我使用 DNSPython 从 Python 程序获取 DNS 记录
我可以获得各种 DNSSEC 相关记录:
>>> import dns.resolver
>>> myresolver = dns.resolver.Resolver()
>>> myresolver.use_edns(1, 0, 1400)
>>> print myresolver.query('sources.org', 'DNSKEY')
<dns.resolver.Answer object at 0xb78ed78c>
>>> print myresolver.query('ripe.net', 'NSEC')
<dns.resolver.Answer object at 0x8271c0c>
但是没有RRSIG记录:
>>> print myresolver.query('sources.org', 'RRSIG')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
answer = Answer(qname, rdtype, rdclass, response)
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
raise NoAnswer
我尝试了几个签名域,如 absolight.fr 或 ripe.net。
尝试挖掘,我看到确实有 RRSIG 记录。
检查 tcpdump,我可以看到 DNS Python 发送了正确的查询并收到正确回复(此处为八条记录):
16:09:39.342532 IP 192.134.4.69.53381 > 192.134.4.162.53: 22330+ [1au] RRSIG? sources.org. (40)
16:09:39.343229 IP 192.134.4.162.53 > 192.134.4.69.53381: 22330 8/5/6 RRSIG[|domain]
DNS Python 1.6.0 -Python 2.5.2(r252:60911,2008 年 8 月 8 日,09:22:44)Linux2 上的[GCC 4.3.1]
你的意思可能是 RRSIG ANY(否则顺序不对,类需要在类型之后)
>>> print myresolver.query('sources.org', 'RRSIG', 'ANY')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
answer = Answer(qname, rdtype, rdclass, response)
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
raise NoAnswer
dns.resolver.NoAnswer
我是一名优秀的程序员,十分优秀!