Parse Ntds DnsNode dnsRecord entries

[william-billaud]

Add function associate with the parsing of DnsNode NTDS entries. Goal is to later include this in a dissect.target plugins.

These entries allow to quickly retrieves DNS record from a Domain. E.g

<DnsNode dns_name=sevenkingdoms.local, records=|type='A' ttl_seconds=600 timestamp=2025-12-19 18:00:00+00:00 data=DnsARecord(ipv4_address='192.168.56.10')|type='NS' ttl_seconds=3600 timestamp=None data=NodeNameRecord(name_node='kingslanding.sevenkingdoms.local')|type='SOA' ttl_seconds=3600 timestamp=None data=SOARecord(name_primary_server='kingslanding.sevenkingdoms.local', refresh=900, retry=600, minimum_ttl=3600, zone_administrator_email='hostmaster.sevenkingdoms.local')|>

In terms of review difficulty I would say 3/5 : This PR does not modify existing code, and this feature mainly rely on documented structure unpacking, without difficult concepts to understand and with a good test coverage.

Some note:

• Using dissect.cstruct, is it possible to specify that a structure member is in little endian, and other in bug endian (for the same struct, see the swap_endianess function) ?

• I have issue with serial number of SOA records, which are not the same as observed in Lab, I can't figure out how MS handle it, I have chosen to not display this value as value is known as being wrong + this is, in my opinion not the most import information.

• Not all DNS Record type are parsed. There is a lot of possible structure (27), some of them are nearly never found production env/obsolete or with low interest. But if someone want to, it should be easy to add a missing type.

• closes Parse Ntds DnsNode dnsRecord entries #19

[william-billaud]

@Schamper just a ping as this PR was previously in draft and I do not now what kind of notification you have, but no emergency on this topic