def dname_check(self, res, domain, rdtype, target, count_rrsig):
ans_container = self.make_query(domain, rdtype, res, self.debug)
if not ans_container or not ans_container.response or not ans_container.response.answer:
self.add_reason("DNAME lookup failed")
return False
answer = ans_container.response.answer
if self.debug:
self.println(answer)
# log ad bit
ad = count_rrsig and (ans_container.response.flags & dns.flags.AD)
self.ad_add(ad)
cnt = len(answer)
if cnt <= 0:
self.add_reason("Empty DNAME Answer")
return False
name = self.Str_to_Name(domain)
if self.count_rr(answer, name, dns.rdatatype.DNAME) == 0:
self.add_reason("NO DNAME seen in answer")
return False
if count_rrsig:
source = RRSetSource(answer)
if cnt < 2:
#DNAME and target RRset are signed
self.add_reason("Not enoght records in DNAME answer")
return False
rrset = source.get_rrset(dns.rdatatype.DNAME)
if not source.find_covering_rrsigset(rrset):
self.add_reason("Missing RRSIG(DNAME)")
return False
last_rrset = answer[len(answer) - 1]
res_target = last_rrset.name.to_text()
if res_target != target:
self.addr_reason("DNAME name mismatch %s !+ %s" % (
target,
res_target,
))
return False
return True
def count_rr(self, section, name, rdtype):
source = RRSetSource(section)
return source.count(rdtype)
