def dname_check(self, res, domain, rdtype, target, count_rrsig): ans_container = self.make_query(domain, rdtype, res, self.debug) if not ans_container or not ans_container.response or not ans_container.response.answer: self.add_reason("DNAME lookup failed") return False answer = ans_container.response.answer if self.debug: self.println(answer) # log ad bit ad = count_rrsig and (ans_container.response.flags & dns.flags.AD) self.ad_add(ad) cnt = len(answer) if cnt <= 0: self.add_reason("Empty DNAME Answer") return False name = self.Str_to_Name(domain) if self.count_rr(answer, name, dns.rdatatype.DNAME) == 0: self.add_reason("NO DNAME seen in answer") return False if count_rrsig: source = RRSetSource(answer) if cnt < 2: #DNAME and target RRset are signed self.add_reason("Not enoght records in DNAME answer") return False rrset = source.get_rrset(dns.rdatatype.DNAME) if not source.find_covering_rrsigset(rrset): self.add_reason("Missing RRSIG(DNAME)") return False last_rrset = answer[len(answer) - 1] res_target = last_rrset.name.to_text() if res_target != target: self.addr_reason("DNAME name mismatch %s !+ %s" % ( target, res_target, )) return False return True
def dname_check(self, res, domain, rdtype, target, count_rrsig): ans_container = self.make_query(domain, rdtype, res, self.debug) if not ans_container or not ans_container.response or not ans_container.response.answer: self.add_reason( "DNAME lookup failed") return False answer = ans_container.response.answer if self.debug: self.println(answer) # log ad bit ad = count_rrsig and (ans_container.response.flags & dns.flags.AD) self.ad_add(ad) cnt = len(answer) if cnt <= 0: self.add_reason( "Empty DNAME Answer") return False name = self.Str_to_Name(domain) if self.count_rr(answer, name, dns.rdatatype.DNAME) == 0: self.add_reason("NO DNAME seen in answer") return False if count_rrsig: source = RRSetSource(answer) if cnt < 2: #DNAME and target RRset are signed self.add_reason("Not enoght records in DNAME answer") return False rrset = source.get_rrset(dns.rdatatype.DNAME) if not source.find_covering_rrsigset(rrset): self.add_reason("Missing RRSIG(DNAME)") return False last_rrset = answer[len(answer)-1] res_target = last_rrset.name.to_text() if res_target != target: self.addr_reason("DNAME name mismatch %s !+ %s" % (target, res_target, )) return False return True
def compare(self, other, ttl_tolerance, verbose, side_by_side): if not isinstance(other, ResultHolder): self.report("can't compare %s to %s" % (self.__class__, other.__class__, )) return if type(self.summary()) != type(other.summary()): self.report("different results: %s != %s" % (type(self.summary()), type(other.summary()), )) return if isinstance(self.summary(), DNSException): #exceptions match self.report("Equal") return elif isinstance(self.summary(), Message): my_response = self.result.response other_response = other.result.response my_rcode = my_response.rcode() other_rcode = other_response.rcode() if my_rcode != other_rcode: self.report("Different rcodes: %d != %d" % (my_rcode, other_rcode, )) return my_answ = RRSetSource(my_response.answer) my_answ_rrsets = my_answ.list_rrsets() other_answ = RRSetSource(other_response.answer) other_answ_rrsets = other_answ.list_rrsets() #if at least one result has an answer section, ... if len(my_answ_rrsets) != 0 or len(other_answ_rrsets) != 0: # compare the answer sections return self.compare_section(other, my_answ_rrsets, other_answ_rrsets, ttl_tolerance, verbose, side_by_side) else: #otherwise, compare the authority sections my_auth = RRSetSource(my_response.authority) my_auth_rrsets = my_auth.list_rrsets() other_auth = RRSetSource(other_response.authority) other_auth_rrsets = other_auth.list_rrsets() return self.compare_section(other, my_auth_rrsets, other_auth_rrsets, ttl_tolerance, verbose, side_by_side) else: raise ValueError("oops-program error...")
def count_rr(self, section, name, rdtype): source = RRSetSource(section) return source.count(rdtype)