支持灵活搜索的DNSDB API版本2的客户端
项目描述
Farsight DNSDB版本2带有灵活搜索的Python SDK
Farsight Security DNSDB® 是世界上最大的DNS智能数据库,提供基于事实的独特、多角度的全球互联网基础设施配置视图。DNSDB利用Farsight安全信息交换(SIE)数据共享平台的丰富性,并由领先的DNS专家设计和运营。Farsight从其全球传感器阵列收集被动DNS数据。然后过滤和验证DNS事务,并在将其插入DNSDB之前,连同ICANN赞助的区域文件访问下载数据一起插入。最终结果是此类服务中最高质量和最全面的DNS智能数据服务 - 自2010年以来拥有超过1000亿条DNS记录。
此Python 3软件开发套件实现了DNSDB版本2灵活搜索API的所有功能。
需求
- Python 3.6或更高版本。
- Python requests.
- 用于运行测试套件的Requests mock
- 一个DNSDB API密钥。
购买DNSDB,请完成申请表。我们的尽职调查流程要求您在申请表中填写所有必填字段。我们必须能够积极确认您的身份和预期用途,因此您在完成这些信息的合作将非常感谢并加快审批流程。一旦您的申请完成,Farsight Security将在两个工作日内审查并回复您的请求。
DNSDB免费30天试用密钥:Farsight的API密钥便携性计划让您解锁DNS智能在支持Farsight DNSDB RESTful API的数十个SIEM、编排、自动化和威胁情报平台中的力量。
示例
导入dnsdb2库并配置客户端。
import dnsdb2
client = dnsdb2.Client(apikey, swclient="yourappname", version="v0.0")
执行对farsight的灵活正则表达式搜索。这手动抑制了服务器因查询结果超过行限制而引发的QueryLimited异常。
results = list(client.flex_rdata_regex('farsight', ignore_limited=True))
查找rrsets,rrtype为A的*.dnsdb.info。
results = list(client.lookup_rrset("*.dnsdb.info", rrtype='A', ignore_limited=True))
总结过去90天内看到的104.244.14.0/24的rdata记录。
results = next(client.summarize_rdata_ip("104.244.14.0/24", time_last_after=-60*60*24*90, ignore_limited=True))
在QueryLimited被触发后,通过重新发出带有增加偏移量的查询来迭代大型结果集。
limit = 1000
offset = 0
results = list()
while True:
try:
for res in client.lookup_rrset("farsightsecurity.com", limit=limit, offset=offset):
results.append(res)
except dnsdb2.QueryLimited:
offset += limit
else:
break
API文档
https://docs.dnsdb.info/dnsdb-apiv2/
https://docs.dnsdb.info/dnsdb-flex/
目录
- 客户端
- DnsdbException
- AccessDenied
- OffsetError
- QuotaExceeded
- ConcurrencyExceeded
- QueryError
- QueryFailed
- QueryLimited
- QueryTruncated
- ProtocolError
Client Objects
| dnsdb2.Client(apikey: str, server: str = 'https://api.dnsdb.info',
| swclient: str = 'dnsdb2-py', version: str = '0.0',
| proxies: Dict[str, str] = None, insecure: bool = False)
| A client for DNSDB protocol version 2 with Flex Search.
|
| Args:
| apikey (str): A DNSDB API key
| server (str): The DNSDB API server endpoint
| swclient (str): The name of the client software reported to DNSDB.
| version (str): The version of the software reported to DNSDB.
| proxies (Dict[str, str]): HTTP proxies to use. Mapping of protocol to URL.
| insecure (bool): Skip https validation.
ping
| ping(self) -> bool
| Tests end to end connectivity tests to the DNSDB API endpoint, letting
| you know that there are no firewall blockages.
rate_limit
| rate_limit(self) -> dict
| Retrieves quota information as described in the DNSDB API v2 documentation.
lookup_rrset
| lookup_rrset = f(self, owner_name: str, rrtype: str = None, bailiwick: str = None, ignore_limited: bool = False, **params)
| Executes a lookup rrset query.
