dnssec-valid.py revision 291767
197403Sobrien#!/usr/bin/python 297403Sobrien''' 3169691Skan dnssec-valid.py: DNSSEC validation 4169691Skan 597403Sobrien Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) 697403Sobrien Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) 797403Sobrien 897403Sobrien Copyright (c) 2008. All rights reserved. 997403Sobrien 1097403Sobrien This software is open source. 1197403Sobrien 1297403Sobrien Redistribution and use in source and binary forms, with or without 1397403Sobrien modification, are permitted provided that the following conditions 1497403Sobrien are met: 1597403Sobrien 1697403Sobrien Redistributions of source code must retain the above copyright notice, 1797403Sobrien this list of conditions and the following disclaimer. 1897403Sobrien 1997403Sobrien Redistributions in binary form must reproduce the above copyright notice, 20169691Skan this list of conditions and the following disclaimer in the documentation 2197403Sobrien and/or other materials provided with the distribution. 2297403Sobrien 2397403Sobrien THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 2497403Sobrien "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 2597403Sobrien TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 2697403Sobrien PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 2797403Sobrien LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2897403Sobrien CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2997403Sobrien SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 3097403Sobrien INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 3197403Sobrien CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 3297403Sobrien ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 3397403Sobrien POSSIBILITY OF SUCH DAMAGE. 3497403Sobrien''' 3597403Sobrienfrom __future__ import print_function 3697403Sobrienimport os 37169691Skanfrom unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN 38169691Skan 39169691Skanctx = ub_ctx() 40169691Skanctx.resolvconf("/etc/resolv.conf") 41132720Skan 42132720Skanfw = open("dnssec-valid.txt","wb") 4397403Sobrienctx.debugout(fw) 4497403Sobrienctx.debuglevel(2) 4597403Sobrien 46169691Skanif os.path.isfile("keys"): 47132720Skan ctx.add_ta_file("keys") #read public keys for DNSSEC verificatio 4897403Sobrien 49169691Skanstatus, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) 50169691Skanif status == 0 and result.havedata: 51117397Skan 52117397Skan print("Result:", sorted(result.data.address_list)) 53117397Skan 54117397Skan if result.secure: 55117397Skan print("Result is secure") 56117397Skan elif result.bogus: 57117397Skan print("Result is bogus") 58117397Skan else: 59117397Skan print("Result is insecure") 60117397Skan 61117397Skan