private async Task <ReverseDnsResult> Lookup(string ipAddress)
{
ReverseDnsResult reverseDnsResult = await _reverseDnsLookup.Lookup(ipAddress);
if (!reverseDnsResult.ForwardResponses.Any())
{
return(new ReverseDnsResult(ipAddress, new List <ReverseDnsResponse> {
new ReverseDnsResponse("Unknown", null, "Unknown")
}));
}
if (!reverseDnsResult.ForwardResponses.Any(x => x.IpAddresses.Contains(ipAddress)))
{
List <ReverseDnsResponse> responses = reverseDnsResult.ForwardResponses.Select(x => new ReverseDnsResponse("Mismatch", x.IpAddresses, "Mismatch")).ToList();
return(new ReverseDnsResult(ipAddress, responses));
}
foreach (ReverseDnsResponse forwardResponse in reverseDnsResult.ForwardResponses)
{
OrganisationalDomain organisationalDomain = await _organisationalDomainProvider.GetOrganisationalDomain(forwardResponse.Host);
forwardResponse.OrganisationalDomain = organisationalDomain.OrgDomain;
}
return(reverseDnsResult);
}
public async Task ItShouldReturnEmptyListForBadIpAddress(string ipAddress)
{
var reverseDnsLookup = new ReverseDnsLookup(_dnsResolver, _log);
ReverseDnsResult result = await reverseDnsLookup.Lookup(ipAddress);
Assert.That(result.ForwardResponses.Count, Is.EqualTo(0));
Assert.IsNull(result.OriginalIpAddress);
}
public async Task ItShouldLogErrorWhenUnableToDoLookupForPtr(string ipAddress)
{
ReverseDnsQueryResponse response = new ReverseDnsQueryResponse(true, "Something has gone wrong!", null);
A.CallTo(() => _dnsResolver.QueryPtrAsync(A <IPAddress> ._)).Returns(response);
var reverseDnsLookup = new ReverseDnsLookup(_dnsResolver, _log);
ReverseDnsResult result = await reverseDnsLookup.Lookup(ipAddress);
Assert.That(_log.Warnings.Count, Is.EqualTo(1));
Assert.That(result.ForwardResponses.Count, Is.EqualTo(0));
Assert.IsNull(result.OriginalIpAddress);
}
public async Task ItShouldProcessAllValidLookups(string ipAddress)
{
string googleHostName = "google.com";
string googleIp1 = "192.168.0.1";
string googleIp2 = "192.168.0.2";
string yahooHostName = "yahoo.com";
string yahooIp1 = "192.168.1.1";
ReverseDnsQueryResponse ptrDnsQueryResponse = new ReverseDnsQueryResponse(false, string.Empty, new List <string>()
{
googleHostName, yahooHostName
});
ReverseDnsQueryResponse googleAddressDnsQueryResponse = new ReverseDnsQueryResponse(false, string.Empty, new List <string>()
{
googleIp1, googleIp2
});
ReverseDnsQueryResponse yahooAddressDnsQueryResponse = new ReverseDnsQueryResponse(false, string.Empty, new List <string>()
{
yahooIp1
});
A.CallTo(() => _dnsResolver.QueryPtrAsync(A <IPAddress> ._)).Returns(ptrDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <ARecord>(googleHostName, QueryType.A)).Returns(googleAddressDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <AaaaRecord>(googleHostName, QueryType.AAAA)).Returns(googleAddressDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <ARecord>(yahooHostName, QueryType.A)).Returns(yahooAddressDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <AaaaRecord>(yahooHostName, QueryType.AAAA)).Returns(yahooAddressDnsQueryResponse);
var reverseDnsLookup = new ReverseDnsLookup(_dnsResolver, _log);
ReverseDnsResult reverseDnsResult = await reverseDnsLookup.Lookup(ipAddress);
Assert.That(_log.Errors.Count, Is.EqualTo(0));
Assert.That(_log.Warnings.Count, Is.EqualTo(0));
Assert.That(reverseDnsResult.ForwardResponses.Count, Is.EqualTo(2));
Assert.That(reverseDnsResult.ForwardResponses[0].Host, Is.EqualTo(googleHostName));
