4812f02dd0
bypassing the cache response stage and uniquifying mesh states. Four EDNS option lists were added to module_qstate (module_qstate.edns_opts_*) to store EDNS options from/to front/back side. - Added two flags to module_qstate (no_cache_lookup, no_cache_store) that control the modules' cache interactions. - Added code for registering inplace callback functions. The registered functions can be called just before replying with local data or Chaos, replying from cache, replying with SERVFAIL, replying with a resolved query, sending a query to a nameserver. The functions can inspect the available data and maybe change response/query related data (i.e. append EDNS options). - Updated Python module for the above. - Updated Python documentation. git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
37 lines
904 B
ReStructuredText
37 lines
904 B
ReStructuredText
.. _example_examine:
|
|
|
|
DNSSEC validator
|
|
================
|
|
|
|
This example program performs DNSSEC validation of a DNS lookup.
|
|
|
|
Source code
|
|
-----------
|
|
|
|
::
|
|
|
|
#!/usr/bin/python
|
|
import os
|
|
from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN
|
|
|
|
ctx = ub_ctx()
|
|
ctx.resolvconf("/etc/resolv.conf")
|
|
if (os.path.isfile("keys")):
|
|
ctx.add_ta_file("keys") #read public keys for DNSSEC verification
|
|
|
|
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
|
if status == 0 and result.havedata:
|
|
|
|
print "Result:", result.data.address_list
|
|
|
|
if result.secure:
|
|
print "Result is secure"
|
|
elif result.bogus:
|
|
print "Result is bogus"
|
|
else:
|
|
print "Result is insecure"
|
|
|
|
More detailed informations can be seen in libUnbound DNSSEC tutorial `here`_.
|
|
|
|
.. _here: http://www.unbound.net/documentation/libunbound-tutorial-6.html
|