Reputation: 35459
Python + DNS : Cannot get RRSIG records: No Answer
I get DNS records from a Python program, using DNS Python
I can get various DNSSEC-related records:
>>> import dns.resolver
>>> myresolver = dns.resolver.Resolver()
>>> myresolver.use_edns(1, 0, 1400)
>>> print myresolver.query('sources.org', 'DNSKEY')
<dns.resolver.Answer object at 0xb78ed78c>
>>> print myresolver.query('ripe.net', 'NSEC')
<dns.resolver.Answer object at 0x8271c0c>
But no RRSIG records:
>>> print myresolver.query('sources.org', 'RRSIG')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
answer = Answer(qname, rdtype, rdclass, response)
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
raise NoAnswer
I tried several signed domains like absolight.fr or ripe.net.
Trying with dig, I see that there are indeed RRSIG records.
Checking with tcpdump, I can see that DNS Python sends the correct query and receives correct replies (here, eight records):
16:09:39.342532 IP 192.134.4.69.53381 > 192.134.4.162.53: 22330+ [1au] RRSIG? sources.org. (40)
16:09:39.343229 IP 192.134.4.162.53 > 192.134.4.69.53381: 22330 8/5/6 RRSIG[|domain]
DNS Python 1.6.0 - Python 2.5.2 (r252:60911, Aug 8 2008, 09:22:44) [GCC 4.3.1] on linux2
Upvotes: 3
Views: 2877
Answers (5)
Reputation: 2621
If you try this, what happens?
print myresolver.query('sources.org', 'ANY', 'RRSIG')
Upvotes: 0
Reputation: 675
RRSIG is not a record, it's a hashed digest of a valid DNS Record. You can query a DNSKEY record, set want_dnssec=True and get a DNSKEY Record, and an "RRSIG of a DNSKEY Record".
More generally, RRSIG is just a signature of a valid record (such as a DS Record).
So when you ask the server
myresolver.query('sources.org', 'RRSIG')
It doesn't know what you are asking for. RRSIG in itself has no meaning, you need to specify RRSIG of what?
Upvotes: 1
Reputation: 71
You may want to use raise_on_no_answer=False and you will get the correct response:
resolver.query(hostname, dnsrecord, raise_on_no_answer=False)
Upvotes: 0
Reputation: 339816
This looks like a probable bug in the Python DNS library, although I don't read Python well enough to find it.
Note that in any case your EDNS0 buffer size parameter is not large enough to handle the RRSIG records for sources.org, so your client and server would have to fail over to TCP/IP.
Upvotes: 0
Reputation: 35459
You probably mean RRSIG ANY (otherwise, the order is wrong, the class needs to be after the type)
>>> print myresolver.query('sources.org', 'RRSIG', 'ANY')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
answer = Answer(qname, rdtype, rdclass, response)
File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
raise NoAnswer
dns.resolver.NoAnswer
Upvotes: 3
Related Questions
- Why is dnspython giving me this error?
- How can I get DNS records for a domain in python?
- How do we get TXT, CNAME and SOA records from dnspython?
- DNS Server doesnt response
- Parsing DNS RDATA using python
- How do I resolve an SRV record in Python?
- Query reverse dns lookups with dnspython
- DNS rdata parsing with Python
- Dns response doesn't reach destination
- dnspython raises NoAnswer in spite of query answer