Assert.That(reverseDnsResult.ForwardResponses[0].IpAddresses.Count, Is.EqualTo(2));
Assert.That(reverseDnsResult.ForwardResponses[0].IpAddresses[0], Is.EqualTo(googleIp1));
Assert.That(reverseDnsResult.ForwardResponses[0].IpAddresses[1], Is.EqualTo(googleIp2));
Assert.That(reverseDnsResult.ForwardResponses[1].Host, Is.EqualTo(yahooHostName));
Assert.That(reverseDnsResult.ForwardResponses[1].IpAddresses.Count, Is.EqualTo(1));
Assert.That(reverseDnsResult.ForwardResponses[1].IpAddresses[0], Is.EqualTo(yahooIp1));
}
public async Task ItShouldLogErrorWhenValidPtrButFailsOnForwardLookup(string ipAddress)
{
ReverseDnsQueryResponse ptrDnsQueryResponse = new ReverseDnsQueryResponse(false, string.Empty, new List <string>()
{
"google.com"
});
ReverseDnsQueryResponse addressDnsQueryResponse = new ReverseDnsQueryResponse(true, "Something has gone wrong!", null);
A.CallTo(() => _dnsResolver.QueryPtrAsync(A <IPAddress> ._)).Returns(ptrDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <ARecord>(A <string> ._, QueryType.A)).Returns(addressDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <AaaaRecord>(A <string> ._, QueryType.AAAA)).Returns(addressDnsQueryResponse);
var reverseDnsLookup = new ReverseDnsLookup(_dnsResolver, _log);
ReverseDnsResult reverseDnsResult = await reverseDnsLookup.Lookup(ipAddress);
Assert.That(_log.Warnings.Count, Is.EqualTo(1));
Assert.That(reverseDnsResult.ForwardResponses.Count, Is.EqualTo(0));
}
private async Task <List <(DateTime, ReverseDnsResult)> > GetExistingReverseDnsResults(Stopwatch stopwatch)
{
Console.WriteLine($"Querying all reverse dns results");
List <(DateTime, ReverseDnsResult)> results = new List <(DateTime, ReverseDnsResult)>();
double tally = 0;
using (DbDataReader reader = await MySqlHelper.ExecuteReaderAsync(Environment.GetEnvironmentVariable("ReverseDnsConnectionString"), "SELECT * FROM reverse_lookup_results"))
{
while (await reader.ReadAsync())
{
ReverseDnsResponse data = JsonConvert.DeserializeObject <List <ReverseDnsResponse> >(reader.GetString("data")).FirstOrDefault();
List <ReverseDnsResponse> reverseDnsResponses = null;
if (data != null)
{
List <string> ipAddresses = data.IpAddresses;
string host = data.Host;
string organisationalDomain = data.OrganisationalDomain;
reverseDnsResponses = new List <ReverseDnsResponse>
{
new ReverseDnsResponse(host, ipAddresses, organisationalDomain)
};
}
DateTime date = reader.GetDateTime("date");
string originalIpAddress = reader.GetString("ip_address");
ReverseDnsResult reverseDnsResult = new ReverseDnsResult(originalIpAddress, reverseDnsResponses);
results.Add((date, reverseDnsResult));
tally++;
double percentDone = tally / 4500000d;
Console.Write($"\rLoaded {tally} = {percentDone:P2}% after {stopwatch.Elapsed.Minutes} mins {stopwatch.Elapsed.Seconds} secs");
}
}
Console.WriteLine($"\nFinished querying all results");
return(results);
}
public async Task ItShouldOnlyProcessValidLookupsAndNotStopWhenInvalid(string ipAddress)
{
string googleHostName = "google.com";
string googleIp1 = "192.168.0.1";
string yahooHostName = "yahoo.com";
ReverseDnsQueryResponse ptrDnsQueryResponse = new ReverseDnsQueryResponse(false, string.Empty, new List <string>()
{
googleHostName, yahooHostName
});
ReverseDnsQueryResponse host1AddressDnsQueryResponse = new ReverseDnsQueryResponse(false, string.Empty, new List <string>()
{
googleIp1
});
ReverseDnsQueryResponse host2AaddressDnsQueryResponse = new ReverseDnsQueryResponse(true, "Something has gone wrong!", null);
