gethostbyname: Only returns one IPv4 address per domain, no IPv6
sebix opened this issue · 0 comments
sebix commented
The gethostbyname
expert resolves a domain name (*.fqdn
) to the IP address (*.ip
), but
- only one IP address, not all of the A-records
- only for IPv4, not for IPv6
becausesocket.gethostbyname
works this way
This has only limited benefits.
When the input event contains a URL/FQDN and you want to compare that to firewall entries, you always need all IP address this IP resolves to, not just anyone.
When you want to block hosts based on their IP addresses, you also need to block all of them.
Only if you want to get any contact data for the host, one IP address suffices.
Alternative Python calls are
socket.gethostbyname_ex
, which returns a list of addresses per host, but only IPv4socket.getaddrinfo
also returns IPv6 addresses, but requests a destination port and is therefore unsuitable for our purpose.
So what's left is using dnspython