|
|
|
@ -47,7 +47,7 @@ def handle_needs_login():
|
|
|
|
|
|
|
|
|
|
|
|
# DNS stub configured to do DNSSEC enabled queries
|
|
|
|
# DNS stub configured to do DNSSEC enabled queries
|
|
|
|
resolver = dns.resolver.Resolver()
|
|
|
|
resolver = dns.resolver.Resolver()
|
|
|
|
resolver.use_edns(0, 0, 1232)
|
|
|
|
resolver.use_edns(0, dns.flags.DO, 1232)
|
|
|
|
resolver.flags = dns.flags.AD | dns.flags.RD
|
|
|
|
resolver.flags = dns.flags.AD | dns.flags.RD
|
|
|
|
|
|
|
|
|
|
|
|
def has_dane_record(domain, timeout=10):
|
|
|
|
def has_dane_record(domain, timeout=10):
|
|
|
|
@ -56,7 +56,6 @@ def has_dane_record(domain, timeout=10):
|
|
|
|
if result.response.flags & dns.flags.AD:
|
|
|
|
if result.response.flags & dns.flags.AD:
|
|
|
|
for record in result:
|
|
|
|
for record in result:
|
|
|
|
if isinstance(record, dns.rdtypes.ANY.TLSA.TLSA):
|
|
|
|
if isinstance(record, dns.rdtypes.ANY.TLSA.TLSA):
|
|
|
|
record.validate()
|
|
|
|
|
|
|
|
if record.usage in [2,3] and record.selector in [0,1] and record.mtype in [0,1,2]:
|
|
|
|
if record.usage in [2,3] and record.selector in [0,1] and record.mtype in [0,1,2]:
|
|
|
|
return True
|
|
|
|
return True
|
|
|
|
except dns.resolver.NoNameservers:
|
|
|
|
except dns.resolver.NoNameservers:
|
|
|
|
|
Florent Daigniere
3 years ago