Python + DNS : Cannot get RRSIG records: No Answer

Question

我使用 DNSPython 从 Python 程序获取 DNS 记录

我可以获得各种 DNSSEC 相关记录:

>>> import dns.resolver
>>> myresolver = dns.resolver.Resolver()
>>> myresolver.use_edns(1, 0, 1400)
>>> print myresolver.query('sources.org', 'DNSKEY')
<dns.resolver.Answer object at 0xb78ed78c>
>>> print myresolver.query('ripe.net', 'NSEC')
<dns.resolver.Answer object at 0x8271c0c>

但是没有RRSIG记录:

>>> print myresolver.query('sources.org', 'RRSIG')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
    answer = Answer(qname, rdtype, rdclass, response)                        
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
    raise NoAnswer                                                              

我尝试了几个签名域，如 absolight.fr 或 ripe.net。

尝试挖掘，我看到确实有 RRSIG 记录。

检查 tcpdump，我可以看到 DNS Python 发送了正确的查询并收到正确回复(此处为八条记录):

16:09:39.342532 IP 192.134.4.69.53381 > 192.134.4.162.53: 22330+ [1au] RRSIG? sources.org. (40)
16:09:39.343229 IP 192.134.4.162.53 > 192.134.4.69.53381: 22330 8/5/6 RRSIG[|domain]

DNS Python 1.6.0 -Python 2.5.2(r252:60911，2008 年 8 月 8 日，09:22:44)Linux2 上的[GCC 4.3.1]

Answer 1

你的意思可能是 RRSIG ANY(否则顺序不对，类需要在类型之后)

>>> print myresolver.query('sources.org', 'RRSIG', 'ANY')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
    answer = Answer(qname, rdtype, rdclass, response)
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
    raise NoAnswer
dns.resolver.NoAnswer