def resolve_with_dnssec(nameserver, query, rtype="SOA"):
res = DNSResolver()
res.nameservers = [nameserver]
res.lifetime = 10 # wait max 10 seconds for reply
# enable Authenticated Data + Checking Disabled flags
res.set_flags(dns.flags.AD | dns.flags.CD)
# enable EDNS v0 + enable DNSSEC-Ok flag
res.use_edns(0, dns.flags.DO, 0)
ans = res.resolve(query, rtype)
return ans
def resolve_records_from_server(rname, rtype, nameserver):
error = None
res = DNSResolver()
res.nameservers = [nameserver]
res.lifetime = 30
logger.info("Query: %s %s, nameserver %s", rname, rtype, nameserver)
# lets try to query 3x
for _i in range(3):
try:
ans = res.resolve(rname, rtype)
logger.info("Answer: %s", ans.rrset)
return ans.rrset
except (dns.resolver.NXDOMAIN, dns.resolver.Timeout) as e:
error = e
time.sleep(10)
pytest.fail("Query: {} {}, nameserver {} failed due to {}".format(
rname, rtype, nameserver, error))
def _resolve_record(owner,
rtype,
nameserver_ip=None,
edns0=False,
dnssec=False,
flag_cd=False,
timeout=10):
"""
:param nameserver_ip: if None, default resolvers will be used
:param edns0: enables EDNS0
:param dnssec: enabled EDNS0, flags: DO
:param flag_cd: requires dnssec=True, adds flag CD
:raise DNSException: if error occurs
"""
assert isinstance(nameserver_ip, str) or nameserver_ip is None
assert isinstance(rtype, str)
res = DNSResolver()
if nameserver_ip:
res.nameservers = [nameserver_ip]
res.lifetime = timeout
# Recursion Desired,
# this option prevents to get answers in authority section instead of answer
res.set_flags(dns.flags.RD)
if dnssec:
res.use_edns(0, dns.flags.DO, 4096)
flags = dns.flags.RD
if flag_cd:
flags = flags | dns.flags.CD
res.set_flags(flags)
elif edns0:
res.use_edns(0, 0, 4096)
return res.resolve(owner, rtype)