defined $r{version}); - push @s, "[$r{option}]" if(defined $r{option}); - } - - push @s, $r{vstring} if(defined $r{vstring}); - - push @s, "($r{state};$r{id})" if($self->{debug}); - - return join(" ", @s); -} - -sub query_version -{ - my $self = shift; - - my $qserver = shift; - my $qport = shift; - my $ident = shift; - - my $rrset = " id: "; - my $resolver = Net::DNS::Resolver->new; - - $resolver->nameservers($qserver); - $resolver->port($qport); - $resolver->srcaddr($self->{source}); - $resolver->retry($self->{retry}); - $resolver->retrans($self->{timeout}); - $resolver->usevc($self->{forcetcp}); - my $query = $resolver->query($ident, 'TXT', 'CH'); - - if ($query && $query->header->ancount > 0) { - foreach my $rr ($query->answer) { - ($rrset = $rrset . "\"" . $rr->txtdata . "\" ") if ($rr->type eq "TXT"); - } - $rrset =~ s/\n/\" \"/g; - if (length($rrset) > $versionlength) { - $rrset = substr($rrset,0,$versionlength)."..." - } - return $rrset; - } - - return " id unavailable (".$resolver->errorstring.")"; -} - -sub init -{ - my $self = shift; - - my $qserver = shift; - my $qport = shift; - - return $self->process($qserver, $qport, - $initrule{header}, $initrule{query}, \@ruleset); -} - -sub process -{ - my $self = shift; - - my $qserver = shift; - my $qport = shift; - my $qheader = shift; - my $qstring = shift; - my $ruleref = shift; - my $ver; - my $id; - my %ret; - - if ($self->{debug}) { - print STDERR "==> PROCESS $qserver:$qport $qheader $qstring\n"; - print STDERR "\n"; - } - - my ($answer, $ress) = $self->probe($qserver, $qport, - $qheader, $qstring); - - if ($answer) { - $id = header2fp($answer->header); - } else { - $id = $ress; - } - - print STDERR "==> \"$id\"\n" if ($self->{debug}); - - for my $rule (@$ruleref) { - - $ver = " "; - - # we must have a fingerprint - die "missing fingerprint" unless (defined $rule->{fingerprint}); - - # skip to next rule unless we have a matching fingerprint - next unless ($id =~ /$rule->{fingerprint}/); - - # return if we have a result - if (defined $rule->{result}) { - if (defined $rule->{qv}) { - $ver = $self->query_version($qserver, $qport, - $rule->{qv}) if $self->{qversion}; - } - if ($self->{qchaos}) { - $ver = $self->query_version($qserver, $qport, - "version.bind"); - } - $ret{vstring} = $ver if($ver); - - if (ref($rule->{result})) { - $ret{vendor} = $rule->{result}{vendor}; - $ret{product} = $rule->{result}{product}; - $ret{version} = $rule->{result}{version}; - $ret{option} = $rule->{result}{option}; - } else { - $ret{result} = $rule->{result}; - } - - return %ret; - } - - # print state if no matches - if (defined $rule->{state}) { - $ver = $self->query_version($qserver, $qport, - "hostname.bind") if $self->{qversion}; - $ret{vstring} = $ver if($ver); - - $ret{error} = "No match found"; - $ret{state} = $rule->{state}; - $ret{id} = $id; - - return %ret; - } - - # update query if defined - if (defined $rule->{query}) { - $qstring = $rule->{query}; - } - - # recurse if we have a new header and a new ruleset - if (defined $rule->{header} && defined $rule->{ruleset}) { - return $self->process($qserver, $qport, - $rule->{header}, $qstring, $rule->{ruleset}); - } - - die "syntax error"; - } - - return %ret; -} - -sub header2fp -{ - my $header = shift; - - my @list = ($header->qr, - $header->opcode, - $header->aa, - $header->tc, - $header->rd, - $header->ra, - $header->ad, - $header->cd, - $header->rcode, - $header->qdcount, - $header->ancount, - $header->nscount, - $header->arcount); - - return join(",", @list); -} - -sub fp2header -{ - my @list = split(/,/, shift); - - my $header = Net::DNS::Header->new; - - $header->qr(shift @list); - $header->opcode(shift @list); - $header->aa(shift @list); - $header->tc(shift @list); - $header->rd(shift @list); - $header->ra(shift @list); - $header->ad(shift @list); - $header->cd(shift @list); - $header->rcode(shift @list); - $header->qdcount(shift @list); - $header->ancount(shift @list); - $header->nscount(shift @list); - $header->arcount(shift @list); - - return $header; -} - -sub probe -{ - my $self = shift; - - my $qserver = shift; - my $qport = shift; - my $qheader = shift; - my @qstring = split(/ /, shift); - - my $header = fp2header($qheader); - - my $packet = Net::DNS::Packet->new(\$header->data); - $packet->push("question", Net::DNS::Question->new(@qstring)); - - if ($self->{debug}) { - print STDERR "==> QUERY BEGIN\n"; - print STDERR $packet->print, "\n"; - print STDERR "==> QUERY END\n"; - print STDERR "\n"; - } - - my $resolver = Net::DNS::Resolver->new; - $resolver->nameservers($qserver); - $resolver->port($qport); - $resolver->srcaddr($self->{source}); - $resolver->retry($self->{retry}); - $resolver->retrans($self->{timeout}); - $resolver->usevc($self->{forcetcp}); - my $answer = $resolver->send($packet); - if ($answer && $self->{debug}) { - print STDERR "==> ANSWER BEGIN\n"; - print STDERR $answer->string, "\n"; - print STDERR "==> ANSWER END\n"; - print STDERR "\n"; - } - - return ($answer, $resolver->errorstring); -} - -sub version -{ - return $VERSION; -} - -1; diff -Nru net-dns-fingerprint-0.9.3/lib/Net/DNS/Fingerprint.pm net-dns-fingerprint-20130404/lib/Net/DNS/Fingerprint.pm --- net-dns-fingerprint-0.9.3/lib/Net/DNS/Fingerprint.pm 1970-01-01 00:00:00.000000000 +0000 +++ net-dns-fingerprint-20130404/lib/Net/DNS/Fingerprint.pm 2012-10-19 08:54:24.000000000 +0000 @@ -0,0 +1,2224 @@ +# $Id: Fingerprint.pm,v 1.17 2005/09/05 13:33:36 jakob Exp $ +# +# Copyright (c) 2011 Verisign, Inc. +# Copyright (c) 2003,2004,2005 Roy Arends & Jakob Schlyter. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the authors may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +package Net::DNS::Fingerprint; + +use strict; +use warnings; +use Net::DNS; + +our $VERSION = "0.10.0"; + +my %default = ( + source => undef, + timeout => 5, + retry => 1, + forcetcp => 0, + debug => 0, + qversion => 0, + qchaos => 0, +); + +my $versionlength = 40; + +my $ignore_recurse = 0; + +my @qy = ( + "0,QUERY,0,0,0,0,0,0,NOERROR,0,0,0,0", #qy0 + "0,QUERY,0,0,0,1,0,1,NOERROR,0,0,0,0", #qy1 + "0,NS_NOTIFY_OP,0,1,1,0,1,1,NOTIMP,0,0,0,0", #qy2 + "0,IQUERY,0,0,0,1,1,1,NOERROR,0,0,0,0", #qy3 + "0,QUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", #qy4 + "0,QUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", #qy5 + "0,IQUERY,0,1,1,0,0,0,NOTIMP,0,0,0,0", #qy6 + "0,QUERY,0,0,0,0,0,1,NOTIMP,0,0,0,0", #qy7 + "0,UPDATE,0,0,1,0,0,0,NOERROR,0,0,0,0", #qy8 + "0,QUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", #qy9 + "0,QUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", #qy10 + "0,QUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", #qy11 +); + +my @nct = ( + ". IN A", #nct0 + ". IN A", #nct1 + ". IN A", #nct2 + ". IN A", #nct3 + "jjjjjjjjjjjj. CH A", #nct4 + "jjjjjjjjjjjj. CH RRSIG", #nct5 + ". IN A", #nct6 + ". IN A", #nct7 + ". IN A", #nct8 + ". IN DNSKEY", #nct9 + "jjjjjjjjjjjj. ANY TKEY", #nct10 + ". IN IXFR", #nct11 +); + +my %initrule = (header => $qy[0], query => $nct[0],); +my @iq = ( + "1,QUERY,0,0,0,0,0,0,SERVFAIL,1,0,0,0", #iq0 + "1,QUERY,0,0,0,0,0,0,NXDOMAIN,1,0,0,0", #iq1 + "1,QUERY,0,0,0,0,0,0,NOERROR,1,0,0,0", #iq2 + "1,QUERY,0,0,0,1,0,0,NOERROR,.