#!/usr/bin/python # -*- coding: utf-8 -*- import ldns import sys debug = True # Check args argc = len(sys.argv) name = "www.nic.cz" if argc < 2: print "Usage:", sys.argv[0], "domain [resolver_addr]" sys.exit(1) else: name = sys.argv[1] # Create resolver resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") resolver.set_dnssec(True) # Custom resolver if argc > 2: # Clear previous nameservers ns = resolver.pop_nameserver() while ns != None: ns = resolver.pop_nameserver() ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) resolver.push_nameserver(ip) # Resolve DNS name pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) if pkt and pkt.answer(): # Debug if debug: print "NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() ) # SERVFAIL indicated bogus name if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL: print name, "is bogus" # Check AD (Authenticated) bit if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR: if pkt.ad(): print name, "is secure" else: print name, "is insecure"