13b6c3722Schristos#!/usr/bin/env python 23b6c3722Schristosfrom __future__ import print_function 33b6c3722Schristosfrom unbound import ub_ctx, RR_TYPE_A, RR_TYPE_RRSIG, RR_TYPE_NSEC, RR_TYPE_NSEC3 43b6c3722Schristosimport ldns 53b6c3722Schristos 63b6c3722Schristosdef dnssecParse(domain, rrType=RR_TYPE_A): 73b6c3722Schristos print("Resolving domain", domain) 83b6c3722Schristos s, r = resolver.resolve(domain) 93b6c3722Schristos print("status: %s, secure: %s, rcode: %s, havedata: %s, answer_len; %s" % (s, r.secure, r.rcode_str, r.havedata, r.answer_len)) 103b6c3722Schristos 113b6c3722Schristos s, pkt = ldns.ldns_wire2pkt(r.packet) 123b6c3722Schristos if s != 0: 133b6c3722Schristos raise RuntimeError("Error parsing DNS packet") 143b6c3722Schristos 153b6c3722Schristos rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER) 163b6c3722Schristos print("RRSIGs from answer:", sorted(rrsigs)) 173b6c3722Schristos 183b6c3722Schristos rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY) 193b6c3722Schristos print("RRSIGs from authority:", sorted(rrsigs)) 203b6c3722Schristos 213b6c3722Schristos nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY) 223b6c3722Schristos print("NSECs:", sorted(nsecs)) 233b6c3722Schristos 243b6c3722Schristos nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY) 253b6c3722Schristos print("NSEC3s:", sorted(nsec3s)) 263b6c3722Schristos 273b6c3722Schristos print("---") 283b6c3722Schristos 293b6c3722Schristos 303b6c3722Schristosresolver = ub_ctx() 313b6c3722Schristosresolver.add_ta(". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5") 32*f42d8de7Schristosresolver.add_ta(". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D") 333b6c3722Schristos 343b6c3722SchristosdnssecParse("nic.cz") 353b6c3722SchristosdnssecParse("nonexistent-domain-blablabla.cz") 363b6c3722SchristosdnssecParse("nonexistent-domain-blablabla.root.cz") 373b6c3722Schristos 38