Merge pull request '[validate-my-dns]: actually call the check_dnssec function' (#6014) from lare/registry:validate-dns/actually-validate into master

Reviewed-on: https://git.dn42.dev/dn42/registry/pulls/6014 Reviewed-by: schema-checker <schema-checker@noreply.dn42.dev>
2026-02-05 19:01:51 +08:00 · 2026-01-31 19:52:25 +00:00 · 2026-01-31 19:52:25 +00:00 · 4ea17e2463
commit 4ea17e2463
parent a2dc9a019c f385bee75c
1 changed files with 3 additions and 3 deletions
--- a/validate-my-dns.py
+++ b/validate-my-dns.py
@ -572,10 +572,10 @@ def check_dnssec(domain_name, domain_data):
                    dns.dnssec.validate(
                        answer[1], answer[0], {name: answer[0]})

-            except dns.dnssec.ValidationFailure:
+            except dns.dnssec.ValidationFailure as e:
                # BE SUSPICIOUS
                print(
-                    f"WARN:  DNSSEC validation failed on {domain_name} failed on {nserver} ({nsaddr}), answer: {answer}")
+                        f"WARN:  DNSSEC validation failed on {domain_name} failed on {nserver} ({nsaddr}), error: '{e}', answer: {answer}")
                summary[domain_name][SUMMARY.DNSSEC_FAIL] += 1
                errors += 1
            except AttributeError as e:
@ -713,7 +713,7 @@ def main(mntner):
                if found:
                    print(
                        f"INFO:  correct ds-rdata specified and matching DNSKEY returned by {ip} for {domain_name}")
-                    summary[domain_name][SUMMARY.SUCCESS] += 1
+                    check_dnssec(domain_name, {"ds-rdata": domains[domain_name]['ds-rdata'], "nserver": {nserver: [ip]}} )
                else:
                    print(
                        f"ERROR: invalid ds-rdata specified or non-matching DNSKEY returned by {ip} for {domain_name}")