|
| Args:
| owner_name (str): A DNS owner name in presentation format or wildcards.
|
| Wildcards are one of two forms: a left-hand (*.example.com) or
| right-hand (www.example.*) wildcard domain name. An owner name with a
| leading asterisk and label separator, (i.e., *.) will perform a
| wildcard search for any RRsets whose owner names end with the given
| domain name. An owner name with a trailing label separator and asterisk
| (i.e., .*) will perform a wildcard search for any RRsets whose owner
| names start with the given label(s). Note that left-hand wildcard
| queries are somewhat more expensive and slower than right-hand wildcard
| queries.
| rrtype (str): a DNS RRtype mnemonic.
|
| bailiwick (str): A DNS bailiwick in presentation format or wildcards.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
summarize_rrset
| summarize_rrset = f(self, owner_name: str, rrtype: str = None, bailiwick: str = None, ignore_limited: bool = False, **params)
| Executes a summarize rrset query.
|
| Args:
| owner_name (str): A DNS owner name in presentation format or wildcards.
|
| Wildcards are one of two forms: a left-hand (*.example.com) or
| right-hand (www.example.*) wildcard domain name. An owner name with a
| leading asterisk and label separator, (i.e., *.) will perform a
| wildcard search for any RRsets whose owner names end with the given
| domain name. An owner name with a trailing label separator and asterisk
| (i.e., .*) will perform a wildcard search for any RRsets whose owner
| names start with the given label(s). Note that left-hand wildcard
| queries are somewhat more expensive and slower than right-hand wildcard
| queries.
| rrtype (str): a DNS RRtype mnemonic.
|
| bailiwick (str): A DNS bailiwick in presentation format or wildcards.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| max_count (int): max_count controls stopping when we reach that summary
| count. The resulting total count can exceed max_count as it will include
| the entire count from the last rrset examined.
|
| The default is to not constrain the count.
lookup_rdata_name
| lookup_rdata_name = f(self, name: str, rrtype: str = None, ignore_limited: bool = False, **params)
| Executes a lookup data name query.
|
| Args:
| name (str): a DNS domain name in presentation format, or a left-hand
| (`.example.com`) or right-hand (`www.example.`) wildcard domain name.
| Note that left-hand wildcard queries are somewhat more expensive than
| right-hand wildcard queries.
| rrtype (str): a DNS RRtype mnemonic.
|
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
summarize_rdata_name
| summarize_rdata_name = f(self, name: str, rrtype: str = None, ignore_limited: bool = False, **params)
| Executes a summarize data name query.
|
| Args:
| name (str): a DNS domain name in presentation format, or a left-hand
| (`.example.com`) or right-hand (`www.example.`) wildcard domain name.
| Note that left-hand wildcard queries are somewhat more expensive than
| right-hand wildcard queries.
| rrtype (str): a DNS RRtype mnemonic.
|
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| max_count (int): max_count controls stopping when we reach that summary
| count. The resulting total count can exceed max_count as it will include
| the entire count from the last rrset examined.
|
| The default is to not constrain the count.
lookup_rdata_ip
| lookup_rdata_ip = f(self, ip: str, ignore_limited: bool = False, **params)
| Executes a lookup data ip query.
|
| Args:
| ip (str): One of an IPv4 or IPv6 single address, with a prefix length, or
| with an address range.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
summarize_rdata_ip
| summarize_rdata_ip = f(self, ip: str, ignore_limited: bool = False, **params)
| Executes a summarize data ip query.
|
| Args:
| ip (str): One of an IPv4 or IPv6 single address, with a prefix length, or
| with an address range.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| max_count (int): max_count controls stopping when we reach that summary
| count. The resulting total count can exceed max_count as it will include
| the entire count from the last rrset examined.
|
| The default is to not constrain the count.
lookup_rdata_raw
| lookup_rdata_raw = f(self, raw_rdata: str, rrtype: str = None, ignore_limited: bool = False, **params)
| Executes a lookup data raw query.
|
| Args:
| raw_rdata (str): An even number of hexadecimal digits specifying a raw
| octet string.