+,.+,.+,.+", #iq3 + "1,NS_NOTIFY_OP,0,0,1,1,0,1,FORMERR,1,0,0,0", #iq4 + "1,NS_NOTIFY_OP,0,0,1,1,0,0,FORMERR,1,0,0,0", #iq5 + "1,NS_NOTIFY_OP,0,0,1,1,0,0,REFUSED,1,0,0,0", #iq6 + "0,NS_NOTIFY_OP,0,1,1,0,1,1,NOTIMP,1,0,0,0", #iq7 + "1,IQUERY,0,0,0,1,0,0,NOTIMP,1,0,0,0", #iq8 + "0,IQUERY,0,0,0,1,1,1,NOERROR,1,0,0,0", #iq9 + "1,QUERY,0,0,1,0,0,0,NOTIMP,1,0,0,0", #iq10 + "0,QUERY,0,0,1,0,0,0,NOERROR,1,0,0,0", #iq11 + "1,NS_NOTIFY_OP,0,0,1,1,0,0,SERVFAIL,1,0,0,0", #iq12 + "1,IQUERY,0,0,1,1,0,0,SERVFAIL,1,0,0,0", #iq13 + "1,IQUERY,0,0,1,1,0,0,NOTIMP,0,0,0,0", #iq14 + "1,QUERY,0,0,0,1,0,0,NOTIMP,.+,.+,.+,.+", #iq15 + "1,QUERY,0,0,0,1,0,1,NOERROR,.+,.+,.+,.+", #iq16 + "1,UPDATE,0,0,1,1,0,0,FORMERR,1,0,0,0", #iq17 + "1,QUERY,0,0,1,0,0,0,SERVFAIL,1,0,0,0", #iq18 + "1,QUERY,0,0,1,0,0,0,REFUSED,1,0,0,0", #iq19 + "1,UPDATE,0,0,1,1,0,0,FORMERR,0,0,0,0", #iq20 + "1,QUERY,0,0,1,1,0,0,NOERROR,.+,.+,.+,.+", #iq21 + "1,QUERY,0,1,1,1,0,0,NOERROR,.+,.+,.+,.+", #iq22 + "1,QUERY,0,0,0,0,0,0,REFUSED,0,0,0,0", #iq23 + "1,QUERY,0,0,1,1,0,0,REFUSED,1,0,0,0", #iq24 + "1,QUERY,0,0,1,1,0,0,NXDOMAIN,.+,.+,.+,.+", #iq25 +); + +my @ruleset = ( + { + fingerprint => $iq[0], + result => { + vendor => "NLnetLabs", + product => "NSD", + version => "3.1.0 -- 3.2.8" + }, + }, + { + fingerprint => $iq[1], + result => + { vendor => "Unlogic", product => "Eagle DNS", version => "1.1.1" }, + }, + { + fingerprint => $iq[2], + result => { + vendor => "Unlogic", + product => "Eagle DNS", + version => "1.0 -- 1.0.1" + }, + }, + { + fingerprint => $iq[3], + header => $qy[1], + query => $nct[1], + ruleset => [ + { + fingerprint => $iq[3], + header => $qy[2], + query => $nct[2], + ruleset => [ + { + fingerprint => $iq[4], + result => { + vendor => "ISC", + product => "BIND", + version => "9.3.0 -- 9.3.6-P1" + }, + }, + { + fingerprint => $iq[5], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.3 -- 9.2.9" + }, + }, + { + fingerprint => $iq[6], + result => { + vendor => "ISC", + product => "BIND", + version => "9.1.1 -- 9.1.3" + }, + }, + { + fingerprint => "query timed out", + header => $qy[3], + query => $nct[3], + ruleset => [ + { + fingerprint => $iq[8], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2003" + }, + }, + { + fingerprint => "query timed out", + header => $qy[4], + query => $nct[4], + ruleset => [ + { + fingerprint => $iq[10], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2003 R2" + }, + }, + { + fingerprint => "query timed out", + header => $qy[5], + query => $nct[5], + ruleset => [ + { + fingerprint => + "query timed out", + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2008 R2" + }, + }, + { + fingerprint => $iq[10], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2008" + }, + }, + { + fingerprint => ".+", + state => + "q0r3q1r3q2r7q3r9q4r11q5r?" + }, + ] + }, + ] + }, + ] + }, + { + fingerprint => $iq[12], + header => $qy[6], + query => $nct[6], + ruleset => [ + { + fingerprint => $iq[13], + result => { + vendor => "", + product => "Google DNS", + version => "" + }, + }, + { + fingerprint => $iq[14], + header => $qy[7], + query => $nct[7], + ruleset => [ + { + fingerprint => $iq[15], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.0rc3" + }, + }, + { + fingerprint => $iq[3], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.0 -- 9.2.2-P3" + }, + }, + { + fingerprint => ".+", + state => "q0r3q1r3q2r7r12q6r14q7r?" + }, + ] + }, + ] + }, + ] + }, + { + fingerprint => $iq[16], + header => $qy[2], + query => $nct[2], + ruleset => [ + { + fingerprint => "query timed out", + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2000" + }, + }, + { + fingerprint => $iq[4], + header => $qy[8], + query => $nct[8], + ruleset => [ + { + fingerprint => $iq[17], + header => $qy[4], + query => $nct[4], + ruleset => [ + { + fingerprint => $iq[18], + result => { + vendor => "ISC", + product => "BIND", + version => "9.7.2" + }, + }, + { + fingerprint => $iq[19], + result => { + vendor => "ISC", + product => "BIND", + version => "9.6.3 -- 9.7.3" + }, + }, + { + fingerprint => ".+", + state => "q0r3q1r3r16q2r4q8r17q4r?" + }, + ] + }, + { + fingerprint => $iq[20], + header => $qy[4], + query => $nct[4], + ruleset => [ + { + fingerprint => $iq[19], + result => { + vendor => "ISC", + product => "BIND", + version => "9.5.2 -- 9.7.1" + }, + }, + { + fingerprint => $iq[18], + header => $qy[9], + query => $nct[9], + ruleset => [ + { + fingerprint => $iq[21], + result => { + vendor => "ISC", + product => "BIND", + version => + "9.6.0 OR 9.4.0 -- 9.5.1" + }, + }, + { + fingerprint => $iq[22], + result => { + vendor => "ISC", + product => "BIND", + version => "9.4.0 -- 9.5.1" + }, + }, + { + fingerprint => ".+", + state => +"q0r3q1r3r16q2r4q8r17r20q4r18q9r?" + }, + ] + }, + ] + }, + ] + }, + ] + }, + ] + }, + { + fingerprint => $iq[23], + header => $qy[10], + query => $nct[10], + ruleset => [ + { + fingerprint => $iq[24], + result => { + vendor => "NLnetLabs", + product => "Unbound", + version => "1.3.0 -- 1.4.0" + }, + }, + { + fingerprint => $iq[25], + header => $qy[11], + query => $nct[11], + ruleset => [ + { + fingerprint => "header section incomplete", + result => { + vendor => "NLnetLabs", + product => "Unbound", + version => "1.4.1 -- 1.4.9" + }, + }, + { + fingerprint => $iq[19], + result => { + vendor => "NLnetLabs", + product => "Unbound", + version => "1.4.10 -- 1.4.12" + }, + }, + { fingerprint => ".