FS-3110 --comment-only phase 2

2025-08-13 17:38:59 +00:00 · 2011-03-24 16:44:22 -05:00
parent 0290bdc34a
commit 822ea8f654
243 changed files with 0 additions and 115797 deletions
--- a/libs/ldns/contrib/python/docs/source/examples/example2.rst
+++ b/libs/ldns/contrib/python/docs/source/examples/example2.rst
@@ -1,100 +0,0 @@
-.. _ex_dnssec:
-
-Querying DNS-SEC validators
-===========================
-
-This basic example shows how to query validating resolver and
-evaluate answer.
-
-Resolving step by step
------------------------
-
-For DNS queries, we need to initialize ldns resolver (covered in previous example).
-   
-::
-   
-   # Create resolver
-   resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
-   resolver.set_dnssec(True)
-
-   # Custom resolver
-   if argc > 2:
-      # Clear previous nameservers
-      ns = resolver.pop_nameserver()
-      while ns != None:
-         ns = resolver.pop_nameserver()
-      ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A)
-      resolver.push_nameserver(ip)
-
-Note the second line :meth:`resolver.set_dnssec`, which enables DNSSEC OK bit
-in queries in order to get meaningful results.
-
-As we have resolver initialized, we can start querying for domain names :
-
-::
-   
-   # Resolve DNS name
-   pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN)
-   if pkt and pkt.answer():
-
-Now we evaluate result, where two flags are crucial :
-
- * Return code
- * AD flag (authenticated)
-
-When return code is `SERVFAIL`, it means that validating resolver marked requested
-name as **bogus** (or bad configuration).
-
-**AD** flag is set if domain name is authenticated **(secure)** or false if
-it's insecure.
-
-Complete source code
--------------------
-
- .. literalinclude:: ../../../examples/ldns-dnssec.py
-    :language: python
-
-
-Testing
-------
-
-In order to get meaningful results, you have to enter IP address of validating
-resolver or setup your own (see howto).
-
-Execute `./example2.py` with options `domain name` and `resolver IP`,
-example:
-
-::
-
-   user@localhost# ./example2.py www.dnssec.cz 127.0.0.1 # Secure (Configured Unbound running on localhost)
-   user@localhost# ./example2.py www.rhybar.cz 127.0.0.1 # Bogus
-
-Howto setup Unbound as validating resolver
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Install Unbound according to instructions.
-Modify following options in `unbound.conf` (located in `/etc` or `/usr/local/etc`)/
-
-
-Uncomment `module-config` and set `validator` before iterator.
-
-::
-
-   module-config: "validator iterator"
-
-Download DLV keys and update path in `unbound.conf`::
-
-   # DLV keys
-   # Download from http://ftp.isc.org/www/dlv/dlv.isc.org.key
-   dlv-anchor-file: "/usr/local/etc/unbound/dlv.isc.org.key"
-
-Update trusted keys (`.cz` for example)::
-
-   # Trusted keys
-   # For current key, see www.dnssec.cz
-   trusted-keys-file: "/usr/local/etc/unbound/trusted.key"
-   
-Now you should have well configured Unbound, so run it::
-
-   user@localhost# unbound -dv
-