verify: first version

ns-blacklist.txt

@@ -0,0 +1,16 @@
+status: NXDOMAIN
+.awsdns-
+.ns.cloudflare.com.
+.google.com.
+.akam.net.
+.domaincontrol.com.
+.dreamhost.com.
+.wordpress.com.
+.dynect.net.
+.linode.com.
+.dnsmadeeasy.com.
+.stabletransit.com.
+.qwest.net.
+.registrar-servers.com.
+.dnsimple.com.
+.namebrightdns.com.

ns-whitelist.txt

@@ -0,0 +1,109 @@
+.iidns.com.
+.dnspod.com.
+.dnspod.net.
+.hichina.com.
+.xincache.com.
+.dnsv2.com.
+.dnsv3.com.
+.dnsv4.com.
+.dnsv5.com.
+.myhostadmin.net.
+.cnolnic.com.
+.cnolnic.net.
+.dns.com.cn.
+.cnmsn.net.
+.bizcn.com.
+.alidns.com.
+.aliyun.com.
+.bddns.cn.
+.360wzb.com.
+.dnsdun.com.
+.dnsdun.net.
+.chinanetsun-dns.com.
+.ffdns.net.
+.xundns.com.
+.jiasule.net.
+.ns.yunjiasu.com.
+.cdncenter.com.
+.anquanbao.com.
+.sina.com.cn.
+.72dns.com.
+.idc1.cn.
+.ezdnscenter.com.
+.01isp.com.
+.01isp.net.
+.enet.com.cn.
+.800hr.net.cn.
+.dns.net.cn.
+.okidc.com.
+.cdnhost.cn.
+.eznowdns.net.
+.ndns.cn.
+.dnsng.net.
+.wanmeilink.com.
+.22.cn.
+.zjdomain.com.
+.zol.com.
+.ce.net.cn.
+.4everdns.com.
+.east.net.cn.
+.zdnscloud.net.cn.
+.51.net.
+.cloudcdns.com.
+.pubyun.com.
+.qq.com.
+.cdeledu.com.
+.myhexin.com.
+.bidns.net.
+.inc365.com.
+.zdnscloud.com.
+.zdnscloud.info.
+.chinanetsun.com.
+.gzidc.com.
+.ns365.net.
+.51dns.com.
+.nease.net.
+.xrnet.cn.
+.cnkuai.cn.
+.cnkuai.com.
+.taobao.com.
+.aoyou365.com.
+.dnspai.com.
+.360safe.com.
+.qycn.net.
+.qycn.cn.
+.sinonets.cn.
+.sfn.cn.
+.yovole.com.
+.duowanns.com.
+.ucweb.com
+.jcloud.com
+.eedns.com
+.maff.com
+.szhot.com.
+.bigwww.com.
+   . hostmaster.nameserver. 
+ns1.oray.net.
+ns2.oray.net.
+.cdnudns.com
+.zhujiwu.com.
+.jjworld.net.cn.
+.dns-diy.com.
+.iidns.com.
+.dns.com.
+.youku.com.
+.zj01.com.
+.cdns.cn.
+.bdydns.cn.
+.baidu.com.
+.139135.com.
+.hwclouds.net.
+.hwclouds.com.
+.hwclouds.cn.
+.alibabadns.com.
+.iqiyi.com.
+.jdcloud.com.
+.jdcache.com.
+.jd.com.
+.sohu.com.
+.dns234.net.

verify.py

@@ -0,0 +1,86 @@
+#!/usr/bin/env python
+
+import dns.resolver
+from termcolor import colored
+import random
+import ipaddress
+
+with open("ns-whitelist.txt") as f:
+    whitelist = list([l.rstrip('\n') for l in f if l])
+
+with open("ns-blacklist.txt") as f:
+    blacklist = list([l.rstrip('\n') for l in f if l])
+
+with open("cdn-testlist.txt") as f:
+    cdnlist = list([l.rstrip('\n') for l in f if l])
+
+try:
+    with open("/usr/share/chnroutes2/chnroutes.txt") as f:
+        chnroutes = list([l.rstrip('\n') for l in f if l and not l.startswith("#")])
+except:
+    print(colored("Failed to load chnroutes, CDN check disabled"), "red")
+    chnroutes = None
+
+
+with open("accelerated-domains.china.raw.txt") as f:
+    domains = random.sample([line.rstrip('\n') for line in f], 100)
+    # domains = [line.rstrip('\n') for line in f][46389:46400]
+
+
+def cn_ip_test(domain):
+    answers = dns.resolver.query(domain, 'A')
+    answer = answers[0].to_text()
+    
+    return any(ipaddress.IPv4Address(answer) in ipaddress.IPv4Network(n) for n in chnroutes)
+
+
+for domain in domains:
+    if domain:
+        nameserver = None
+        nameserver_text = ""
+        ns_failed = False
+        try:
+            answers = dns.resolver.query(domain, 'NS')
+        except dns.resolver.NXDOMAIN:
+            print(colored("NXDOMAIN found in domain: " + domain, "white", "on_red"))
+            continue
+        except Exception:
+            ns_failed = True
+        else:
+            for rdata in answers:
+                if nameserver is None:
+                    nameserver = rdata.to_text()
+                nameserver_text += rdata.to_text()
+
+        testdomain = None
+        if any(i in nameserver_text for i in whitelist):
+            print(colored("NS Whitelist matched for domain: " + domain, "green"))
+        elif domain.count(".") > 1 or any(testdomain.endswith(domain) for testdomain in cdnlist):
+            if testdomain is None:
+                testdomain = domain
+            if chnroutes:
+                try:
+                    if cn_ip_test(testdomain):
+                        print(colored("CDNList matched and verified for domain: " + domain, "green"))
+                    else:
+                        print(colored("CDNList matched but failed to verify for domain: " + domain, "red"))
+                except:
+                    print("Failed to find A for cdnlist domain:", testdomain)
+                    continue
+            else:
+                print(colored("CDNList matched (but verification is not available) for domain: " + domain))
+        elif any(i in nameserver_text for i in blacklist):
+            print(colored("NS Blacklist matched for domain: " + domain, "red"))
+        else:
+            if ns_failed:
+                print("Failed to find NS for domain: " + domain)
+            elif chnroutes:
+                try:
+                    if cn_ip_test(nameserver):
+                        print(colored("NS verified for domain: " + domain, "green"))
+                    else:
+                        print(colored("NS failed to verify for domain: " + domain, "red"))
+                except:
+                    print("Failed to find A for NS domain:", nameserver, "domain:", domain)
+            else:
+                print("Neutral domain:", domain)