60 lines
2 KiB
Python
60 lines
2 KiB
Python
|
#!/usr/bin/python
|
||
|
'''
|
||
|
dnssec-valid.py: DNSSEC validation
|
||
|
|
||
|
Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz)
|
||
|
Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz)
|
||
|
|
||
|
Copyright (c) 2008. All rights reserved.
|
||
|
|
||
|
This software is open source.
|
||
|
|
||
|
Redistribution and use in source and binary forms, with or without
|
||
|
modification, are permitted provided that the following conditions
|
||
|
are met:
|
||
|
|
||
|
Redistributions of source code must retain the above copyright notice,
|
||
|
this list of conditions and the following disclaimer.
|
||
|
|
||
|
Redistributions in binary form must reproduce the above copyright notice,
|
||
|
this list of conditions and the following disclaimer in the documentation
|
||
|
and/or other materials provided with the distribution.
|
||
|
|
||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||
|
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||
|
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||
|
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
POSSIBILITY OF SUCH DAMAGE.
|
||
|
'''
|
||
|
import os
|
||
|
from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN
|
||
|
|
||
|
ctx = ub_ctx()
|
||
|
ctx.resolvconf("/etc/resolv.conf")
|
||
|
|
||
|
fw = open("dnssec-valid.txt","wb")
|
||
|
ctx.debugout(fw)
|
||
|
ctx.debuglevel(2)
|
||
|
|
||
|
if os.path.isfile("keys"):
|
||
|
ctx.add_ta_file("keys") #read public keys for DNSSEC verificatio
|
||
|
|
||
|
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
||
|
if status == 0 and result.havedata:
|
||
|
|
||
|
print("Result:", result.data.address_list)
|
||
|
|
||
|
if result.secure:
|
||
|
print("Result is secure")
|
||
|
elif result.bogus:
|
||
|
print("Result is bogus")
|
||
|
else:
|
||
|
print("Result is insecure")
|
||
|
|