def run(self, context, suggested_tested, name, rdataset): tested = None result = None # Only run test for non-NSEC/RRSIG, non-delegated RRSets: if (rdataset.rdtype != dns.rdatatype.NSEC and rdataset.rdtype != dns.rdatatype.RRSIG and not context.is_delegated(name)): tested = suggested_tested # Make sure there's an NSEC for the rdataset name: nsec_rdataset = context.zone_obj.get_rdataset(name, 'NSEC') if not nsec_rdataset: result = 'No NSEC\'s found for name: %s' % (name) if not result: # Look in found nsec_rdataset for an NSEC that covers the # rdataset type: got_one = False for nsec in nsec_rdataset.items: if nsecx.covers(nsec, rdataset.rdtype): got_one = True break if not got_one: result = 'No NSEC that covers type=%s for name: %s' % ( dns.rdatatype.to_text(rdataset.rdtype), name) return (tested, result)
def run(self, context, suggested_tested, name, rdataset): tested = None result = None # Only run test if there's an NSEC3PARAM: nsec3param = (len(context.nsec3param_rdataset.items) and context.nsec3param_rdataset.items[0] or None) if nsec3param: # Only run test for non-NSEC3/RRSIG, non-delegated RRSets: if (rdataset.rdtype != dns.rdatatype.NSEC3 and rdataset.rdtype != dns.rdatatype.RRSIG and not context.is_delegated(name)): tested = suggested_tested # Make sure there's an NSEC3 for the rdataset name: hashed_name = '%s.%s' % ( nsecx.hash_nsec3_name( name, nsec3param.salt, nsec3param.algorithm, nsec3param.iterations), context.zone_name) nsec3_rdataset = context.zone_obj.get_rdataset(hashed_name, 'NSEC3') if not nsec3_rdataset: result = 'No NSEC3\'s found for name: %s' % (hashed_name) if not result: # Look in found nsec3_rdataset for an NSEC3 that covers the # rdataset type: got_one = False for nsec3 in nsec3_rdataset.items: if nsecx.covers(nsec3, rdataset.rdtype): got_one = True break if not got_one: result = 'No NSEC3 that covers type=%s for name: %s' % ( dns.rdatatype.to_text(rdataset.rdtype), hashed_name) return (tested, result)