+", state => "q0r3r23q10r25q11r?" }, + ] + }, + ] + }, +); + +my @qy_old = ( + "0,IQUERY,0,0,1,0,0,0,NOERROR,0,0,0,0", + "0,NS_NOTIFY_OP,0,0,0,0,0,0,NOERROR,0,0,0,0", + "0,QUERY,0,0,0,0,0,0,NOERROR,0,0,0,0", + "0,IQUERY,0,0,0,0,1,1,NOERROR,0,0,0,0", + "0,QUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0", + "0,IQUERY,1,0,1,1,1,1,NOERROR,0,0,0,0", + "0,UPDATE,0,0,0,1,0,0,NOERROR,0,0,0,0", + "0,QUERY,1,1,1,1,1,1,NOERROR,0,0,0,0", + "0,QUERY,0,0,0,0,0,1,NOERROR,0,0,0,0", +); + +my %old_initrule = (header => $qy_old[2], query => ". IN MAILB",); + +my @iq_old = ( + "1,IQUERY,0,0,1,0,0,0,FORMERR,0,0,0,0", # iq_old0 + "1,IQUERY,0,0,1,0,0,0,FORMERR,1,0,0,0", # iq_old1 + "1,IQUERY,0,0,1,0,0,0,NOTIMP,0,0,0,0", # iq_old2 + "1,IQUERY,0,0,1,0,0,0,NOTIMP,1,0,0,0", # iq_old3 + "1,IQUERY,0,0,1,1,0,0,FORMERR,0,0,0,0", # iq_old4 + "1,IQUERY,0,0,1,1,0,0,NOTIMP,0,0,0,0", # iq_old5 + "1,IQUERY,0,0,1,1,0,0,NOTIMP,1,0,0,0", # iq_old6 + "1,IQUERY,1,0,1,0,0,0,NOTIMP,1,0,0,0", # iq_old7 + "1,QUERY,1,0,1,0,0,0,NOTIMP,1,0,0,0", + "1,QUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0", + "1,IQUERY,0,0,1,1,0,0,FORMERR,1,0,0,0", # iq_old10 + "1,NS_NOTIFY_OP,0,0,0,0,0,0,FORMERR,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,0,0,0,NOTIMP,0,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,0,0,0,NOTIMP,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,0,0,0,NXDOMAIN,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,0,0,0,REFUSED,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,0,0,0,SERVFAIL,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,1,0,0,FORMERR,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,1,0,0,NOTIMP,0,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,1,0,0,NOTIMP,1,0,0,0", + "1,NS_NOTIFY_OP,0,0,0,1,0,0,REFUSED,1,0,0,0", # iq_old20 + "1,NS_NOTIFY_OP,0,0,0,1,0,0,SERVFAIL,1,0,0,0", + "1,NS_NOTIFY_OP,1,0,0,0,0,0,NOTIMP,1,0,0,0", + "1,QUERY,1,0,0,0,0,0,NOTIMP,1,0,0,0", + "1,NS_NOTIFY_OP,1,0,0,0,0,0,SERVFAIL,1,0,0,0", + "1,IQUERY,0,0,0,0,1,1,NOTIMP,0,0,0,0", + "1,IQUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0", + "1,IQUERY,0,0,1,1,1,1,FORMERR,0,0,0,0", + "1,IQUERY,1,0,1,1,1,1,FORMERR,0,0,0,0", + "1,QUERY,.,0,1,.,.,.,NOTIMP,.+,.+,.+,.+", + "1,QUERY,.,0,1,.,.,.,.+,.+,.+,.+,.+", #iq_old30 + "1,QUERY,0,0,.,.,0,0,NXDOMAIN,1,0,0,0", + "1,QUERY,0,0,.,.,0,0,FORMERR,1,0,0,0", + "1,UPDATE,0,0,0,0,0,0,NOTIMP,0,0,0,0", + "1,UPDATE,0,0,0,1,0,0,NOTIMP,0,0,0,0", + "1,QUERY,0,0,1,0,0,0,NOERROR,1,0,0,0", + "1,QUERY,1,1,1,1,1,1,NOTIMP,1,0,0,0", + "1,QUERY,0,0,0,0,0,0,NOERROR,1,0,.+,0", + "1,QUERY,0,0,1,0,0,0,FORMERR,1,0,0,0", + "1,IQUERY,0,0,1,0,1,1,NOTIMP,1,0,0,0", + "1,IQUERY,0,0,0,1,1,1,REFUSED,1,0,0,0", #iq_old40 + "1,UPDATE,0,0,0,1,0,0,REFUSED,1,0,0,0", + "1,IQUERY,0,0,0,1,1,1,FORMERR,0,0,0,0", + "1,IQUERY,0,0,0,1,0,0,NOTIMP,0,0,0,0", + "1,QUERY,1,0,1,0,0,0,FORMERR,1,0,0,0", + "1,UPDATE,0,0,0,0,0,0,FORMERR,1,0,0,0", + "1,UPDATE,0,0,0,0,0,0,FORMERR,0,0,0,0", + "1,QUERY,0,0,1,0,0,0,FORMERR,0,0,0,0", + "1,QUERY,0,0,1,0,0,0,SERVFAIL,1,0,0,0", #iq_old48 + "1,QUERY,1,0,1,0,0,0,NXDOMAIN,1,0,1,0", + "1,QUERY,0,0,1,0,0,0,REFUSED,1,0,0,0", #iq_old50 + "1,QUERY,0,0,1,0,0,0,NOERROR,1,1,0,0", + "1,IQUERY,0,0,1,0,0,0,REFUSED,0,0,0,0", + "1,QUERY,0,0,0,0,0,0,FORMERR,0,0,0,0", + "1,QUERY,0,0,1,1,1,0,NOERROR,1,0,1,0", + "1,QUERY,0,0,1,1,0,0,NOERROR,1,0,1,0", + "1,QUERY,0,0,1,0,1,0,NOERROR,.+,.+,.+,.+", + "1,QUERY,0,0,1,0,0,0,.+,.+,.+,.+,.+", + "1,QUERY,1,0,1,0,0,0,NOERROR,1,1,0,0", + "1,QUERY,0,0,1,1,0,0,SERVFAIL,1,0,0,0", + "1,QUERY,1,0,1,1,0,0,NOERROR,1,1,0,0", #iq_old60 + "1,QUERY,0,0,1,1,0,0,REFUSED,1,0,0,0", + "1,QUERY,0,0,0,0,0,0,NOTIMP,1,0,0,0", + "1,QUERY,1,0,1,1,0,0,NOERROR,1,0,1,0", + "1,IQUERY,0,0,1,1,1,1,NOTIMP,0,0,0,0", + "1,UPDATE,0,0,0,0,0,0,REFUSED,0,0,0,0", + "1,IQUERY,0,0,0,1,1,1,NOTIMP,1,0,0,0", + "1,IQUERY,0,0,0,1,0,0,NOTIMP,1,0,0,0", + "1,QUERY,0,1,1,1,1,1,NOERROR,1,0,.,0", + "1,QUERY,0,1,1,1,0,1,NOERROR,1,0,.,0", + "1,IQUERY,0,0,1,0,0,0,REFUSED,1,0,0,0", #iq_old70 + "1,IQUERY,1,0,1,1,1,1,NOTIMP,1,0,0,0", + "1,IQUERY,0,0,1,0,0,0,NOERROR,1,0,0,0", + "1,QUERY,1,0,1,1,0,0,NOERROR,1,0,0,0", + "1,IQUERY,1,0,1,1,0,0,NXDOMAIN,1,0,0,0", + "1,UPDATE,0,0,0,1,0,0,FORMERR,0,0,0,0", + "1,IQUERY,1,0,1,0,0,0,NXDOMAIN,1,0,0,0", + "1,QUERY,0,0,1,1,0,0,FORMERR,1,0,0,0", + "1,QUERY,0,0,0,1,0,0,SERVFAIL,1,0,0,0", + "1,QUERY,0,0,1,1,0,0,NOERROR,1,1,0,0", + "1,IQUERY,1,0,1,0,0,0,NOERROR,1,0,1,0", #iq_old80 + "1,IQUERY,1,0,1,1,0,0,NOTIMP,1,0,0,0", + "1,QUERY,0,0,1,1,0,0,NOERROR,1,0,0,0", + "1,QUERY,1,0,1,1,0,0,NOERROR,1,1,1,.+", + "1,QUERY,0,0,1,1,0,0,REFUSED,0,0,0,0", + "1,UPDATE,0,0,0,1,0,0,NOTIMP,1,0,0,0", + "1,QUERY,1,0,0,1,0,0,NXDOMAIN,1,0,0,0", + "1,QUERY,0,0,0,1,0,0,NOTIMP,0,0,0,0", + "1,QUERY,0,0,0,0,0,0,REFUSED,1,0,0,0", + "1,QUERY,1,0,1,1,0,0,NXDOMAIN,1,0,0,0", #iq_old89 + "1,QUERY,1,0,0,0,0,0,NOERROR,1,1,0,0", #iq_old90 + "1,IQUERY,1,0,1,1,0,1,NOTIMP,1,0,0,0", + "1,QUERY,0,0,0,1,0,0,NOTIMP,1,0,0,0", + "1,QUERY,0,0,1,0,0,1,SERVFAIL,1,0,0,0", + "1,QUERY,0,0,0,1,0,0,NOERROR,1,0,13,13", #iq_old94 + "1,QUERY,0,0,0,1,0,0,NOERROR,1,0,1,0", #iq_old95 + "1,QUERY,0,0,1,0,0,0,NOERROR,1,0,13,13", + "1,IQUERY,1,0,0,0,0,0,NOTIMP,1,0,0,0", #iq_old97 + "1,IQUERY,1,0,0,0,1,1,NOTIMP,1,0,0,0", #iq_old98 + "1,IQUERY,0,0,1,1,0,0,NOERROR,1,0,1,0", #iq_old99 + "1,QUERY,.,0,1,0,0,0,NOERROR,1,0,0,0", #iq_old100 + "1,QUERY,0,0,1,0,0,0,NXDOMAIN,1,0,0,0", #101 +); + +my @old_ruleset = ( + { + fingerprint => $iq_old[89], + result => { + vendor => "Simon Kelley", + product => "dnsmasq", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => ".+", + header => $qy_old[0], + query => ". IN A", + ruleset => [ + { + fingerprint => "query timed out", + header => $qy_old[0], + query => "com. IN A", + ruleset => [ + { + fingerprint => "query timed out", + header => $qy_old[7], + query => ". CH A", + ruleset => [ + { + fingerprint => "query timed out", + header => $qy_old[6], + query => ". IN A", + ruleset => [ + { + fingerprint => $iq_old[38], + result => { + vendor => "Digital Lumber", + product => "Oak DNS", + version => "" + }, + qv => "version.oak", + }, + { + fingerprint => "query timed out", + result => "TIMEOUT", + }, + { + fingerprint => ".+", + state => "q0tq0tq7tq6r?", + }, + ] + }, + { + fingerprint => $iq_old[35], + result => { + vendor => "XBILL", + product => "jnamed (dnsjava)", + version => "" + }, + }, + { + fingerprint => $iq_old[36], + result => { + vendor => "Men & Mice", + product => "QuickDNS for MacOS Classic", + version => "" + }, + }, + { + fingerprint => $iq_old[37], + result => { + vendor => "unknown", + product => "NonSequitur DNS", + version => "" + }, + }, + { fingerprint => ".+", state => "q0tq0tq7r?", }, + ] + }, + { + fingerprint => $iq_old[35], + result => { + vendor => "eNom", + product => "eNom DNS", + version => "" + }, + }, + { fingerprint => ".