| rrtype (str): a DNS RRtype mnemonic.
|
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
summarize_rdata_raw
| summarize_rdata_raw = f(self, raw_rdata: str, rrtype: str = None, ignore_limited: bool = False, **params)
| Executes a summarize data raw query.
|
| Args:
| raw_rdata (str): An even number of hexadecimal digits specifying a raw
| octet string.
| rrtype (str): a DNS RRtype mnemonic.
|
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| aggr (bool): Aggregated results group identical rrsets across all time
| periods and is the classic behavior from querying the DNSDB. This means
| you could get the total number of times an rrset has been observed, but
| not when it was observed. Unaggregated results ungroup identical rrsets,
| allowing you to see how the domain name was resolved in the DNS across
| the full-time range covered in DNSDB (subject to time fencing). This can
| give a more accurate impression of record request volume across time
| because it will reveal the distinct timestamps of records whose values
| are repeated. You can answer questions like, “Was a domain parked for a
| long time, mostly unused, until it was repurposed for serving malware or
| relaying spam, but then was abandoned again?” It allows you to see if a
| record was observed heavily in the last week vs. having been observed
| constantly for years.
|
| humantime (bool): A value that is True if time values (in time_first,
| time_last, zone_time_first, zone_time_last) should be returned in human
| readable (RFC3339 compliant) format or False if Unix-style time values
| in seconds since the epoch should be returned. False is the classic
| behavior from querying the DNSDB and is the default value for this
| option.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
|
| max_count (int): max_count controls stopping when we reach that summary
| count. The resulting total count can exceed max_count as it will include
| the entire count from the last rrset examined.
|
| The default is to not constrain the count.
flex_rrnames_regex
| flex_rrnames_regex = f(self, value: str, rrtype: str = None, verbose: bool = True, ignore_limited: bool = False, **params)
| Executes a regex rrnames flex search query.
|
| Args:
| value (str): A regex to match against rrnames.
| rrtype (str): a DNS RRtype mnemonic.
|
| verbose (bool): Set to false to disable `count`, `time_first`, and
| `time_last` fields in output.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| exclude (str): Exclude (i.e. filter-out) results that match the regex.
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
flex_rrnames_glob
| flex_rrnames_glob = f(self, value: str, rrtype: str = None, verbose: bool = True, ignore_limited: bool = False, **params)
| Executes a glob rrnames flex search query.
|
| Args:
| value (str): A glob to match against rrnames.
| rrtype (str): a DNS RRtype mnemonic.
|
| verbose (bool): Set to false to disable `count`, `time_first`, and
| `time_last` fields in output.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| exclude (str): Exclude (i.e. filter-out) results that match the glob.
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
flex_rdata_regex
| flex_rdata_regex = f(self, value: str, rrtype: str = None, verbose: bool = True, ignore_limited: bool = False, **params)
| Executes a regex rdata flex search query.
|
| Args:
| value (str): A regex to match against rdata.
| rrtype (str): a DNS RRtype mnemonic.
|
| verbose (bool): Set to false to disable `count`, `time_first`, and
| `time_last` fields in output.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| exclude (str): Exclude (i.e. filter-out) results that match the regex.
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
flex_rdata_glob
flex_rdata_glob = f(self, value: str, rrtype: str = None, verbose: bool = True, ignore_limited: bool = False, **params)
| Executes a glob rdata flex search query.
|
| Args:
| value (str): A glob to match against rdata.
| rrtype (str): a DNS RRtype mnemonic.
|
| verbose (bool): Set to false to disable `count`, `time_first`, and
| `time_last` fields in output.
| time_first_before (int): provide results before the defined timestamp for
| when the DNS record was first observed. For example, the URL parameter
| “time_first_before=1420070400” will only provide matching DNS records
| that were first observed before (or older than) January 1, 2015.
|
| time_first_after (int): provide results after the defined timestamp for when
| the DNS record was first observed. For example, the URL parameter
| “time_first_after=-31536000” will only provide results that were first
| observed within the last year.
