46 lines
1.1 KiB
Python
46 lines
1.1 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
import ldns
|
|
import sys
|
|
|
|
debug = True
|
|
|
|
# Check args
|
|
argc = len(sys.argv)
|
|
name = "www.nic.cz"
|
|
if argc < 2:
|
|
print "Usage:", sys.argv[0], "domain [resolver_addr]"
|
|
sys.exit(1)
|
|
else:
|
|
name = sys.argv[1]
|
|
|
|
# Create resolver
|
|
resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
|
|
resolver.set_dnssec(True)
|
|
|
|
# Custom resolver
|
|
if argc > 2:
|
|
# Clear previous nameservers
|
|
ns = resolver.pop_nameserver()
|
|
while ns != None:
|
|
ns = resolver.pop_nameserver()
|
|
ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A)
|
|
resolver.push_nameserver(ip)
|
|
|
|
# Resolve DNS name
|
|
pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN)
|
|
if pkt and pkt.answer():
|
|
|
|
# Debug
|
|
if debug:
|
|
print "NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() )
|
|
|
|
# SERVFAIL indicated bogus name
|
|
if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL:
|
|
print name, "is bogus"
|
|
|
|
# Check AD (Authenticated) bit
|
|
if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR:
|
|
if pkt.ad(): print name, "is secure"
|
|
else: print name, "is insecure"
|