+", state => "q0tq0r?", }, + ] + }, + + { + fingerprint => $iq_old[0], + header => $qy_old[1], + query => "jjjjjjjjjjjj IN A", + ruleset => [ + { + fingerprint => $iq_old[12], + result => { + vendor => "ISC", + product => "BIND", + version => "8.4.1-p1" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[13], + result => { + vendor => "ISC", + product => "BIND", + version => "8 plus root server modifications" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[15], + result => { + vendor => "Cisco", + product => "CNR", + version => "" + }, + }, + { + fingerprint => $iq_old[16], + header => $qy_old[2], + query => "hostname.bind CH TXT", + ruleset => [ + { + fingerprint => $iq_old[58], + result => { + vendor => "ISC", + product => "BIND", + version => "8.3.0-RC1 -- 8.4.4" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[50], + result => { + vendor => "ISC", + product => "BIND", + version => "8.3.0-RC1 -- 8.4.4" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[48], + result => { + vendor => "ISC", + product => "BIND", + version => "8.2.2-P3 -- 8.3.0-T2A" + }, + qv => "version.bind", + }, + { fingerprint => ".+", state => "q0r0q1r16q2r?", }, + ] + }, + { fingerprint => ".+", state => "q0r0q1r?", }, + ] + }, + + { + fingerprint => $iq_old[1], + header => $qy_old[2], + query => ". IN IXFR", + ruleset => [ + { + fingerprint => $iq_old[31], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2000" + }, + }, + { + fingerprint => $iq_old[32], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "NT4" + }, + }, + { + fingerprint => $iq_old[50], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2003" + }, + }, + { fingerprint => ".+", state => "q0r1q2r?", }, + ] + }, + + { + fingerprint => $iq_old[2], + header => $qy_old[1], + ruleset => [ + { + fingerprint => $iq_old[11], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.3rc1 -- 9.4.0a4" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[12], + header => $qy_old[3], + ruleset => [ + { + fingerprint => $iq_old[25], + header => $qy_old[6], + ruleset => [ + { + fingerprint => $iq_old[33], + result => { + vendor => "bboy", + product => "MyDNS", + version => "" + }, + }, + { + fingerprint => $iq_old[34], + header => $qy_old[2], + query => +"012345678901234567890123456789012345678901234567890123456789012.012345678901234567890123456789012345678901234567890123456789012.012345678901234567890123456789012345678901234567890123456789012.0123456789012345678901234567890123456789012345678901234567890. IN A", + ruleset => [ + { + fingerprint => $iq_old[47], + result => { + vendor => "NLnetLabs", + product => "NSD", + version => "1.0.3 -- 1.2.1" + }, + qv => "version.server", + }, + { + fingerprint => $iq_old[48], + header => $qy_old[2], + query => "hostname.bind CH TXT", + ruleset => [ + { + fingerprint => + $iq_old[50], + result => { + vendor => + "NLnetLabs", + product => "NSD", + version => "1.2.2" + }, + qv => "version.server", + }, + { + fingerprint => + $iq_old[51], + header => $qy_old[8], + query => ". IN A", + ruleset => [ + { + fingerprint => + $iq_old[93], + result => { + vendor => +"NLnetLabs", + product => + "NSD", + version => +"1.2.3 -- 2.1.2" + }, + qv => +"version.server", + }, + { + fingerprint => + $iq_old[48], + result => { + vendor => +"NLnetLabs", + product => + "NSD", + version => + "2.1.3" + }, + qv => +"version.server", + }, + { + fingerprint => + ".+", + state => +"q0r2q1r12q3r25q6r34q2r48q2r51q8r?", + }, + ] + }, + { + fingerprint => ".+", + state => +"q0r2q1r12q3r25q6r34q2r48q2r?", + }, + ] + }, + { + fingerprint => $iq_old[49], + header => $qy_old[2], + query => "hostname.bind CH TXT", + ruleset => [ + { + fingerprint => + $iq_old[50], + result => { + vendor => + "NLnetLabs", + product => "NSD", + version => + "1.2.2 [root]" + }, + qv => "version.server", + }, + { + fingerprint => + $iq_old[51], + result => { + vendor => + "NLnetLabs", + product => "NSD", + version => + "1.2.3 [root]" + }, + qv => "version.server", + }, + { + fingerprint => ".+", + state => +"q0r2q1r12q3r25q6r34q2r49q2r?", + }, + ] + }, + { + fingerprint => $iq_old[53], + result => { + vendor => "NLnetLabs", + product => "NSD", + version => "1.0.2" + }, + qv => "version.server", + }, + { + fingerprint => ".+", + state => + "q0r2q1r12q3r25q6r34q2a?", + }, + ] + }, + { + fingerprint => ".+", + state => "q0r2q1r12q3r25q6r?", + }, + ] + }, + { + fingerprint => $iq_old[26], + result => { + vendor => "VeriSign", + product => "ATLAS", + version => "" + }, + }, + { fingerprint => ".+", state => "q0r2q1r12q3r?", }, + ] + }, + { + fingerprint => $iq_old[15], + header => $qy_old[6], + ruleset => [ + { + fingerprint => $iq_old[45], + result => { + vendor => "Nominum", + product => "ANS", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[65], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.3rc1 -- 9.4.0a4" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[46], + header => $qy_old[7], + ruleset => [ + { + fingerprint => $iq_old[56], + result => { + vendor => "ISC", + product => "BIND", + version => "9.0.0b5 -- 9.0.1" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[57], + result => { + vendor => "ISC", + product => "BIND", + version => "9.1.0 -- 9.1.3" + }, + qv => "version.bind", + }, + { + fingerprint => ".+", + state => "q0r2q1r15q6r46q7r?", + }, + ] + }, + { fingerprint => ".+", state => "q0r2q1r15q6r?", }, + ] + }, + { + fingerprint => $iq_old[16], + header => $qy_old[4], + ruleset => [ + { + fingerprint => $iq_old[29], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.0a1 -- 9.2.0rc3" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[30], + header => $qy_old[0], + query => ". A CLASS0", + ruleset => [ + { + fingerprint => $iq_old[2], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.0rc7 -- 9.2.2-P3" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[0], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.0rc4 -- 9.2.0rc6" + }, + qv => "version.bind", + }, + { + fingerprint => ".+", + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.0rc4 -- 9.2.2-P3" + }, + qv => "version.bind", + }, + ] + }, + { fingerprint => ".+", state => "q0r2q1r16q4r?", }, + ] + }, + { fingerprint => ".+", state => "q0r2q1r?", }, + ] + }, + + { + fingerprint => $iq_old[3], + header => $qy_old[1], + ruleset => [ + { + fingerprint => "query timed out", + header => $qy_old[5], + ruleset => [ + { + fingerprint => $iq_old[3], + result => { + vendor => "sourceforge", + product => "Dents", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[81], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2003" + }, + }, + { + fingerprint => $iq_old[91], + result => { + vendor => "Microsoft", + product => "Windows DNS", + version => "2003" + }, + }, + { fingerprint => ".