def dname_check(self, res, domain, rdtype, target, count_rrsig): ans_container = self.make_query(domain, rdtype, res, self.debug) if not ans_container or not ans_container.response or not ans_container.response.answer: self.add_reason("DNAME lookup failed") return False answer = ans_container.response.answer if self.debug: self.println(answer) # log ad bit ad = count_rrsig and (ans_container.response.flags & dns.flags.AD) self.ad_add(ad) cnt = len(answer) if cnt <= 0: self.add_reason("Empty DNAME Answer") return False name = self.Str_to_Name(domain) if self.count_rr(answer, name, dns.rdatatype.DNAME) == 0: self.add_reason("NO DNAME seen in answer") return False if count_rrsig: source = RRSetSource(answer) if cnt < 2: #DNAME and target RRset are signed self.add_reason("Not enoght records in DNAME answer") return False rrset = source.get_rrset(dns.rdatatype.DNAME) if not source.find_covering_rrsigset(rrset): self.add_reason("Missing RRSIG(DNAME)") return False last_rrset = answer[len(answer) - 1] res_target = last_rrset.name.to_text() if res_target != target: self.addr_reason("DNAME name mismatch %s !+ %s" % ( target, res_target, )) return False return True
def count_rr(self, section, name, rdtype): source = RRSetSource(section) return source.count(rdtype)