2014-10-05 23:44:31 +02:00
|
|
|
.. _example_examine:
|
|
|
|
|
|
|
|
DNSSEC validator
|
2017-06-16 12:16:05 +02:00
|
|
|
================
|
2014-10-05 23:44:31 +02:00
|
|
|
|
|
|
|
This example program performs DNSSEC validation of a DNS lookup.
|
|
|
|
|
2017-06-16 12:16:05 +02:00
|
|
|
Source code
|
|
|
|
-----------
|
|
|
|
|
2014-10-05 23:44:31 +02:00
|
|
|
::
|
|
|
|
|
2017-06-16 12:16:05 +02:00
|
|
|
#!/usr/bin/python
|
|
|
|
import os
|
|
|
|
from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN
|
|
|
|
|
|
|
|
ctx = ub_ctx()
|
|
|
|
ctx.resolvconf("/etc/resolv.conf")
|
|
|
|
if (os.path.isfile("keys")):
|
|
|
|
ctx.add_ta_file("keys") #read public keys for DNSSEC verification
|
|
|
|
|
|
|
|
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
|
|
|
if status == 0 and result.havedata:
|
|
|
|
|
|
|
|
print "Result:", result.data.address_list
|
|
|
|
|
|
|
|
if result.secure:
|
|
|
|
print "Result is secure"
|
|
|
|
elif result.bogus:
|
|
|
|
print "Result is bogus"
|
|
|
|
else:
|
|
|
|
print "Result is insecure"
|
2014-10-05 23:44:31 +02:00
|
|
|
|
|
|
|
More detailed informations can be seen in libUnbound DNSSEC tutorial `here`_.
|
|
|
|
|
|
|
|
.. _here: http://www.unbound.net/documentation/libunbound-tutorial-6.html
|