a85b5759f3
These files were pulled from the 1.6.3 release tarball. This new version builds against OpenSSL version 1.1 which will be the default in the new Debian Stable which is due to be released RealSoonNow (tm).
36 lines
904 B
ReStructuredText
36 lines
904 B
ReStructuredText
.. _example_examine:
|
|
|
|
DNSSEC validator
|
|
================
|
|
|
|
This example program performs DNSSEC validation of a DNS lookup.
|
|
|
|
Source code
|
|
-----------
|
|
|
|
::
|
|
|
|
#!/usr/bin/python
|
|
import os
|
|
from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN
|
|
|
|
ctx = ub_ctx()
|
|
ctx.resolvconf("/etc/resolv.conf")
|
|
if (os.path.isfile("keys")):
|
|
ctx.add_ta_file("keys") #read public keys for DNSSEC verification
|
|
|
|
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
|
if status == 0 and result.havedata:
|
|
|
|
print "Result:", result.data.address_list
|
|
|
|
if result.secure:
|
|
print "Result is secure"
|
|
elif result.bogus:
|
|
print "Result is bogus"
|
|
else:
|
|
print "Result is insecure"
|
|
|
|
More detailed informations can be seen in libUnbound DNSSEC tutorial `here`_.
|
|
|
|
.. _here: http://www.unbound.net/documentation/libunbound-tutorial-6.html
|