Printing all DNS records using DNSPython in Python

import dns.resolver


def get_records(domain):
    """
    Get all the records associated to domain parameter.
    :param domain: 
    :return: 
    """
    ids = [
        'NONE',
        'A',
        'NS',
        'MD',
        'MF',
        'CNAME',
        'SOA',
        'MB',
        'MG',
        'MR',
        'NULL',
        'WKS',
        'PTR',
        'HINFO',
        'MINFO',
        'MX',
        'TXT',
        'RP',
        'AFSDB',
        'X25',
        'ISDN',
        'RT',
        'NSAP',
        'NSAP-PTR',
        'SIG',
        'KEY',
        'PX',
        'GPOS',
        'AAAA',
        'LOC',
        'NXT',
        'SRV',
        'NAPTR',
        'KX',
        'CERT',
        'A6',
        'DNAME',
        'OPT',
        'APL',
        'DS',
        'SSHFP',
        'IPSECKEY',
        'RRSIG',
        'NSEC',
        'DNSKEY',
        'DHCID',
        'NSEC3',
        'NSEC3PARAM',
        'TLSA',
        'HIP',
        'CDS',
        'CDNSKEY',
        'CSYNC',
        'SPF',
        'UNSPEC',
        'EUI48',
        'EUI64',
        'TKEY',
        'TSIG',
        'IXFR',
        'AXFR',
        'MAILB',
        'MAILA',
        'ANY',
        'URI',
        'CAA',
        'TA',
        'DLV',
    ]
    
    for a in ids:
        try:
            answers = dns.resolver.query(domain, a)
            for rdata in answers:
                print(a, ':', rdata.to_text())
    
        except Exception as e:
            print(e)  # or pass

if __name__ == '__main__':
    get_records('google.com')

References
https://gist.github.com/akshaybabloo/2a1df455e7643926739e934e910cbf2e

Installing dnscrypt-proxy on Linux

Get a root shell

sudo -s

check what else is possibly already listening to port 53

ss -lp 'sport = :domain'
systemctl stop systemd-resolved
systemctl disable systemd-resolved
ss -lp 'sport = :domain'

Download and run dnscrypt-proxy

Download dnscrypt-proxy here: dnscrypt-proxy binaries.

cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy

Change the system DNS settings

apt-get remove resolvconf
cp /etc/resolv.conf /etc/resolv.conf.backup
rm -f /etc/resolv.conf

And create a new /etc/resolv.conf file with the following content:

nameserver 127.0.0.1
options edns0

Install the proxy as a system service

./dnscrypt-proxy -service install
./dnscrypt-proxy -service start
./dnscrypt-proxy -service stop
./dnscrypt-proxy -service restart
./dnscrypt-proxy -service uninstall

Want to check that DNS resolution works?

./dnscrypt-proxy -resolve example.com

Connect to 1.1.1.1 using DoH clients

Add cloudflare and cloudflare-ipv6 to the server list in dnscrypt-proxy.toml:

server_names = ['cloudflare', 'cloudflare-ipv6']

References
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/

Linux Host File

The hosts file is a way to map hostnames to IP addresses. This is very important with certain setups and to make networking on Linux a bit easier. In a sense, the hosts file acts as a local DNS server.

sudo nano /etc/hosts

For example, to block Wikipedia, you’d type (remembering to use the Tab key rather than Space):

127.0.0.1        wikipedia.org

or static dns lookup for hostnames

198.20.14.51 example.com

References
https://www.makeuseof.com/tag/modify-manage-hosts-file-linux/

Connect to Cloudflare 1.1.1.1 using DoH clients on Ubuntu

Download and install the cloudflared daemon

Or Download and install cloudflared via the Cloudflare Package Repository.

Ubuntu 20.04 LTS (Focal Fossa)

# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared
cloudflared --version

Run without systemd

cloudflared proxy-dns
#cloudflared proxy-dns --port 5553

Run with systemd

sudo tee /etc/systemd/system/cloudflared-proxy-dns.service >/dev/null <<EOF
[Unit]
Description=DNS over HTTPS (DoH) proxy client
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/local/bin/cloudflared proxy-dns

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable --now cloudflared-proxy-dns
sudo rm -f /etc/resolv.conf
echo nameserver 127.0.0.1 | sudo tee /etc/resolv.conf >/dev/null

Finally, verify it locally with:

dig +short @127.0.0.1 cloudflare.com AAAA

Update cloudflared

cloudflared update

References
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/
https://pkg.cloudflare.com/index.html