dn42/registry
1
0
Fork 0
mirror of https://git.dn42.dev/dn42/registry.git synced 2026-05-16 20:23:48 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request '[validate-my-dns]: actually call the check_dnssec function' (#6014) from lare/registry:validate-dns/actually-validate into master

Browse source 
Reviewed-on: https://git.dn42.dev/dn42/registry/pulls/6014
Reviewed-by: schema-checker <schema-checker@noreply.dn42.dev>
This commit is contained in:
Simon Marsh 2026-01-31 19:52:25 +00:00
commit 4ea17e2463
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
validate-my-dns.py
View file

@ -572,10 +572,10 @@ def check_dnssec(domain_name, domain_data):
dns.dnssec.validate( dns.dnssec.validate(
answer[1], answer[0], {name: answer[0]}) answer[1], answer[0], {name: answer[0]})
except dns.dnssec.ValidationFailure: except dns.dnssec.ValidationFailure as e:
# BE SUSPICIOUS # BE SUSPICIOUS
print( print(
f"WARN: DNSSEC validation failed on {domain_name} failed on {nserver} ({nsaddr}), answer: {answer}") f"WARN: DNSSEC validation failed on {domain_name} failed on {nserver} ({nsaddr}), error: '{e}', answer: {answer}")
summary[domain_name][SUMMARY.DNSSEC_FAIL] += 1 summary[domain_name][SUMMARY.DNSSEC_FAIL] += 1
errors += 1 errors += 1
except AttributeError as e: except AttributeError as e:
@ -713,7 +713,7 @@ def main(mntner):
if found: if found:
print( print(
f"INFO: correct ds-rdata specified and matching DNSKEY returned by {ip} for {domain_name}") f"INFO: correct ds-rdata specified and matching DNSKEY returned by {ip} for {domain_name}")
summary[domain_name][SUMMARY.SUCCESS] += 1 check_dnssec(domain_name, {"ds-rdata": domains[domain_name]['ds-rdata'], "nserver": {nserver: [ip]}} )
else: else:
print( print(
f"ERROR: invalid ds-rdata specified or non-matching DNSKEY returned by {ip} for {domain_name}") f"ERROR: invalid ds-rdata specified or non-matching DNSKEY returned by {ip} for {domain_name}")