strip spaces in ds-rdata if len=5

2023-03-22 17:12:01 +01:00 · 2023-03-22 17:12:01 +01:00 · 95c43c2ace
commit 95c43c2ace
parent 4b87f77360
1 changed files with 25 additions and 10 deletions
--- a/validate-my-dns.py
+++ b/validate-my-dns.py
@ -86,12 +86,16 @@ def get_domain_by_mntner(mntner):
                        ] = [_tmp[1]]

                elif line.startswith("ds-rdata:"):
-                    domains[domain_name]["ds-rdata"].append(line[20:].lower())
+                    ds_rdata = line[20:].lower()
+                    _split = ds_rdata.split(" ")
+                    if len(_split) == 5:
+                           ds_rdata = f"{_split[0]} {_split[1]} {_split[2]} {_split[3] + _split[4]}"
+                    domains[domain_name]["ds-rdata"].append(ds_rdata)
    # load inetnums
    for inetnum in inetnums_files:
        # temp variables in case there is no nserver
        _nserver = {}
-        _ds_rdata = []
+        _ds_rdatas = []
        _domain_name = ""
        with open(inetnum) as i4:
            for line in i4.readlines():
@ -118,16 +122,21 @@ def get_domain_by_mntner(mntner):
                        _nserver[_tmp[0]] = _tmp[1]

                elif line.startswith("ds-rdata:"):
-                    _ds_rdata.append(line[20:].lower())
+                    ds_rdata = line[20:].lower()
+                    _split = ds_rdata.split(" ")
+                    if len(_split) == 5:
+                           ds_rdata = f"{_split[0]} {_split[1]} {_split[2]} {_split[3] + _split[4]}"
+
+                    _ds_rdatas.append(ds_rdata)
        # if nserver list is not empty add the reverse to the domain list
        if not _nserver == {}:
            domains[_domain_name] = {
-                "nserver": _nserver, "ds-rdata": _ds_rdata}
+                "nserver": _nserver, "ds-rdata": _ds_rdatas}
    # load inet6nums
    for inet6num in inet6nums_files:
        # temp variables in case there is no nserver
        _nserver = {}
-        _ds_rdata = []
+        _ds_rdatas = []
        _domain_name = ""
        with open(inet6num) as i6:
            for line in i6.readlines():
@ -151,11 +160,17 @@ def get_domain_by_mntner(mntner):
                        _nserver[_tmp[0]] = _tmp[1] 

                elif line.startswith("ds-rdata:"):
-                    _ds_rdata.append(line[20:].lower())
+                    ds_rdata = line[20:].lower()
+                    _split = ds_rdata.split(" ")
+                    if len(_split) == 5:
+                           ds_rdata = f"{_split[0]} {_split[1]} {_split[2]} {_split[3] + _split[4]}"
+
+                    _ds_rdatas.append(ds_rdata)
+ 
        # if nserver list is not empty add the reverse to the domain list
        if not _nserver == {}:
            domains[_domain_name] = {
-                "nserver": _nserver, "ds-rdata": _ds_rdata}
+                "nserver": _nserver, "ds-rdata": _ds_rdatas}

    # add entries from main domain, if the nserver doesn't have an ip address (like in inet(6)nums)
    for domain in domains:
@ -316,8 +331,8 @@ def check_dnssec(domain_name, domain_data):
    global errors
    success = False

-    no_ds_rdata = domain_data["ds-rdata"] == []
-    if no_ds_rdata:
+    no_ds_rdatas = domain_data["ds-rdata"] == []
+    if no_ds_rdatas:
        print(
            f"NOTE: {domain_name} doesn't have ds-rdata configured, not checking it")
        return True
@ -343,7 +358,7 @@ def check_dnssec(domain_name, domain_data):
                    f"WARN: querying {nserver} ({nsaddr}) for {domain_name} timed out")
                continue

-            if no_ds_rdata:
+            if no_ds_rdatas:
                print(
                    f"INFO: query for {domain_name} SOA on {nserver} ({nsaddr}) succeded, not checking DNSSEC")
                continue