A recent report from Georgia Tech and co-sponsored by Google indicates that the number of poisoned DNS servers is on the rise. As you may know, the Internet runs on a system of domain name servers (DNS) that convert the website URL (e.g., 'www.about.com') into a series of four numbers that is unique within the larger, world-wide network (e.g., '207.126.123.20'). Whenever you type in the first, your computer first reconciles the URL to the IP address.
The problem for Python programmers -- or any web app programmer --
is that one tends to use the URL over the IP address. This has the
benefit of greater permanency in a world where hosting services can be
changed overnight. However, using the IP address is not a silver
bullet. Modern DNS services use domain name pointers
which then point to the domain name entry, the URL. So one never has
direct access to the IP address, unless no domain name is registered. To make matters worse, rogue DNS servers seem to serve bad addresses only some of the time.
At this point, it seems the best one can do is to keep a cache of IP
addresses that will serve as a touchstone; one would then perform a
DNS check, and flag the URL if the DNS check returns a different IP
address. To do this, one uses the socket
module.
First, import the socket module:
>>> import socket >>> socket.gethostbyname_ex('cnn.com')
('cnn.com', [], ['64.236.16.20', '64.236.16.52', '64.236.24.12', '64.236.29.120')
>>>
>>> socket.gethostbyaddr('64.236.16.20')
('www2.cnn.com', [], ['64.236.16.20'])
>>>
>>> socket.gethostbyname_ex('about.com')
('about.com', [], ['207.241.148.80'])
>>> socket.gethostbyaddr('207.241.148.80')
('gcny.about.com', [], ['207.241.148.80'])
>>>