lare/validate-my-dns
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

strip spaces in ds-rdata if len=5

Browse source
This commit is contained in:
lare 2023-03-22 17:12:01 +01:00
parent 4b87f77360
commit 95c43c2ace
1 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
validate-my-dns.py
View file

@ -86,12 +86,16 @@ def get_domain_by_mntner(mntner):
] = [_tmp[1]] ] = [_tmp[1]]
elif line.startswith("ds-rdata:"): elif line.startswith("ds-rdata:"):
domains[domain_name]["ds-rdata"].append(line[20:].lower()) ds_rdata = line[20:].lower()
_split = ds_rdata.split(" ")
if len(_split) == 5:
ds_rdata = f"{_split[0]} {_split[1]} {_split[2]} {_split[3] + _split[4]}"
domains[domain_name]["ds-rdata"].append(ds_rdata)
# load inetnums # load inetnums
for inetnum in inetnums_files: for inetnum in inetnums_files:
# temp variables in case there is no nserver # temp variables in case there is no nserver
_nserver = {} _nserver = {}
_ds_rdata = [] _ds_rdatas = []
_domain_name = "" _domain_name = ""
with open(inetnum) as i4: with open(inetnum) as i4:
for line in i4.readlines(): for line in i4.readlines():
@ -118,16 +122,21 @@ def get_domain_by_mntner(mntner):
_nserver[_tmp[0]] = _tmp[1] _nserver[_tmp[0]] = _tmp[1]
elif line.startswith("ds-rdata:"): elif line.startswith("ds-rdata:"):
_ds_rdata.append(line[20:].lower()) ds_rdata = line[20:].lower()
_split = ds_rdata.split(" ")
if len(_split) == 5:
ds_rdata = f"{_split[0]} {_split[1]} {_split[2]} {_split[3] + _split[4]}"
_ds_rdatas.append(ds_rdata)
# if nserver list is not empty add the reverse to the domain list # if nserver list is not empty add the reverse to the domain list
if not _nserver == {}: if not _nserver == {}:
domains[_domain_name] = { domains[_domain_name] = {
"nserver": _nserver, "ds-rdata": _ds_rdata} "nserver": _nserver, "ds-rdata": _ds_rdatas}
# load inet6nums # load inet6nums
for inet6num in inet6nums_files: for inet6num in inet6nums_files:
# temp variables in case there is no nserver # temp variables in case there is no nserver
_nserver = {} _nserver = {}
_ds_rdata = [] _ds_rdatas = []
_domain_name = "" _domain_name = ""
with open(inet6num) as i6: with open(inet6num) as i6:
for line in i6.readlines(): for line in i6.readlines():
@ -151,11 +160,17 @@ def get_domain_by_mntner(mntner):
_nserver[_tmp[0]] = _tmp[1] _nserver[_tmp[0]] = _tmp[1]
elif line.startswith("ds-rdata:"): elif line.startswith("ds-rdata:"):
_ds_rdata.append(line[20:].lower()) ds_rdata = line[20:].lower()
_split = ds_rdata.split(" ")
if len(_split) == 5:
ds_rdata = f"{_split[0]} {_split[1]} {_split[2]} {_split[3] + _split[4]}"
_ds_rdatas.append(ds_rdata)
# if nserver list is not empty add the reverse to the domain list # if nserver list is not empty add the reverse to the domain list
if not _nserver == {}: if not _nserver == {}:
domains[_domain_name] = { domains[_domain_name] = {
"nserver": _nserver, "ds-rdata": _ds_rdata} "nserver": _nserver, "ds-rdata": _ds_rdatas}
# add entries from main domain, if the nserver doesn't have an ip address (like in inet(6)nums) # add entries from main domain, if the nserver doesn't have an ip address (like in inet(6)nums)
for domain in domains: for domain in domains:
@ -316,8 +331,8 @@ def check_dnssec(domain_name, domain_data):
global errors global errors
success = False success = False
no_ds_rdata = domain_data["ds-rdata"] == [] no_ds_rdatas = domain_data["ds-rdata"] == []
if no_ds_rdata: if no_ds_rdatas:
print( print(
f"NOTE: {domain_name} doesn't have ds-rdata configured, not checking it") f"NOTE: {domain_name} doesn't have ds-rdata configured, not checking it")
return True return True
@ -343,7 +358,7 @@ def check_dnssec(domain_name, domain_data):
f"WARN: querying {nserver} ({nsaddr}) for {domain_name} timed out") f"WARN: querying {nserver} ({nsaddr}) for {domain_name} timed out")
continue continue
if no_ds_rdata: if no_ds_rdatas:
print( print(
f"INFO: query for {domain_name} SOA on {nserver} ({nsaddr}) succeded, not checking DNSSEC") f"INFO: query for {domain_name} SOA on {nserver} ({nsaddr}) succeded, not checking DNSSEC")
continue continue