A.CallTo(() => _dnsResolver.QueryPtrAsync(A <IPAddress> ._)).Returns(ptrDnsQueryResponse);
//setup for only host1
A.CallTo(() => _dnsResolver.QueryAddressAsync <ARecord>(googleHostName, QueryType.A)).Returns(host1AddressDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <AaaaRecord>(googleHostName, QueryType.AAAA)).Returns(host1AddressDnsQueryResponse);
//setup for only host1
A.CallTo(() => _dnsResolver.QueryAddressAsync <ARecord>(yahooHostName, QueryType.A)).Returns(host2AaddressDnsQueryResponse);
A.CallTo(() => _dnsResolver.QueryAddressAsync <AaaaRecord>(yahooHostName, QueryType.AAAA)).Returns(host2AaddressDnsQueryResponse);
var reverseDnsLookup = new ReverseDnsLookup(_dnsResolver, _log);
ReverseDnsResult reverseDnsResults = await reverseDnsLookup.Lookup(ipAddress);
Assert.That(_log.Warnings.Count, Is.EqualTo(1));
Assert.That(reverseDnsResults.ForwardResponses.Count, Is.EqualTo(1));
Assert.That(reverseDnsResults.ForwardResponses[0].Host, Is.EqualTo(googleHostName));
Assert.That(reverseDnsResults.ForwardResponses[0].IpAddresses.Count, Is.EqualTo(1));
Assert.That(reverseDnsResults.ForwardResponses[0].IpAddresses[0], Is.EqualTo(googleIp1));
}
public async Task Handle(ReverseDnsBackfillBatch message)
{
Stopwatch stopwatch = Stopwatch.StartNew();
_log.LogInformation($"Received batch of {message.IpsToBackfill?.Count ?? 0} reverse dns entries to backfill with reverseDns lookups");
if (message.IpsToBackfill == null || message.IpsToBackfill.Count == 0)
{
return;
}
foreach (string ipAddress in message.IpsToBackfill)
{
DateTime now = DateTime.UtcNow;
ReverseDnsResult currentReverseDnsResult = await Lookup(ipAddress);
List <IpAddressDetails> entries = await _ipAddressAddressDetailsDao.GetIpAddressDetails(ipAddress);
List <IpAddressDetails> entriesWithReverseDns = entries.Where(x => x.ReverseDnsResponses != null).ToList();
List <IpAddressDetails> entriesWithoutReverseDns = entries.Where(x => x.ReverseDnsResponses == null).ToList();
List <IpAddressDetailsUpdateDto> entriesToUpdate = new List <IpAddressDetailsUpdateDto>();
foreach (IpAddressDetails existingEntry in entriesWithoutReverseDns)
{
if (entriesWithReverseDns.Any())
{
IpAddressDetails nearestNeighbour = entriesWithReverseDns.OrderBy(x => Math.Abs(x.Date.Ticks - existingEntry.Date.Ticks)).First();
long timeBetweenEntryAndNow = Math.Abs(now.Ticks - existingEntry.Date.Ticks);
long timeBetweenEntryAndNearestNeighbour = Math.Abs(nearestNeighbour.Date.Ticks - existingEntry.Date.Ticks);
if (timeBetweenEntryAndNearestNeighbour < timeBetweenEntryAndNow)
{
IpAddressDetailsUpdateDto entryToUpdate = new IpAddressDetailsUpdateDto(
existingEntry.IpAddress,
existingEntry.Date,
nearestNeighbour.ReverseDnsResponses,
nearestNeighbour.ReverseDnsLookupTimestamp);
entriesToUpdate.Add(entryToUpdate);
}
else
{
IpAddressDetailsUpdateDto entryToUpdate = new IpAddressDetailsUpdateDto(
existingEntry.IpAddress,
existingEntry.Date,
currentReverseDnsResult.ForwardResponses,
now);
entriesToUpdate.Add(entryToUpdate);
}
}
else
{
IpAddressDetailsUpdateDto entryToUpdate = new IpAddressDetailsUpdateDto(
existingEntry.IpAddress,
existingEntry.Date,
currentReverseDnsResult.ForwardResponses,
now);
entriesToUpdate.Add(entryToUpdate);
}
}
await _ipAddressAddressDetailsDao.UpdateReverseDns(entriesToUpdate);
}
_log.LogInformation(
$"Processed batch of {message.IpsToBackfill?.Count} reverse dns entries in {stopwatch.ElapsedMilliseconds} ms");
}