+", state => "q0r3q1tq5r?", }, + ] + + }, + { + fingerprint => $iq_old[14], + result => { + vendor => "UltraDNS", + product => "", + version => "v2.7.0.2 -- 2.7.3" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[13], + header => $qy_old[5], + ruleset => [ + { + fingerprint => $iq_old[39], + result => { + vendor => "pliant", + product => "DNS Server", + version => "" + }, + }, + { + fingerprint => $iq_old[7], + result => { + vendor => "JHSOFT", + product => "simple DNS plus", + version => "" + }, + }, + { + fingerprint => $iq_old[71], + header => $qy_old[6], + ruleset => [ + { + fingerprint => $iq_old[41], + result => { + vendor => "Netnumber", + product => "ENUM server", + version => "" + }, + }, + { + fingerprint => $iq_old[85], + result => { + vendor => "Raiden", + product => "DNSD", + version => "" + }, + }, + ] + }, + { fingerprint => ".+", state => "q0r3q1r13q5r?", }, + ] + }, + { fingerprint => ".+", state => "q0r3q1r?", }, + ] + }, + + { + fingerprint => $iq_old[4], + header => $qy_old[1], + query => "jjjjjjjjjjjj IN A", + ruleset => [ + { + fingerprint => $iq_old[17], + result => { + vendor => "ISC", + product => "BIND", + version => "9.0.0b5 -- 9.0.1 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[18], + header => $qy_old[5], + query => ". IN A", + ruleset => [ + { + fingerprint => $iq_old[27], + result => { + vendor => "ISC", + product => "BIND", + version => "4.9.3 -- 4.9.11" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[28], + result => { + vendor => "ISC", + product => "BIND", + version => "4.8 -- 4.8.3" + }, + }, + { fingerprint => ".+", state => "q0r4q1r18q5r?", }, + ] + }, + { + fingerprint => $iq_old[19], + result => { + vendor => "ISC", + product => "BIND", + version => "8.2.1 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[20], + header => $qy_old[3], + query => ". IN A", + ruleset => [ + { + fingerprint => $iq_old[42], + result => { + vendor => "ISC", + product => "BIND", + version => + "8.1-REL -- 8.2.1-T4B [recursion enabled]" + }, + qv => "version.bind", + }, + { fingerprint => ".+", state => "q0r4q1r20q3r?", }, + ] + }, + { + fingerprint => $iq_old[21], + header => $qy_old[2], + query => "hostname.bind CH TXT", + ruleset => [ + { + fingerprint => $iq_old[60], + result => { + vendor => "ISC", + product => "BIND", + version => + "8.3.0-RC1 -- 8.4.4 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[59], + header => $qy_old[7], + query => ". IN A", + ruleset => [ + { + fingerprint => $iq_old[68], + result => { + vendor => "ISC", + product => "BIND", + version => +"8.1-REL -- 8.2.1-T4B [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[69], + result => { + vendor => "ISC", + product => "BIND", + version => +"8.2.2-P3 -- 8.3.0-T2A [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => "connection failed", + result => { + vendor => "Runtop", + product => "dsl/cable", + version => "" + }, + }, + { + fingerprint => ".+", + state => "q0r4q1r21q2r59q7r?", + }, + ] + }, + + { + fingerprint => $iq_old[58], + result => { + vendor => "ISC", + product => "BIND", + version => + "8.3.0-RC1 -- 8.4.4 [recursion local]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[50], + result => { + vendor => "ISC", + product => "BIND", + version => + "8.3.0-RC1 -- 8.4.4 [recursion local]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[61], + result => { + vendor => "ISC", + product => "BIND", + version => + "8.3.0-RC1 -- 8.4.4 [recursion local]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[48], + result => { + vendor => "ISC", + product => "BIND", + version => + "8.2.2-P3 -- 8.3.0-T2A [recursion local]" + }, + qv => "version.bind", + }, + { fingerprint => ".+", state => "q0r4q1r21q2r?", }, + ] + }, + { fingerprint => ".+", state => "q0r4q1r?", }, + ] + }, + + { + fingerprint => $iq_old[5], + header => $qy_old[1], + ruleset => [ + { + fingerprint => $iq_old[11], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.3rc1 -- 9.4.0a4", + option => "recursion enabled,split view" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[17], + result => { + vendor => "ISC", + product => "BIND", + version => "9.2.3rc1 -- 9.4.0a4 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[18], + header => $qy_old[5], + ruleset => [ + { + fingerprint => $iq_old[5], + header => $qy_old[7], + query => ". IN A", + ruleset => [ + { + fingerprint => $iq_old[84], + result => { + vendor => "Nominum", + product => "CNS", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[59], + result => { + vendor => "Mikrotik", + product => "dsl/cable", + version => "" + }, + }, + { + fingerprint => $iq_old[82], + result => { + vendor => "Mikrotik", + product => "dsl/cable", + version => "" + }, + }, + { + fingerprint => ".+", + state => "q0r5q1r18q5r5q7r?", + }, + ] + }, + { + fingerprint => $iq_old[64], + result => "unknown, smells like old BIND 4", + }, + { fingerprint => ".+", state => "q0r5q1r18q5r?", }, + ] + }, + { + fingerprint => $iq_old[20], + header => $qy_old[7], + ruleset => [ + { + fingerprint => $iq_old[54], + result => { + vendor => "ISC", + product => "BIND", + version => + "9.0.0b5 -- 9.0.1 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[55], + result => { + vendor => "ISC", + product => "BIND", + version => + "9.1.0 -- 9.1.3 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[63], + result => { + vendor => "ISC", + product => "BIND", + version => + "4.9.3 -- 4.9.11 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[61], + result => { + vendor => "ISC", + product => "BIND", + version => + "9.0.0b5 -- 9.1.3 [recursion local]" + }, + qv => "version.bind", + }, + { fingerprint => ".+", state => "q0r5q1r20q7r?", }, + ] + }, + { + fingerprint => $iq_old[21], + header => $qy_old[4], + ruleset => [ + { + fingerprint => "query timed out", + result => { + vendor => "ISC", + product => "BIND", + version => + "9.2.0a1 -- 9.2.2-P3 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[29], + result => { + vendor => "ISC", + product => "BIND", + version => + "9.2.0a1 -- 9.2.0rc3 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[61], + header => $qy_old[0], + query => ". A CLASS0", + ruleset => [ + { + fingerprint => $iq_old[2], + result => { + vendor => "ISC", + product => "BIND", + version => +"9.2.0rc7 -- 9.2.2-P3 [recursion local]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[0], + result => { + vendor => "ISC", + product => "BIND", + version => +"9.2.0a1 -- 9.2.0rc6 [recursion local]" + }, + qv => "version.bind", + }, + { + fingerprint => ".