problem with script verifying RRSIGs using DNSPython

386 Views Asked by Mnemosyne At 10 April 2025 at 18:25

Im writing a script to verify rrsigs using dnspython but something is wrong with my code. The following is a snippet and its accompanying error message:

domain = 'iana.org'
server = '8.8.8.8'

qname = dns.name.from_text(domain)

# get DNSKEYs
DNSKEY_query = dns.message.make_query(qname, dns.rdatatype.DNSKEY, want_dnssec=True)
(DNSKEY_response, _) = dns.query.udp_with_fallback(DNSKEY_query, server)
dnskey_set, dnskey_sig = DNSKEY_response.answer

# get RRset and RRsig to verify
query = dns.message.make_query(qname, dns.rdatatype.NS, want_dnssec=True)
(response, _) = dns.query.udp_with_fallback(query, server)
rrset, rrsig = response.answer
dns.dnssec.validate(rrset, rrsig, {dns.name.empty: dnskey_set}, None)

Error message.

Traceback (most recent call last):
  File "dnssec_validator.py", line 107, in <module>
    dns.dnssec.validate(rrset, rrsig, {dns.name.empty: dnskey_set}, None)
  File "/home/user/PycharmProjects/RPKIDNSSEC/venv/lib/python3.6/site-packages/dns/dnssec.py", line 494, in _validate
    raise ValidationFailure("no RRSIGs validated")
dns.dnssec.ValidationFailure: no RRSIGs validated

Original Q&A

problem with script verifying RRSIGs using DNSPython

There are 0 best solutions below

Related Questions in PYTHON

Related Questions in DNS

Related Questions in DNSPYTHON

Related Questions in DNSSEC

Trending Questions

Popular # Hahtags

Popular Questions