dnssec_test.py revision 238106
1238106Sdes#!/usr/bin/env python 2238106Sdesfrom unbound import ub_ctx, RR_TYPE_A, RR_TYPE_RRSIG, RR_TYPE_NSEC, RR_TYPE_NSEC3 3238106Sdesimport ldns 4238106Sdes 5238106Sdesdef dnssecParse(domain, rrType=RR_TYPE_A): 6238106Sdes print "Resolving domain", domain 7238106Sdes s, r = resolver.resolve(domain) 8238106Sdes print "status: %s, secure: %s, rcode: %s, havedata: %s, answer_len; %s" % (s, r.secure, r.rcode_str, r.havedata, r.answer_len) 9238106Sdes 10238106Sdes s, pkt = ldns.ldns_wire2pkt(r.packet) 11238106Sdes if s != 0: 12238106Sdes raise RuntimeError("Error parsing DNS packet") 13238106Sdes 14238106Sdes rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER) 15238106Sdes print "RRSIGs from answer:", rrsigs 16238106Sdes 17238106Sdes rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY) 18238106Sdes print "RRSIGs from authority:", rrsigs 19238106Sdes 20238106Sdes nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY) 21238106Sdes print "NSECs:", nsecs 22238106Sdes 23238106Sdes nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY) 24238106Sdes print "NSEC3s:", nsec3s 25238106Sdes 26238106Sdes print "---" 27238106Sdes 28238106Sdes 29238106Sdesresolver = ub_ctx() 30238106Sdesresolver.add_ta(". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5") 31238106Sdes 32238106SdesdnssecParse("nic.cz") 33238106SdesdnssecParse("nonexistent-domain-blablabla.cz") 34238106SdesdnssecParse("nonexistent-domain-blablabla.root.cz") 35238106Sdes 36