+", + result => { + vendor => "ISC", + product => "BIND", + version => +"9.2.0a1 -- 9.2.2-P3 [recursion local]" + }, + qv => "version.bind", + }, + ] + }, + { + fingerprint => $iq_old[30], + header => $qy_old[0], + query => ". A CLASS0", + ruleset => [ + { + fingerprint => $iq_old[2], + result => { + vendor => "ISC", + product => "BIND", + version => +"9.2.0rc7 -- 9.2.2-P3 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[0], + result => { + vendor => "ISC", + product => "BIND", + version => +"9.2.0rc4 -- 9.2.0rc6 [recursion enabled]" + }, + qv => "version.bind", + }, + { + fingerprint => ".+", + result => { + vendor => "ISC", + product => "BIND", + version => +"9.2.0rc4 -- 9.2.2-P3 [recursion enabled]" + }, + qv => "version.bind", + }, + ] + }, + { fingerprint => ".+", state => "q0r5q1r21q4r?", }, + ] + }, + { fingerprint => ".+", state => "q0r5q1r?", }, + ] + }, + + { + fingerprint => $iq_old[6], + header => $qy_old[1], + ruleset => [ + { + fingerprint => $iq_old[15], + result => { + vendor => "incognito", + product => "DNS commander", + version => "v2.3.1.1 -- 4.0.5.1" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[19], + header => $qy_old[3], + ruleset => [ + { + fingerprint => $iq_old[66], + result => { + vendor => "vermicelli", + product => "totd", + version => "" + }, + }, + { + fingerprint => $iq_old[67], + result => { + vendor => "JHSOFT", + product => "simple DNS plus", + version => "[recursion enabled]" + }, + }, + { fingerprint => ".+", state => "q0r6q1r19q3r?", }, + ] + }, + { fingerprint => ".+", state => "q0r6q1r?", }, + ] + }, + + { + fingerprint => $iq_old[7], + header => $qy_old[1], + ruleset => [ + { + fingerprint => $iq_old[22], + header => $qy_old[3], + ruleset => [ + { + fingerprint => $iq_old[97], + result => { + vendor => "PowerDNS", + product => "PowerDNS", + version => "2.9.4 -- 2.9.19" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[98], + result => { + vendor => "Stanford", + product => "lbnamed", + version => "1.0.0 -- 2.3.2" + }, + }, + { fingerprint => ".+", state => "q0r7q1r22q3r?", }, + ] + }, + { + fingerprint => $iq_old[24], + result => { + vendor => "PowerDNS", + product => "PowerDNS", + version => "2.8 -- 2.9.3" + }, + qv => "version.bind", + }, + { fingerprint => ".+", state => "q0r7q1r?", }, + ] + }, + + { + fingerprint => $iq_old[8], + header => $qy_old[1], + ruleset => [ + { + fingerprint => $iq_old[23], + header => $qy_old[2], + query => ". CH A", + ruleset => [ + { + fingerprint => "query timed out", + result => { + vendor => "DJ Bernstein", + product => "TinyDNS", + version => "1.04" + }, + }, + { + fingerprint => $iq_old[32], + result => { + vendor => "DJ Bernstein", + product => "TinyDNS", + version => "1.05" + }, + }, + { fingerprint => ".+", state => "q0r8q1r23q2r?", }, + ] + }, + { fingerprint => ".+", state => "q0r8q1r?", }, + ] + }, + + { + fingerprint => $iq_old[9], + header => $qy_old[1], + ruleset => [ + { + fingerprint => $iq_old[9], + result => { + vendor => "Sam Trenholme", + product => "MaraDNS", + version => "" + }, + qv => "erre-con-erre-cigarro.maradns.org" + }, + { fingerprint => ".+", state => "q0r9q1r?", }, + ] + }, + + { + fingerprint => $iq_old[10], + result => { + vendor => "Microsoft", + product => "?", + version => "" + }, + }, + { + fingerprint => $iq_old[26], + result => { + vendor => "Meilof Veeningen", + product => "Posadis", + version => "" + }, + }, + { + fingerprint => $iq_old[43], + header => $qy_old[6], + ruleset => [ + { + fingerprint => $iq_old[34], + result => { + vendor => "Paul Rombouts", + product => "pdnsd", + version => "" + }, + }, + { + fingerprint => $iq_old[75], + result => { + vendor => "antirez", + product => "Yaku-NS", + version => "" + }, + }, + { fingerprint => ".+", state => "q0r43q6r?", }, + ] + }, + + { + fingerprint => $iq_old[44], + result => { + vendor => "cpan", + product => "Net::DNS Nameserver", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[52], + result => { + vendor => "NLnetLabs", + product => "NSD", + version => "1.0 alpha" + }, + }, + { + fingerprint => $iq_old[55], + header => $qy_old[3], + ruleset => [ + { + fingerprint => $iq_old[94], + result => { + vendor => "robtex", + product => "Viking DNS module", + version => "" + }, + }, + { + fingerprint => $iq_old[95], + result => { + vendor => "cisco", + product => "dns resolver/server", + version => "" + }, + }, + { fingerprint => ".+", state => "q0r55q3r?", }, + ] + }, + { + fingerprint => $iq_old[59], + result => { + vendor => "Max Feoktistov", + product => "small HTTP server [recursion enabled]", + version => "" + }, + }, + { + fingerprint => $iq_old[60], + result => { + vendor => "Axis", + product => "video server", + version => "" + }, + }, + { + fingerprint => $iq_old[62], + header => $qy_old[7], + query => "1.0.0.127.in-addr.arpa. IN PTR", + ruleset => [ + { + fingerprint => $iq_old[62], + result => { + vendor => "Michael Tokarev", + product => "rbldnsd", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[79], + result => { + vendor => "4D", + product => "WebSTAR", + version => "" + }, + }, + { + fingerprint => $iq_old[83], + result => { + vendor => "Netopia", + product => "dsl/cable", + version => "" + }, + }, + { + fingerprint => $iq_old[90], + result => { + vendor => "TZO", + product => "Tzolkin DNS", + version => "" + }, + }, + { + fingerprint => "query timed out", + result => { + vendor => "Netopia", + product => "dsl/cable", + version => "" + }, + }, + { fingerprint => ".+", state => "q0r62q7r?", }, + ] + }, + { + fingerprint => $iq_old[70], + result => { + vendor => "Yutaka Sato", + product => "DeleGate DNS", + version => "" + }, + }, + { + fingerprint => $iq_old[72], + result => { + vendor => "", + product => "sheerdns", + version => "" + }, + }, + { + fingerprint => $iq_old[73], + result => { + vendor => "Matthew Pratt", + product => "dproxy", + version => "" + }, + }, + { + fingerprint => $iq_old[74], + result => { + vendor => "Brad Garcia", + product => "dnrd", + version => "" + }, + }, + { + fingerprint => $iq_old[76], + result => { + vendor => "Sourceforge", + product => "JDNSS", + version => "" + }, + }, + { + fingerprint => $iq_old[77], + result => { + vendor => "Dan Kaminsky", + product => "nomde DNS tunnel", + version => "" + }, + }, + { + fingerprint => $iq_old[78], + result => { + vendor => "Max Feoktistov", + product => "small HTTP server", + version => "" + }, + }, + { + fingerprint => $iq_old[79], + result => { + vendor => "robtex", + product => "Viking DNS module", + version => "" + }, + }, + { + fingerprint => $iq_old[80], + result => { + vendor => "Fasthosts", + product => "Envisage DNS server", + version => "" + }, + }, + { + fingerprint => $iq_old[81], + result => { + vendor => "WinGate", + product => "Wingate DNS", + version => "" + }, + }, + { + fingerprint => $iq_old[82], + result => { + vendor => "Ascenvision", + product => "SwiftDNS", + version => "" + }, + }, + { + fingerprint => $iq_old[86], + result => { + vendor => "Nortel Networks", + product => "Instant Internet", + version => "" + }, + }, + { + fingerprint => $iq_old[87], + result => { + vendor => "ATOS", + product => "Stargate ADSL", + version => "" + }, + }, + { + fingerprint => $iq_old[88], + result => { + vendor => "3Com", + product => "Office Connect Remote", + version => "" + }, + }, + { + fingerprint => $iq_old[89], + result => { + vendor => "Alteon", + product => "ACEswitch", + version => "" + }, + }, + { + fingerprint => $iq_old[90], + result => { + vendor => "javaprofessionals", + product => "javadns/jdns", + version => "" + }, + }, + { + fingerprint => $iq_old[92], + result => { + vendor => "Beehive", + product => "CoDoNS", + version => "" + }, + }, + { + fingerprint => $iq_old[96], + result => { + vendor => "Beevihe", + product => "AAAAAA", + version => "" + }, + qv => "version.bind", + }, + { + fingerprint => $iq_old[100], + result => { + vendor => "ValidStream", + product => "ValidDNS", + version => "" + }, + }, + { + fingerprint => $iq_old[101], + result => { + vendor => "ValidStream", + product => "ValidDNS", + version => "" + }, + }, + { fingerprint => ".+", state => "q0r?", }, + + ] + }, + +); + +###################################################################### + +sub new { + my $proto = shift; + my $class = ref($proto) || $proto; + my $self = {}; + + my %config = @_; + + foreach my $k (keys %default) { + if (defined $config{$k}) { + $self->{$k} = $config{$k}; + } else { + $self->{$k} = $default{$k}; + } + } + + bless $self, $class; + return $self; +} + +sub hash { + my $self = shift; + + my $addr = shift; + my $port = shift; + + $port = 53 unless ($port); + + return $self->init($addr, $port); +} + +sub string { + my $self = shift; + + my $addr = shift; + my $port = shift; + + $port = 53 unless ($port); + + my %r = $self->hash($addr, $port); + + my @s = (); + + if (defined $r{error}) { + push @s, $r{error}; + } elsif (defined $r{result}) { + push @s, $r{result}; + } else { + push @s, $r{vendor} if (defined $r{vendor}); + push @s, $r{product} if (defined $r{product}); + push @s, $r{version} if (defined $r{version}); + push @s, "[$r{option}]" if (defined $r{option}); + push @s, "[$r{ruleset} Rules]" if (defined $r{ruleset}); + } + + push @s, $r{vstring} if (defined $r{vstring}); + + push @s, $r{state} if (defined $r{state} && $self->{debug}); + + return join(" ", @s); +} + +sub query_version { + my $self = shift; + + my $qserver = shift; + my $qport = shift; + my $ident = shift; + + my $rrset = " id: "; + my $resolver = Net::DNS::Resolver->new; + + $resolver->nameservers($qserver); + $resolver->port($qport); + $resolver->srcaddr($self->{source}); + $resolver->retry($self->{retry}); + $resolver->retrans($self->{timeout}); + $resolver->usevc($self->{forcetcp}); + my $query = $resolver->query($ident, 'TXT', 'CH'); + + if ($query && $query->header->ancount > 0) { + foreach my $rr ($query->answer) { + ($rrset = $rrset . "\"" . $rr->txtdata . "\" ") + if ($rr->type eq "TXT"); + } + $rrset =~ s/\n/\" \"/g; + if (length($rrset) > $versionlength) { + $rrset = substr($rrset, 0, $versionlength) . "..."; + } + return $rrset; + } + + return " id unavailable (" . $resolver->errorstring . ")"; +} + +sub init { + my $self = shift; + + my $qserver = shift; + my $qport = shift; + + my %match = + $self->process($qserver, + $qport, + $initrule{header}, + $initrule{query}, + \@ruleset, + "New"); + + return %match if (defined $match{product}); + + #For backwards compatibility with old fingerprint code which never set the rd + $ignore_recurse = 1; + return $self->process($qserver, + $qport, + $old_initrule{header}, + $old_initrule{query}, + \@old_ruleset, + "Old"); +} + +sub process { + my $self = shift; + + my $qserver = shift; + my $qport = shift; + my $qheader = shift; + my $qstring = shift; + my $ruleref = shift; + my $rulenam = shift; + my $ver; + my $id; + my %ret; + + if ($self->{debug}) { + print STDERR "==> PROCESS $qserver:$qport $qheader $qstring\n"; + print STDERR "\n"; + } + + my ($answer, $ress) = $self->probe($qserver, $qport, $qheader, $qstring); + + if ($answer) { + $id = header2fp($answer->header); + } else { + $id = $ress; + } + + print STDERR "==> \"$id\"\n" if ($self->{debug}); + + for my $rule (@$ruleref) { + + $ver = " "; + + # we must have a fingerprint + die "missing fingerprint" unless (defined $rule->{fingerprint}); + + # skip to next rule unless we have a matching fingerprint + next unless ($id =~ /$rule->{fingerprint}/); + + # return if we have a result + if (defined $rule->{result}) { + if (defined $rule->{qv}) { + $ver = $self->query_version($qserver, $qport, $rule->{qv}) + if $self->{qversion}; + } + if ($self->{qchaos}) { + $ver = $self->query_version($qserver, $qport, "version.bind"); + } + $ret{vstring} = $ver if ($ver); + + if (ref($rule->{result})) { + $ret{vendor} = $rule->{result}{vendor}; + $ret{product} = $rule->{result}{product}; + $ret{version} = $rule->{result}{version}; + $ret{option} = $rule->{result}{option}; + $ret{state} = $rule->{result}{state}; + $ret{ruleset} = $rulenam; + } else { + $ret{result} = $rule->{result}; + } + + return %ret; + } + + # print state if no matches + if (defined $rule->{state}) { + $ver = $self->query_version($qserver, $qport, "hostname.bind") + if $self->{qversion}; + $ret{vstring} = $ver if ($ver); + + $ret{error} = "No match found"; + $ret{state} = $rule->{state}; + $ret{id} = $id; + + return %ret; + } + + # update query if defined + if (defined $rule->{query}) { + $qstring = $rule->{query}; + } + + # recurse if we have a new header and a new ruleset + if (defined $rule->{header} && defined $rule->{ruleset}) { + return $self->process( + $qserver, $qport, $rule->{header}, + $qstring, $rule->{ruleset}, $rulenam + ); + } + + die "syntax error"; + } + + return %ret; +} + +sub header2fp { + my $header = shift; + + my @list = ( + $header->qr, $header->opcode, $header->aa, + $header->tc, $header->rd, $header->ra, + $header->ad, $header->cd, $header->rcode, + $header->qdcount, $header->ancount, $header->nscount, + $header->arcount + ); + + return join(",", @list); +} + +sub fp2header { + my @list = split(/,/, shift); + my $header = shift; + + $header->qr(shift @list); + $header->opcode(shift @list); + $header->aa(shift @list); + $header->tc(shift @list); + $header->rd(shift @list); + $header->ra(shift @list); + $header->ad(shift @list); + $header->cd(shift @list); + $header->rcode(shift @list); + $header->qdcount(shift @list); + $header->ancount(shift @list); + $header->nscount(shift @list); + $header->arcount(shift @list); +} + +sub probe { + my $self = shift; + + my $qserver = shift; + my $qport = shift; + my $qheader = shift; + my @qstring = split(/ /, shift); + + my $packet = new Net::DNS::Packet; + fp2header($qheader, $packet->header); + $packet->push("question", Net::DNS::Question->new(@qstring)); + + if ($self->{debug}) { + print STDERR "==> QUERY BEGIN\n"; + print STDERR $packet->print, "\n"; + print STDERR "==> QUERY END\n"; + print STDERR "\n"; + } + + my $resolver = Net::DNS::Resolver->new; + $resolver->nameservers($qserver); + if (!