Heya...
How can I fetch the mailserver address information from a DNS reply , if its available?
Posted on 2003-04-08 10:51:12 by Homer
How do you get the reply?
If you are using gethostbyname, the is AFAIK no way. If you are doing the requests manually, you can simply extract the wanted information from the additional section of the reply, see rfc1035.
Posted on 2003-04-08 15:20:08 by Zaesar
This might help you:
(win2k+)


#define WIN32_MEAN_AND_LEAN
#include <windows.h>
#include <Windns.h>

#include <iostream>
#include <string>
using namespace std;

int main(int argc, char* argv[])
{
if (argc<2)
{
cerr << "Syntax: mxrec hostname" << endl;
return 1;
}
const char *pHostname = argv[1];

DNS_RECORD *pDnsRecord = NULL;
DNS_STATUS status = DnsQuery(pHostname, DNS_TYPE_MX, DNS_QUERY_STANDARD,
NULL, &pDnsRecord, NULL);
if (!SUCCEEDED(status))
{
cerr << "DNS MX lookup failed" << endl;
return 1;
}

cout << "MX entries for " << pHostname << ":" << endl << endl;
DNS_RECORD *pCur = pDnsRecord;

bool found = false;
while(pCur)
{
if (pCur->wType==DNS_TYPE_MX)
{
DNS_MX_DATA *pMX = &pCur->Data.MX;
cout << "Hostname: " << pMX->pNameExchange <<
"; preference: " << pMX->wPreference << endl;
found = true;
}
pCur=pCur->pNext;
}
if (!found)
{
cout << "No MX records found.";
}
DnsRecordListFree(pDnsRecord, DnsFreeRecordList);
return 0;
}


Result:
X:\dev\test\mxrec\Debug>mxrec hotmail.com

MX entries for hotmail.com:

Hostname: mx3.hotmail.com; preference: 5
Hostname: mx4.hotmail.com; preference: 5
Hostname: mx1.hotmail.com; preference: 5
Hostname: mx2.hotmail.com; preference: 5


See also: http://www.asmcommunity.net/board/index.php?topic=8252&highlight=mail+exchange

EDIT: the SUCCEEDED(status) isn't correct, should probably be status!=SUCCESS but the documents are very vague on the return value..

Thomas
Posted on 2003-04-08 17:11:23 by Thomas
Much appreciated.
Posted on 2003-04-12 02:31:33 by Homer
Ok, translated to masm.
Where would I find Windns?
I'll happily translate it to masm, using my LL code if necessary.
Posted on 2003-04-12 02:55:57 by Homer
argh, I can't find it .. I'll just have to get the whole SDK as usual I guess :(
Surely its possible to lift this info from reply to a regular domain name lookup?
Must we use this wonderous new api to achieve such an inglorious result?
Posted on 2003-04-12 06:03:07 by Homer
ok I have now got three methods for mail server lookup.

First I search the registry HKCU under software/microsoft/internet account manager (taken from VB source), if the registry fails to provide me with a server, I have two more methods. One is to be lazy and drive a webpage that is set up for DNS queries (I use wininet to send a GET with cgi params tacked on), and the third non dnsapi method I found was some code which performs a regular domain name query (ip lookup), and then parses the reply CORRECTLY for ALL of the ip addresses of the domain (taken from cpp source). I still haven't figured out how to determine if any of those ip addresses are actually a mailserver, at the moment I simply try mailing them all until I find a winner.
Anyone else interested in this stuff?
Posted on 2003-04-23 08:37:26 by Homer
_
Posted on 2003-04-23 08:53:01 by Pone
Hi, I'm also interested in this.
I'm playing with sending mx-query with udp-packet to my nameserver. Didn't come to make code for parsing the reply yet.
I would like to code a function for the same as you Evilhomer2k, and maybe later some other dns-functions.

But I can't figure out how to get the default system-configured name-server?? There must be some way (without using that windns api's) of getting a list of these server names, like I know my nameserver is ns1.chello.se for instance, but in what way or api's does windows fetch that info from the system??

I did many search on google for it, didn't find anything.
Posted on 2003-05-06 07:46:07 by david
Well theres what I found ... Registry seems to be a good place to start, and then using lower methods as a fallback.
Posted on 2003-05-06 07:49:28 by Homer
My current method is just gethostname and gethostbyname, I get like ( myhostname.chello.se ) and then just paste in ns1 in place of myhostname... I have feeling it is not a good general method.. Does a name server always have ns prefixed to it as a rule? ns1, ns2 etc

In the registry I only find the mail-server name, I would like the name server somehow. nslookup program gets it somehow.


