vendor/ldns/1.6.13

1 files changed, 45 insertions, 0 deletions

diff --git a/contrib/python/examples/python3/ldns-dnssec.py b/contrib/python/examples/python3/ldns-dnssec.py
new file mode 100755
index 000000000000..7dabb9179025
--- /dev/null
+++ b/contrib/python/examples/python3/ldns-dnssec.py
@@ -0,0 +1,45 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import ldns
+import sys
+
+debug = True
+
+# Check args
+argc = len(sys.argv)
+name = "www.nic.cz"
+if argc < 2:
+   print("Usage:", sys.argv[0], "domain [resolver_addr]")
+   sys.exit(1)
+else:
+   name = sys.argv[1]
+
+# Create resolver
+resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
+resolver.set_dnssec(True)
+
+# Custom resolver
+if argc > 2:
+   # Clear previous nameservers
+   ns = resolver.pop_nameserver()
+   while ns != None:
+      ns = resolver.pop_nameserver()
+   ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A)
+   resolver.push_nameserver(ip)
+
+# Resolve DNS name
+pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN)
+if pkt and pkt.answer():
+
+   # Debug
+   if debug:
+      print("NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() ))
+
+   # SERVFAIL indicated bogus name
+   if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL:
+      print(name, "is bogus")
+
+   # Check AD (Authenticated) bit
+   if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR:
+      if pkt.ad(): print(name, "is secure")
+      else:        print(name, "is insecure")