$ignore_recurse) { + $resolver->recurse($packet->header->rd); + } + $resolver->port($qport); + $resolver->srcaddr($self->{source}); + $resolver->retry($self->{retry}); + $resolver->retrans($self->{timeout}); + $resolver->usevc($self->{forcetcp}); + my $answer = $resolver->send($packet); + if ($answer && $self->{debug}) { + print STDERR "==> ANSWER BEGIN\n"; + print STDERR $answer->string, "\n"; + print STDERR "==> ANSWER END\n"; + print STDERR "\n"; + } + + return ($answer, $resolver->errorstring); +} + +sub version { + return $VERSION; +} + +1; diff -Nru net-dns-fingerprint-0.9.3/lib/Net/DNS/REPLACE net-dns-fingerprint-20130404/lib/Net/DNS/REPLACE --- net-dns-fingerprint-0.9.3/lib/Net/DNS/REPLACE 1970-01-01 00:00:00.000000000 +0000 +++ net-dns-fingerprint-20130404/lib/Net/DNS/REPLACE 2012-10-19 08:54:24.000000000 +0000 @@ -0,0 +1,52 @@ +After you generate a perl tree from the generator, go through it and replace the +non-responses with the right error. + +------------------------------------------------------------------------------- + +"0,QUERY,0,0,1,0,0,0,NOERROR,1,0,0,0" => "header section incomplete" #Unbound + +"0.+" => "query timed out" #Windows Server(s) + + +------------------------------------------------------------------------------- +e.g + +If you have the responses + +"0,NS_NOTIFY_OP,0,1,1,0,1,1,NOTIMP,1,0,0,0", #iq7 +"1,IQUERY,0,0,0,1,0,0,NOTIMP,1,0,0,0", #iq8 +"0,IQUERY,0,0,0,1,1,1,NOERROR,1,0,0,0", #iq9 +"1,QUERY,0,0,1,0,0,0,NOTIMP,1,0,0,0", #iq10 +"0,QUERY,0,0,1,0,0,0,NOERROR,1,0,0,0", #iq11 + + +part of the tree + +{ fingerprint => $iq[8], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2003"}, }, +{ fingerprint=>$iq[9], header=>$qy[4], query=>$nct[4], ruleset => [ +{ fingerprint => $iq[10], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2003 R2"}, }, +{ fingerprint=>$iq[11], header=>$qy[5], query=>$nct[5], ruleset => [ +{ fingerprint => $iq[11], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2008 R2"}, }, +{ fingerprint => $iq[10], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2008"}, }, +{ fingerprint => ".+", state=>"q0r3q1r3q2r7q3r9q4r11q5r?" }, + + +should become + +{ fingerprint => $iq[8], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2003"}, }, +{ fingerprint=>"query timed out", header=>$qy[4], query=>$nct[4], ruleset => [ +{ fingerprint => $iq[10], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2003 R2"}, }, +{ fingerprint=>"query timed out", header=>$qy[5], query=>$nct[5], ruleset => [ +{ fingerprint => "query timed out", result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2008 R2"}, }, +{ fingerprint => $iq[10], result => { vendor =>"Microsoft", product=>"Windows DNS", version=>"2008"}, }, +{ fingerprint => ".+", state=>"q0r3q1r3q2r7q3r9q4r11q5r?" }, + +if you follow the replace instructions + +There is an unresolved bug where BIND 9.4.0 -- 9.5.1 identifies as BIND 9.6.0, this is +temporarily fixed by replacing +{ fingerprint => $iq[21], result => { vendor =>"ISC", product=>"BIND", version=>"9.6.0"}, }, + +with + +{ fingerprint => $iq[21], result => { vendor =>"ISC", product=>"BIND", version=>"9.6.0 OR 9.4.0 -- 9.5.1"}, }, \ No newline at end of file diff -Nru net-dns-fingerprint-0.9.3/Makefile.PL net-dns-fingerprint-20130404/Makefile.PL --- net-dns-fingerprint-0.9.3/Makefile.PL 2005-08-03 15:55:26.000000000 +0000 +++ net-dns-fingerprint-20130404/Makefile.PL 2012-10-19 08:54:24.000000000 +0000 @@ -1,13 +1,11 @@ -# $Id: Makefile.PL,v 1.4 2005/03/04 14:17:46 jakob Exp $ - use ExtUtils::MakeMaker; WriteMakefile( - 'NAME' => 'Net::DNS::Fingerprint', - 'VERSION_FROM' => 'Fingerprint.pm', - 'PREREQ_PM' => { Net::DNS => 0.42 }, - 'EXE_FILES' => [ "apps/fpdns" ], - 'NO_META' => 1, - 'SIGN' => 1, - clean => { FILES => "*~" }, + 'NAME' => 'Net::DNS::Fingerprint', + 'VERSION_FROM' => 'lib/Net/DNS/Fingerprint.pm', + 'PREREQ_PM' => { Net::DNS => 0.42 }, + 'EXE_FILES' => ["apps/fpdns"], + 'NO_META' => 1, + 'SIGN' => 0, + clean => { FILES => "*~" }, ); diff -Nru net-dns-fingerprint-0.9.3/MANIFEST net-dns-fingerprint-20130404/MANIFEST --- net-dns-fingerprint-0.9.3/MANIFEST 2005-03-02 19:23:11.000000000 +0000 +++ net-dns-fingerprint-20130404/MANIFEST 2012-10-19 08:54:24.000000000 +0000 @@ -1,6 +1,5 @@ LICENSE MANIFEST -SIGNATURE Makefile.PL -Fingerprint.pm +lib/Net/DNS/Fingerprint.pm apps/fpdns diff -Nru net-dns-fingerprint-0.9.3/SIGNATURE net-dns-fingerprint-20130404/SIGNATURE --- net-dns-fingerprint-0.9.3/SIGNATURE 2005-09-05 13:37:22.000000000 +0000 +++ net-dns-fingerprint-20130404/SIGNATURE 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -This file contains message digests of all files listed in MANIFEST, -signed via the Module::Signature module, version 0.44. - -To verify the content in this distribution, first make sure you have -Module::Signature installed, then type: - - % cpansign -v - -It will check each file's integrity, as well as the signature's -validity. If "==> Signature verified OK! <==" is not displayed, -the distribution may already have been compromised, and you should -not run its Makefile.PL or Build.PL. - ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -SHA1 1bd2e92697fc00d4c597c968383499566c465e99 Fingerprint.pm -SHA1 5592639e87f60f28df35f942bb48af37c3ba4f6b LICENSE -SHA1 507dab3b0c85cc0ab689d77976ab511f8d2e4ca2 MANIFEST -SHA1 f15eaf23c0b8c0e60878d8f63fe74ea7bf356638 Makefile.PL -SHA1 b55db3a3308530b5a8beabb987ea26b8d0a80867 apps/fpdns ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (Darwin) - -iD8DBQFDHEoSVCc8X9UG5FIRAgKGAKC0OXPXFcKuElJlx+7NFfuIRgHBBgCgj/+l -S/iCpyb1qGKMBd2sPHjLKZ4= -=HXEU ------END PGP SIGNATURE-----