|
| time_last_before (int): provide results before the defined timestamp for
| when the DNS record was last observed. For example, the URL parameter
| “time_last_before=1356998400” will only provide results for DNS records
| that were last observed before 2013.
|
| time_last_after (int): provide results after the defined timestamp for when
| the DNS record was last observed. For example, the URL parameter
| “time_last_after=-2678400” will only provide results that were last
| observed after 31 days ago.
|
| exclude (str): Exclude (i.e. filter-out) results that match the glob.
| limit (int): Limit for the number of results returned via these lookup
| methods. There is a built-in limit to the number of results that are
| returned via these lookup methods. The default limit is set at 10,000.
| This limit can be raised or lowered by setting the “limit” query
| parameter.
|
| There is also a maximum number of results allowed; requesting a limit
| greater than the maximum will only return the maximum. See results_max
| below for information on that maximum. If “?limit=0” is used then DNSDB
| will return the maximum number of results allowed. Obviously, if there
| are less results for the query than the requested limit, only the actual
| amount can be returned.
|
| id (str): Client software specific identity of the user of the API client.
| Comprised of an alphanumeric string, a colon, and an alphanumeric
| string, limited to thirty characters. This may be logged by the DNSDB
| API server.
|
| offset (int): How many rows to offset (e.g. skip) in the results.
| This implements an incremental result transfer feature, allowing you to
| view more of the available results for a single query. The rows are
| offset prior to the limit parameter being applied, therefore offset
| allows seeing additional results past a limit that matches the maximum
| number of results. Note that DNSDB recalculates the results for each
| query and the order of results might not be preserved. Therefore, this
| capability is not a valid way to walk all results over multiple queries
| – some results might be missing and some might be duplicated. The actual
| offset that can be used is limited or for certain API keys, offset is
| not allowed – see the offset_max rate_limit key below.
|
| ignore_limited(bool): Suppress QueryLimited exceptions.
DnsdbException Objects
class DnsdbException(Exception)
所有DNSDB异常的通用基类。
AccessDenied Objects
class AccessDenied(DnsdbException)
如果API密钥未经授权(通常表示阻止配额已过期),或提供的API密钥无效,或客户端IP地址未授权使用此API密钥,则会引发异常。
OffsetError Objects
class OffsetError(DnsdbException)
如果偏移值大于最大允许值或在不允许提供偏移值时提供了偏移值,则会引发异常。
QuotaExceeded Objects
class QuotaExceeded(DnsdbException)
如果您的配额已超出且目前不接受任何新请求,则会引发异常。
对于基于时间的配额:API密钥的每日配额限制已超出。配额将在第二天开始时自动补充。
对于基于块的配额:块配额已耗尽。您可能需要购买更大的配额。
对于突发速率二级配额:在突发窗口内查询过多。窗口将在结束时自动重新打开。
ConcurrencyExceeded Objects
class ConcurrencyExceeded(DnsdbException)
如果超过并发连接数限制,则会引发异常。
QueryError Objects
class QueryError(DnsdbException)
如果在执行查询时发生通信错误,或服务器报告由于无效参数而导致的错误,则会引发异常。
QueryFailed Objects
class QueryFailed(DnsdbException)
如果在查询运行时服务器报告了错误,则会引发异常。
QueryLimited Objects
class QueryLimited(DnsdbException)
如果达到结果限制,则会引发异常。
QueryTruncated Objects
class QueryTruncated(DnsdbException)
如果由于服务器错误而导致查询结果不完整,则会引发异常。
ProtocolError Objects
class ProtocolError(DnsdbException)
如果在通过流应用框架接收数据时接收到无效数据,则会引发异常。
关闭
dnsdb2-1.1.4.tar.gz 的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 428e9808f5e3fcdaeacc40edc9d5d14837a20fa7f11b87543348ef285b87af5a |
|
| MD5 | 906d3b0c14cfd4925a2be9298eb9a012 |
|
| BLAKE2b-256 | 834c008e1b4d8a7265a9ce5ff2a4f52b0d9483b9978ac617cbe68e9605038147 |