I can get various DNSSEC-related records:
>>> import dns.resolver
>>> myresolver = dns.resolver.Resolver()
>>> myresolver.use_edns(1, 0, 1400)
>>> print myresolver.query('sources.org', 'DNSKEY')
<dns.resolver.Answer object at 0xb78ed78c>
>>> print myresolver.query('ripe.net', 'NSEC')
<dns.resolver.Answer object at 0x8271c0c>
But no RRSIG records:
>>> print myresolver.query('sources.org', 'RRSIG')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
answer = Answer(qname, rdtype, rdclass, response)
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
raise NoAnswer
I tried several signed domains like absolight.fr or ripe.net.
Trying with dig, I see that there are indeed RRSIG records.
Checking with tcpdump, I can see that DNS Python sends the correct
query and receives correct replies (here, eight records):
16:09:39.342532 IP 192.134.4.69.53381 > 192.134.4.162.53: 22330+ [1au] RRSIG?
sources.org. (40)
16:09:39.343229 IP 192.134.4.162.53 > 192.134.4.69.53381: 22330 8/5/6
RRSIG[|domain]
_______________________________________________
dnspython-users mailing list
[email protected]
http://howl.play-bow.org/mailman/listinfo.cgi/dnspython-users
