dnssec-valid.py revision 291767 
197403Sobrien#!/usr/bin/python
297403Sobrien'''
3169691Skan dnssec-valid.py:  DNSSEC validation
4169691Skan
597403Sobrien Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz)
697403Sobrien          Marek Vavrusa  (xvavru00 AT stud.fit.vutbr.cz)
797403Sobrien
897403Sobrien Copyright (c) 2008. All rights reserved.
997403Sobrien
1097403Sobrien This software is open source.
1197403Sobrien
1297403Sobrien Redistribution and use in source and binary forms, with or without
1397403Sobrien modification, are permitted provided that the following conditions
1497403Sobrien are met:
1597403Sobrien
1697403Sobrien Redistributions of source code must retain the above copyright notice,
1797403Sobrien this list of conditions and the following disclaimer.
1897403Sobrien
1997403Sobrien Redistributions in binary form must reproduce the above copyright notice,
20169691Skan this list of conditions and the following disclaimer in the documentation
2197403Sobrien and/or other materials provided with the distribution.
2297403Sobrien
2397403Sobrien THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
2497403Sobrien "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
2597403Sobrien TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
2697403Sobrien PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
2797403Sobrien LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2897403Sobrien CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2997403Sobrien SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3097403Sobrien INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
3197403Sobrien CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3297403Sobrien ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
3397403Sobrien POSSIBILITY OF SUCH DAMAGE.
3497403Sobrien'''
3597403Sobrienfrom __future__ import print_function
3697403Sobrienimport os
37169691Skanfrom unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN
38169691Skan
39169691Skanctx = ub_ctx()
40169691Skanctx.resolvconf("/etc/resolv.conf")
41132720Skan
42132720Skanfw = open("dnssec-valid.txt","wb")
4397403Sobrienctx.debugout(fw)
4497403Sobrienctx.debuglevel(2)
4597403Sobrien
46169691Skanif os.path.isfile("keys"):
47132720Skan    ctx.add_ta_file("keys") #read public keys for DNSSEC verificatio
4897403Sobrien
49169691Skanstatus, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
50169691Skanif status == 0 and result.havedata:
51117397Skan
52117397Skan    print("Result:", sorted(result.data.address_list))
53117397Skan
54117397Skan    if result.secure:
55117397Skan        print("Result is secure")
56117397Skan    elif result.bogus:
57117397Skan        print("Result is bogus")
58117397Skan    else:
59117397Skan        print("Result is insecure")
60117397Skan
61117397Skan