1*3b6c3722Schristos#!/usr/bin/python 2*3b6c3722Schristos''' 3*3b6c3722Schristos dnssec-valid.py: DNSSEC validation 4*3b6c3722Schristos 5*3b6c3722Schristos Authors: Zdenek Vasicek (vasicek AT fit.vutbr.cz) 6*3b6c3722Schristos Marek Vavrusa (xvavru00 AT stud.fit.vutbr.cz) 7*3b6c3722Schristos 8*3b6c3722Schristos Copyright (c) 2008. All rights reserved. 9*3b6c3722Schristos 10*3b6c3722Schristos This software is open source. 11*3b6c3722Schristos 12*3b6c3722Schristos Redistribution and use in source and binary forms, with or without 13*3b6c3722Schristos modification, are permitted provided that the following conditions 14*3b6c3722Schristos are met: 15*3b6c3722Schristos 16*3b6c3722Schristos Redistributions of source code must retain the above copyright notice, 17*3b6c3722Schristos this list of conditions and the following disclaimer. 18*3b6c3722Schristos 19*3b6c3722Schristos Redistributions in binary form must reproduce the above copyright notice, 20*3b6c3722Schristos this list of conditions and the following disclaimer in the documentation 21*3b6c3722Schristos and/or other materials provided with the distribution. 22*3b6c3722Schristos 23*3b6c3722Schristos THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24*3b6c3722Schristos "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25*3b6c3722Schristos TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26*3b6c3722Schristos PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27*3b6c3722Schristos LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28*3b6c3722Schristos CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29*3b6c3722Schristos SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30*3b6c3722Schristos INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31*3b6c3722Schristos CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32*3b6c3722Schristos ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33*3b6c3722Schristos POSSIBILITY OF SUCH DAMAGE. 34*3b6c3722Schristos''' 35*3b6c3722Schristosfrom __future__ import print_function 36*3b6c3722Schristosimport os 37*3b6c3722Schristosfrom unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN 38*3b6c3722Schristos 39*3b6c3722Schristosctx = ub_ctx() 40*3b6c3722Schristosctx.resolvconf("/etc/resolv.conf") 41*3b6c3722Schristos 42*3b6c3722Schristosfw = open("dnssec-valid.txt","wb") 43*3b6c3722Schristosctx.debugout(fw) 44*3b6c3722Schristosctx.debuglevel(2) 45*3b6c3722Schristos 46*3b6c3722Schristosif os.path.isfile("keys"): 47*3b6c3722Schristos ctx.add_ta_file("keys") #read public keys for DNSSEC verification 48*3b6c3722Schristos 49*3b6c3722Schristosstatus, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN) 50*3b6c3722Schristosif status == 0 and result.havedata: 51*3b6c3722Schristos 52*3b6c3722Schristos print("Result:", sorted(result.data.address_list)) 53*3b6c3722Schristos 54*3b6c3722Schristos if result.secure: 55*3b6c3722Schristos print("Result is secure") 56*3b6c3722Schristos elif result.bogus: 57*3b6c3722Schristos print("Result is bogus") 58*3b6c3722Schristos else: 59*3b6c3722Schristos print("Result is insecure") 60*3b6c3722Schristos 61