(ip lookup), and then parses the reply CORRECTLY for ALL of the ip addresses of the domain (taken from cpp source).


Could you explain a little more about that or maybe point out to the link of the source :)

Edit: sorry, I mean I did like this: gethostname, gethostbyname, and gethostbyaddr, and then check the hostent.h_name
Posted on 2003-05-06 08:20:55 by david
Look at this snippet.
This is the first time many would have seen this code.
It creates a CRLF-separated list of all the ip addresses of a hostname.
The idea is that most domains return their primary mailserver in the dns reply of a lookup made on the name which is root for that domain.
Use this as you wish, feel free to modify it, please post your changes for the benefit of others.


;** Get IP List **;
invoke RtlZeroMemory,addr MyIPBuff,sizeof MyIPBuff
invoke gethostname, addr MyIPBuff, sizeof MyIPBuff
invoke gethostbyname, addr MyIPBuff
push eax
lea eax, MyIPBuff
mov BYTE ptr , 0

INTGetNextIP:
pop eax
add eax, 12
mov ebx,
test ebx, ebx
jz INTDoneGettingIPList
push eax
mov eax,
mov eax,
mov eax,
invoke inet_ntoa, eax
push eax
lea eax, MyIPBuff
mov al, BYTE ptr ;whoa I didn't know that was legal :)
test al, al
jz INTAddIPToBuff
INTAddIPToBuff:
pop eax
invoke lstrcat, addr MyIPBuff, eax
jmp INTGetNextIP

INTDoneGettingIPList:
Posted on 2003-05-08 00:05:11 by Homer
Nameservers do NOT always have ns tacked to the front of the domain name.
I will make this as clear as I can.
Heres an example domain name... nuffin.com
The domain name server AT nuffin.com is responsible for ONLY subdomains of nuffin.com, and subdomain names are prefixed to the domain name.
Subdomains of nuffin.com identify a virtual space that can exist on the SAME machine as the nameserver, or a DIFFERENT machine entirely, which exists within the nuffin.com domain.
Generally, the nameserver machine is NOT the same machine that carries most regular traffic for that domain.
The nameserver might be called ns1.nuffin.com, which indicates the subdomain of nuffin.com where the nameserver is running !!!
When we attempt to resolve the ns1.nuffin.com name, our lookup is redirected to the nameserver of nuffin.com (the same machine in this case), who will resolve it to an ip address and return the reply.
The nameserver is simply a daemon which has a HOSTS kind of list of names and ip's, but its name isnt really important, it could have been called ralf.nuffin.com and the results would be the same. Incidentally, the person running the nameserver can invent subdomains arbitrarily and add them to the daemon's list, and then rent the names out for three dollars and fifty cents.
I know that was as clear as mud, and I probably emphasized the wrong things, but I'm sure someone somewhere just learned something...
Posted on 2003-05-08 00:29:12 by Homer
That was enlightening info!

So THAT's why I couldn't resolve ns1 :)

Thanks for that code-snippet, I must try it out later ( grrrrr, can't now, gotta leave 'cause they're soon some workers bursting into my appartment to do restoration-work with drills and other noise-making tools :( ), maybe it returns name server as well as mail-server.

The only other way I found for getting name server ip recently was getting it from the registry, on winXP I got it here

regpath:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
value:
DhcpNameServer - holds list of ip numbers to name server. ( I got two entries, so I guess it's a list )


But when looking for that reg in winME it was not there, actually I didn't find any at all there.
I heard with another guy, he didn't have the above key in win2k, but he had some other keys when checking his win98 ( but I didn't find them on winME, so I must guess they're in different path's in different o/s versions)

I found at winsockFaq this article by stas khirman & raz galili which describes getting ip-number with the help of INETMIB1.DLL. Maybe same method can used for getting name server, but I did not understand it yet, seems so somplex.
Posted on 2003-05-08 02:22:34 by david
hi, I hacked together mini-program to test your ip-list-routine,
( attached it )
weirdly it only gives me one ip-address, not a list. :confused:
I double checked many times, but can't find anything fishy...
I tested compile another source doing the same thing in c++ available on winsock-faq ( here ) but it too only returned one address.

so Odd, maybe something weird with my computer :eek:
Posted on 2003-05-09 05:34:33 by david
Your code is performing a NULL lookup, which can be used to return your own IP address...
I assume your system only has one. and thus is returning one.
If you put a hostname in the buffer beforehand, you will have more luck.
Not all domains have more than one IP address !!
Your machine for example, could be possibly viewed as a single machine domain.
There's nothing wrong with the code, you are meant to hand it the address of a string containing the hostname which your want to query.
Posted on 2003-05-09 11:18:42 by Homer