1238106Sdes#!/usr/bin/env python 2238106Sdesfrom unbound import ub_ctx, RR_TYPE_A, RR_TYPE_RRSIG, RR_TYPE_NSEC, RR_TYPE_NSEC3 3238106Sdesimport ldns 4238106Sdes 5238106Sdesdef dnssecParse(domain, rrType=RR_TYPE_A): 6285206Sdes print("Resolving domain", domain) 7238106Sdes s, r = resolver.resolve(domain) 8285206Sdes print("status: %s, secure: %s, rcode: %s, havedata: %s, answer_len; %s" % (s, r.secure, r.rcode_str, r.havedata, r.answer_len)) 9238106Sdes 10238106Sdes s, pkt = ldns.ldns_wire2pkt(r.packet) 11238106Sdes if s != 0: 12238106Sdes raise RuntimeError("Error parsing DNS packet") 13238106Sdes 14238106Sdes rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER) 15285206Sdes print("RRSIGs from answer:", rrsigs) 16238106Sdes 17238106Sdes rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY) 18285206Sdes print("RRSIGs from authority:", rrsigs) 19238106Sdes 20238106Sdes nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY) 21285206Sdes print("NSECs:", nsecs) 22238106Sdes 23238106Sdes nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY) 24285206Sdes print("NSEC3s:", nsec3s) 25238106Sdes 26285206Sdes print("---") 27238106Sdes 28238106Sdes 29238106Sdesresolver = ub_ctx() 30238106Sdesresolver.add_ta(". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5") 31238106Sdes 32238106SdesdnssecParse("nic.cz") 33238106SdesdnssecParse("nonexistent-domain-blablabla.cz") 34238106SdesdnssecParse("nonexistent-domain-blablabla.root.cz") 35238106Sdes 36