tags:

views:

713

answers:

3
+1  Q: 

Python + DNS : Cannot get RRSIG records: No Answer

I get DNS records from a Python program, using DNS Python

I can get various DNSSEC-related records:

>>> import dns.resolver
>>> myresolver = dns.resolver.Resolver()
>>> myresolver.use_edns(1, 0, 1400)
>>> print myresolver.query('sources.org', 'DNSKEY')
<dns.resolver.Answer object at 0xb78ed78c>
>>> print myresolver.query('ripe.net', 'NSEC')
<dns.resolver.Answer object at 0x8271c0c>

But no RRSIG records:

>>> print myresolver.query('sources.org', 'RRSIG')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
    answer = Answer(qname, rdtype, rdclass, response)                        
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
    raise NoAnswer

I tried several signed domains like absolight.fr or ripe.net.

Trying with dig, I see that there are indeed RRSIG records.

Checking with tcpdump, I can see that DNS Python sends the correct query and receives correct replies (here, eight records):

16:09:39.342532 IP 192.134.4.69.53381 > 192.134.4.162.53: 22330+ [1au] RRSIG? sources.org. (40)
16:09:39.343229 IP 192.134.4.162.53 > 192.134.4.69.53381: 22330 8/5/6 RRSIG[|domain]

DNS Python 1.6.0 - Python 2.5.2 (r252:60911, Aug 8 2008, 09:22:44) [GCC 4.3.1] on linux2

A: 

If you try this, what happens?

print myresolver.query('sources.org', 'ANY', 'RRSIG')

Cetra  2008-09-17 12:59:30
+1  A: 

You probably mean RRSIG ANY (otherwise, the order is wrong, the class needs to be after the type)

>>> print myresolver.query('sources.org', 'RRSIG', 'ANY')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 664, in query
    answer = Answer(qname, rdtype, rdclass, response)
  File "/usr/lib/python2.5/site-packages/dns/resolver.py", line 121, in __init__
    raise NoAnswer
dns.resolver.NoAnswer
bortzmeyer  2008-09-17 15:25:29
A: 

This looks like a probable bug in the Python DNS library, although I don't read Python well enough to find it.

Note that in any case your EDNS0 buffer size parameter is not large enough to handle the RRSIG records for sources.org, so your client and server would have to fail over to TCP/IP.

Alnitak  2008-09-22 13:42:59
Tested also with an EDNS buffer size of 4096, same result.
bortzmeyer  2008-09-26 20:05:06

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python