diff options
Diffstat (limited to 'contrib/python/examples/ldns-dnssec.py')
-rwxr-xr-x | contrib/python/examples/ldns-dnssec.py | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/contrib/python/examples/ldns-dnssec.py b/contrib/python/examples/ldns-dnssec.py new file mode 100755 index 0000000..bb2acfd --- /dev/null +++ b/contrib/python/examples/ldns-dnssec.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +import ldns +import sys + +debug = True + +# Check args +argc = len(sys.argv) +name = "www.nic.cz" +if argc < 2: + print "Usage:", sys.argv[0], "domain [resolver_addr]" + sys.exit(1) +else: + name = sys.argv[1] + +# Create resolver +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") +resolver.set_dnssec(True) + +# Custom resolver +if argc > 2: + # Clear previous nameservers + ns = resolver.pop_nameserver() + while ns != None: + ns = resolver.pop_nameserver() + ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) + resolver.push_nameserver(ip) + +# Resolve DNS name +pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) +if pkt and pkt.answer(): + + # Debug + if debug: + print "NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() ) + + # SERVFAIL indicated bogus name + if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL: + print name, "is bogus" + + # Check AD (Authenticated) bit + if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR: + if pkt.ad(): print name, "is secure" + else: print name, "is insecure" |