[validate-my-dns]: actually call the check_dnssec function

2026-04-06 16:36:41 +08:00 · 2026-01-31 11:46:27 +01:00 · 2026-01-31 11:46:27 +01:00 · f385bee75c
commit f385bee75c
parent 0a245dadb3
1 changed files with 3 additions and 3 deletions
--- a/validate-my-dns.py
+++ b/validate-my-dns.py
@ -572,10 +572,10 @@ def check_dnssec(domain_name, domain_data):
                    dns.dnssec.validate(
                        answer[1], answer[0], {name: answer[0]})

-            except dns.dnssec.ValidationFailure:
+            except dns.dnssec.ValidationFailure as e:
                # BE SUSPICIOUS
                print(
-                    f"WARN:  DNSSEC validation failed on {domain_name} failed on {nserver} ({nsaddr}), answer: {answer}")
+                        f"WARN:  DNSSEC validation failed on {domain_name} failed on {nserver} ({nsaddr}), error: '{e}', answer: {answer}")
                summary[domain_name][SUMMARY.DNSSEC_FAIL] += 1
                errors += 1
            except AttributeError as e:
@ -713,7 +713,7 @@ def main(mntner):
                if found:
                    print(
                        f"INFO:  correct ds-rdata specified and matching DNSKEY returned by {ip} for {domain_name}")
-                    summary[domain_name][SUMMARY.SUCCESS] += 1
+                    check_dnssec(domain_name, {"ds-rdata": domains[domain_name]['ds-rdata'], "nserver": {nserver: [ip]}} )
                else:
                    print(
                        f"ERROR: invalid ds-rdata specified or non-matching DNSKEY returned by {ip} for {domain_name}")