def get_records(host, port, proto='tcp'):
resolver = Resolver()
resolver.set_flags(flags.AD + flags.RD)
name = '_{}._{}.{}'.format(port, proto, host)
try:
rrset = resolver.query(name, rdtype=rdatatype.TLSA)
except NXDOMAIN:
log.debug('No record found for %s', name)
raise
except NoNameservers:
log.debug('No unbroken server for resolving %s', name)
# It may be because there is a bad dnssec key
resolver.set_flags(flags.CD + flags.RD)
rrset = resolver.query(name, rdtype=rdatatype.TLSA)
log.debug('Without validation we have an answer: %s', rrset)
for record in rrset:
log.debug(record)
secure = rrset.response.flags & flags.AD == flags.AD
if not secure:
log.warn('Not DNSSEC signed!')
return TLSAValidator([r for r in rrset], secure)
class CustomResolver(object):
def __init__(self):
self.resolver = Resolver()
self.resolver.use_edns(0, 0, 4096)
self.resolver.set_flags(flags.AD + flags.RD)
self.degraded = Resolver()
self.degraded.use_edns(0, 0, 4096)
self.degraded.set_flags(flags.CD + flags.RD)
def query(self, fqdn, rdatatype=rdt.A, degraded=False):
log.debug('Query %s %s', fqdn, rdatatype)
try:
return self.resolver.query(fqdn, rdatatype)
except NoNameservers:
if degraded:
return self.degraded.query(fqdn, rdatatype)
raise
except NXDOMAIN:
if degraded:
return self.degraded.query(fqdn, rdatatype)
return None
def srv(self, name, domainname, proto='tcp'):
fqdn = '_{}._{}.{}'.format(name, proto, domainname)
return self.query(fqdn, rdt.SRV)
def tlsa(self, hostname, port, proto='tcp'):
fqdn = '_{}._{}.{}'.format(port, proto, hostname)
return self.query(fqdn, rdt.TLSA)
def mx(self, domainname):
return self.query(domainname, rdt.MX)
