1#!/usr/bin/python 2# -*- coding: utf-8 -*- 3import ldns 4import sys 5 6debug = True 7 8# Check args 9argc = len(sys.argv) 10name = "www.nic.cz" 11if argc < 2: 12 print "Usage:", sys.argv[0], "domain [resolver_addr]" 13 sys.exit(1) 14else: 15 name = sys.argv[1] 16 17# Create resolver 18resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") 19resolver.set_dnssec(True) 20 21# Custom resolver 22if argc > 2: 23 # Clear previous nameservers 24 ns = resolver.pop_nameserver() 25 while ns != None: 26 ns = resolver.pop_nameserver() 27 ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) 28 resolver.push_nameserver(ip) 29 30# Resolve DNS name 31pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) 32if pkt and pkt.answer(): 33 34 # Debug 35 if debug: 36 print "NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() ) 37 38 # SERVFAIL indicated bogus name 39 if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL: 40 print name, "is bogus" 41 42 # Check AD (Authenticated) bit 43 if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR: 44 if pkt.ad(): print name, "is secure" 45 else: print name, "is insecure" 46