summaryrefslogtreecommitdiff
path: root/contrib/python/examples/ldns-dnssec.py
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/python/examples/ldns-dnssec.py')
-rwxr-xr-xcontrib/python/examples/ldns-dnssec.py45
1 files changed, 45 insertions, 0 deletions
diff --git a/contrib/python/examples/ldns-dnssec.py b/contrib/python/examples/ldns-dnssec.py
new file mode 100755
index 0000000..bb2acfd
--- /dev/null
+++ b/contrib/python/examples/ldns-dnssec.py
@@ -0,0 +1,45 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import ldns
+import sys
+
+debug = True
+
+# Check args
+argc = len(sys.argv)
+name = "www.nic.cz"
+if argc < 2:
+ print "Usage:", sys.argv[0], "domain [resolver_addr]"
+ sys.exit(1)
+else:
+ name = sys.argv[1]
+
+# Create resolver
+resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
+resolver.set_dnssec(True)
+
+# Custom resolver
+if argc > 2:
+ # Clear previous nameservers
+ ns = resolver.pop_nameserver()
+ while ns != None:
+ ns = resolver.pop_nameserver()
+ ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A)
+ resolver.push_nameserver(ip)
+
+# Resolve DNS name
+pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN)
+if pkt and pkt.answer():
+
+ # Debug
+ if debug:
+ print "NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() )
+
+ # SERVFAIL indicated bogus name
+ if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL:
+ print name, "is bogus"
+
+ # Check AD (Authenticated) bit
+ if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR:
+ if pkt.ad(): print name, "is secure"
+ else: print name, "is insecure"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 11:52:57 +0000