diff --git a/validate-my-dns.py b/validate-my-dns.py index 06f2a8407..940646d54 100755 --- a/validate-my-dns.py +++ b/validate-my-dns.py @@ -471,6 +471,7 @@ def _calc_ds(domain, flags, protocol, algorithm, dnskey): return { 'sha1': hashlib.sha1(signature).hexdigest().upper(), 'sha256': hashlib.sha256(signature).hexdigest().upper(), + 'sha384': hashlib.sha384(signature).hexdigest().upper(), } @@ -490,6 +491,8 @@ def dnskey_to_ds(domain, dnskey): + ds['sha1'].lower()) ret.append(str(keyid) + ' ' + str(algorithm) + ' ' + str(2) + ' ' + ds['sha256'].lower()) + ret.append(str(keyid) + ' ' + str(algorithm) + ' ' + str(4) + ' ' + + ds['sha384'].lower()) return ret # step2: @@ -744,14 +747,17 @@ def main(mntner): for _domain in summary: if len(_domain) > _max_domain_length: _max_domain_length = len(_domain) - - print("```\n\nSummary:\n") + # embed table outside of a potential (markdown) code block, so it can be displayed as a markdown Table + # only if $DN42REVIEW is set + if "DN42REVIEW" in os.environ: + print("```") + print("\nSummary:\n") print(f"{'domain name'.ljust(_max_domain_length)} | success | dnssec fail | wrong NS | wrong SOA | NXDOMAIN | REFUSED | SERVFAIL | timeout") print(f"-{'-'.rjust(_max_domain_length, '-') }-|---------|-------------|----------|-----------|----------|---------| -------- | -------") for domain in summary: print(f" {domain.rjust(1).ljust(_max_domain_length)} | {str(summary[domain][SUMMARY.SUCCESS]).rjust(7)} | {str(summary[domain][SUMMARY.DNSSEC_FAIL]).rjust(11)} | {str(summary[domain][SUMMARY.WRONG_NS]).rjust(8)} | {str(summary[domain][SUMMARY.WRONG_SOA]).rjust(9)} | {str(summary[domain][SUMMARY.NXDOMAIN]).rjust(8)} | {str(summary[domain][SUMMARY.REFUSED]).rjust(7)} | {str(summary[domain][SUMMARY.SERVFAIL]).rjust(8)} | {str(summary[domain][SUMMARY.TIMEOUT]).rjust(7)}") - - print("```\n") + if "DN42REVIEW" in os.environ: + print("```\n") if errors > 0: print("WARN: at least one 'error' occured while checking. check the table and output above") # print(summary)