Re: [Dnspython-users] Querying for RRSIG gives always NOANSWER

Wed, 28 Mar 2012 00:01:40 -0700 

Am 25.03.2012 um 19:59 schrieb Axel Rau:

> Hi all,
> 
> this question has already been asked, but I could not find an answer.
> 
> I'm using python 3.2 with dns from git.
> 
> master_resolver = dns.resolver.Resolver()
> master_resolver.lifetime = NS_TIMEOUT
> master_resolver.nameservers = (conf.master,)
> master_resolver.use_edns(edns=0, ednsflags=0, payload=4096)
> master_resolver.query('sub.example.com', 'RRSIG')
> 
> I can see all the RRSIG rdata in the debugger:
> ---
> (Pdb) pp key
> (1, <DNS name sub.example.com.>, 1, 46, 0, None)
> (Pdb) s
>> /Library/Frameworks/Python.framework/Versions/3.2/lib/python3.2/site-packages/dns/message.py(331)find_rrset()
> -> if not self.index is None:
> (Pdb) pp self.index
> {(0, <DNS name sub.example.com.>, 1, 46, 0, None): <DNS sub.example.com. IN 
> RRSIG RRset>,
> (1, <DNS name sub.example.com.>, 1, 46, 2, None): <DNS sub.example.com. IN 
> RRSIG(NS) RRset>,
> (1, <DNS name sub.example.com.>, 1, 46, 6, None): <DNS sub.example.com. IN 
> RRSIG(SOA) RRset>,
> (1, <DNS name sub.example.com.>, 1, 46, 47, None): <DNS sub.example.com. IN 
> RRSIG(NSEC) RRset>,
> (1, <DNS name sub.example.com.>, 1, 46, 48, None): <DNS sub.example.com. IN 
> RRSIG(DNSKEY) RRset>,
> (1, <DNS name sub.example.com.>, 1, 46, 65534, None): <DNS sub.example.com. 
> IN RRSIG(TYPE65534) RRset>,
> (2, <DNS name sub.example.com.>, 1, 2, 0, None): <DNS sub.example.com. IN NS 
> RRset>,
> (3, <DNS name localhost.>, 1, 1, 0, None): <DNS localhost. IN A RRset>,
> (3, <DNS name localhost.>, 1, 28, 0, None): <DNS localhost. IN AAAA RRset>}
> (Pdb) c
> ? sub.example.com: RRSIG query timed out. <class 'dns.resolver.NoAnswer'>, 
> ---
> but I have no idea how to return them to my script.
> What am doing wrong?

I found this workaround, creating a zone from an AXFR and querying the RRSIGs 
in that zone.
This way, I could specify a 'covers' argument, which is not possible with 
dns.resolver.Resolver.query:
---
zone = dns.zone.from_xfr(dns.query.xfr(conf.master, self.name, 
relativize=False, lifetime=30.0), relativize=False)
my_covers = dns.rdatatype.DNSKEY    # DNSKEYs signed by KSK
if self.type == 'ZSK':
   my_covers = dns.rdatatype.SOA    # others signed by ZSK
rds = zone.find_rrset(self.name + '.', 'RRSIG', covers=my_covers)
for rrsig_rdata in rds.items:
    key_tag = rrsig_rdata.key_tag
    if key_tag == self.keytag:
        return True                 # at least one RR signed by ourselves
---

Axel
---
PGP-Key:29E99DD6  ☀ +49 151 2300 9283  ☀ computing @ chaos claudius

_______________________________________________
dnspython-users mailing list
[email protected]
http://howl.play-bow.org/mailman/listinfo/dnspython-users

Reply via email to