[validate-my-dns.py] also check hash algo 4 (sha384)

also add check for $DN42REVIEW before printing codeblock escape sequence
2025-05-06 20:55:23 +08:00 · 2024-05-07 22:30:35 +02:00 · 2024-05-07 22:30:35 +02:00 · 22f1da6315
commit 22f1da6315
parent e794792f46
1 changed files with 10 additions and 4 deletions
--- a/validate-my-dns.py
+++ b/validate-my-dns.py
@ -471,6 +471,7 @@ def _calc_ds(domain, flags, protocol, algorithm, dnskey):
    return {
        'sha1':    hashlib.sha1(signature).hexdigest().upper(),
        'sha256':  hashlib.sha256(signature).hexdigest().upper(),
+        'sha384':  hashlib.sha384(signature).hexdigest().upper(),
    }


@ -490,6 +491,8 @@ def dnskey_to_ds(domain, dnskey):
               + ds['sha1'].lower())
    ret.append(str(keyid) + ' ' + str(algorithm) + ' ' + str(2) + ' '
               + ds['sha256'].lower())
+    ret.append(str(keyid) + ' ' + str(algorithm) + ' ' + str(4) + ' '
+               + ds['sha384'].lower())
    return ret

 # step2: <end dnskey_to_DS.py>
@ -744,14 +747,17 @@ def main(mntner):
    for _domain in summary:
        if len(_domain) > _max_domain_length:
            _max_domain_length = len(_domain)
-
-    print("```\n\nSummary:\n")
+    # embed table outside of a potential (markdown) code block, so it can be displayed as a markdown Table
+    # only if $DN42REVIEW is set 
+    if "DN42REVIEW" in os.environ:
+        print("```")
+    print("\nSummary:\n")
    print(f"{'domain name'.ljust(_max_domain_length)}  | success | dnssec fail | wrong NS | wrong SOA | NXDOMAIN | REFUSED | SERVFAIL | timeout")
    print(f"-{'-'.rjust(_max_domain_length, '-')     }-|---------|-------------|----------|-----------|----------|---------| -------- | -------")
    for domain in summary:
        print(f" {domain.rjust(1).ljust(_max_domain_length)} | {str(summary[domain][SUMMARY.SUCCESS]).rjust(7)} | {str(summary[domain][SUMMARY.DNSSEC_FAIL]).rjust(11)} | {str(summary[domain][SUMMARY.WRONG_NS]).rjust(8)} | {str(summary[domain][SUMMARY.WRONG_SOA]).rjust(9)} | {str(summary[domain][SUMMARY.NXDOMAIN]).rjust(8)} | {str(summary[domain][SUMMARY.REFUSED]).rjust(7)} | {str(summary[domain][SUMMARY.SERVFAIL]).rjust(8)} | {str(summary[domain][SUMMARY.TIMEOUT]).rjust(7)}")
-
-    print("```\n")
+    if "DN42REVIEW" in os.environ:
+        print("```\n")
    if errors > 0:
        print("WARN:  at least one 'error' occured while checking. check the table and output above")
    # print(summary)