feat: Update tools to allow custom DNS server

2025-10-30 11:55:48 +11:00
parent 6a68432a08
commit 8b95ee8332
2 changed files with 18 additions and 8 deletions
--- a/6
+++ b/6
@@ -9,7 +9,11 @@ COPY requirements.txt /app
 RUN --mount=type=cache,target=/root/.cache/pip \
    python3 -m pip install -r requirements.txt
-COPY . /app
+# Copy application files
 COPY *.py /app/
 COPY templates/ /app/templates/
 COPY hsd_ksk /app
 # Optionally mount /data to store the data
 # VOLUME /data
--- a/tools.py
+++ b/tools.py
@@ -14,22 +14,24 @@ from bs4 import BeautifulSoup
 import requests_doh
 import urllib3
 import socket
 import os
 resolver = dns.resolver.Resolver()
-resolver.nameservers = ["194.50.5.28","194.50.5.27","194.50.5.26"]
+resolver.nameservers = os.getenv("DNS_SERVERS", "194.50.5.27").split(",")
-resolver.port = 53
+resolver.port = int(os.getenv("DNS_PORT", "53"))
 DoHsession = requests_doh.DNSOverHTTPSSession("hnsdoh")
 # Disable warnings
 urllib3.disable_warnings()
-def check_ssl(domain: str):    
+def check_ssl(domain: str):
    domain_check = False
    returns = {"success": False,"valid":False}
    try:
        # Query the DNS record
-        response = resolver.resolve(domain, "A")
+        response = resolver.resolve(domain, "A",lifetime=10)
        records = []
        for record in response:
            records.append(str(record))
@@ -146,7 +148,7 @@ def check_ssl(domain: str):
        try:
            # Check for TLSA record
-            response = resolver.resolve("_443._tcp."+domain, "TLSA")
+            response = resolver.resolve("_443._tcp."+domain, "TLSA",lifetime=10)
            tlsa_records = []
            for record in response:
                tlsa_records.append(str(record))
@@ -166,6 +168,9 @@ def check_ssl(domain: str):
        return returns
    # Catch all exceptions
    except dns.exception.Timeout:
        returns["message"] = f"DNS resolution timed out for {domain}. Please check your internet connection or try again later."
        return returns
    except Exception as e:
        returns["message"] = f"An error occurred: {e}"
        return returns
@@ -174,8 +179,9 @@ def check_ssl(domain: str):
 def validate_dnssec(domain):
    # Pick a random resolver
    resolverIP = resolver.nameservers[0]
    resolverPort = resolver.port
    # delv @194.50.5.28 -a hsd-ksk nathan.woodburn A +rtrace +vtrace
-    command = f"delv @{resolverIP} -a hsd-ksk {domain} A +rtrace +vtrace"
+    command = f"delv @{resolverIP} -p {resolverPort} -a hsd-ksk {domain} A +rtrace +vtrace"
    result = subprocess.run(command, shell=True, capture_output=True, text=True)
    if "; fully validated" in result.stdout or "; negative response, fully validated" in result.stdout:
        return {"valid": True, "message": "DNSSEC is valid", "output": result.stderr + result.stdout}
@@ -189,7 +195,7 @@ def curl(url: str):
        url = "http://" + url
    try:
        # curl --doh-url https://hnsdoh.com/dns-query {url} --insecure
-        command = f"curl --doh-url https://hnsdoh.com/dns-query {url} --insecure --silent"
+        command = f"curl --doh-url https://hnsdoh.com/dns-query {url} --insecure --silent -A 'Woodburn'"
        response = subprocess.run(command, shell=True, capture_output=True, text=True, timeout=10)
        if response.returncode != 0:
            return {"success": False, "error": response.stderr}