Looking for the latest version? Download vsresolver-code.zip (48.6 kB)
Home
Name Modified Size Downloads / Week Status
Totals: 3 Items   3.5 MB 3
dist-win-x64.zip 2012-07-30 3.4 MB 11 weekly downloads
README.txt 2012-07-30 44.7 kB 11 weekly downloads
vsresolver-code.zip 2012-07-30 48.6 kB 11 weekly downloads
""" $Id: README.txt 76 2012-07-30 17:46:16Z bobnovas $ """ The python/dnspython Validating Stub Resolver - vsResolver vsResolver is a DNSSEC validating stub resolver, for Windows, linux and Mac - the prerequisites are that dnspython and pycrypto must be installed. I've also built a py2exe package for it on Windows 7 x64 that wraps the prerequisites up into a folder so that there is no need to install anything - it's self-contained. This folder is compressed in the dist-win-x64.zip download. You should be able to unzip this archive and run vsResolver.exe from within the folder (the prerequisites are alongside the .exe). It should be possible to do the same for linux and Mac versions, so that there are no prerequistes for those platforms either. vsResolver is a DNS validating stub resolver according to the Domain Name System Security Extensions (DNSSEC) as documented in RFC4033, RFC4034 and RFC4035. vsResolver requires at least a security aware recursive resolver against which it does queries. I test with unbound running on an Ubuntu box. It's also possible to test against any available dnssec-aware nameserver. These are few and far between. vsResolver will work correctly against 8.8.8.8 (Google's open DNS resolver) for 434 of the 438 test cases currently coded. The test cases that fail, as far as I can tell, fail because of bad responses from 8.8.8.8 (e.g., no DS) that can't be distinguished. Here's an example of the "self-test" output of vsResolver running against 8.8.8.8 (test-data.txt is provided in the download): C: vsResolver.py 8.8.8.8 0 NoBogus test-data.txt usgs.gov,A is NOERROR/SECURE nist.gov,A is NOERROR/SECURE testtest8353.nist.gov,A is NXDOMAIN/SECURE testtest8354.nist.gov,A is NXDOMAIN/SECURE testtestabcd.nist.gov,A is NXDOMAIN/SECURE noaa.gov,A is NOERROR/SECURE nasa.gov,A is NODATA/SECURE nasa.gov,MX is NOERROR/SECURE comcast.net,A is NOERROR/SECURE comcast.com,A is NOERROR/SECURE comcast.org,A is NOERROR/SECURE comcast.net,TXT is NOERROR/SECURE dns101.comcast.net,A is NOERROR/SECURE aaaaaaa.comcast.com,A is NXDOMAIN/SECURE xyz.comcast.net,A is NXDOMAIN/SECURE verizon.net,A is NOERROR/PROVABLY_INSECURE bankofamerica.com,A is NOERROR/PROVABLY_INSECURE shinkuro.net,A is NOERROR/SECURE shinkuro.se,A is NOERROR/SECURE shinkuro.org,A is NOERROR/SECURE shinkuro.com,A is NOERROR/SECURE shinkuro.com,TXT is NOERROR/SECURE shkx.org,A is NODATA/PROVABLY_INSECURE admin.shkx.org,A is NOERROR/PROVABLY_INSECURE novas.us,A is NOERROR/PROVABLY_INSECURE ogud.com,A is NODATA/SECURE xyz.shinkuro.com,A is NXDOMAIN/SECURE xyz.shinkuro.info,A is NXDOMAIN/SECURE xyz.shinkuro.org,A is NXDOMAIN/SECURE ent.shinkuro.com,A is ServFail (no negative proof possible for ent.shinkuro.com./A), expected=NODATA/A, SECURE *****BAD***** a.ent.shinkuro.com,A is NOERROR/SECURE www.shinkuro.com,A is NOERROR/SECURE a.www.shinkuro.com,A is NXDOMAIN/SECURE www.shinkuro.se,A is NOERROR/SECURE www.shinkuro.org,A is NOERROR/SECURE www.shinkuro.org,TXT is NODATA/SECURE wwww.shinkuro.com,A is NXDOMAIN/SECURE www.comcast.net,A is NOERROR/PROVABLY_INSECURE www.comcast.com,A is NOERROR/PROVABLY_INSECURE www.comcast.org,A is NOERROR/SECURE customer.comcast.com,A is NOERROR/PROVABLY_INSECURE customer.g.comcast.com,A is NOERROR/PROVABLY_INSECURE test.dnssec-test.org,A is NXDOMAIN/SECURE tjeb.nl,A is NOERROR/SECURE ok.dnssec.tjeb.nl,A is NOERROR/SECURE nods.dnssec.tjeb.nl,A is NOERROR/SECURE ok.nods.dnssec.tjeb.nl,A is NOERROR/BOGUS *Exception* sigexpired.dnssec.tjeb.nl,A is NOERROR/BOGUS *Exception* signotincepted.dnssec.tjeb.nl,A is NOERROR/BOGUS *Exception* bogussig.dnssec.tjeb.nl,A is NOERROR/BOGUS *Exception* unknownalgorithm.dnssec.tjeb.nl,A is NOERROR/BOGUS *Exception* ok.nsec3.tjeb.nl,A is NOERROR/SECURE nods.nsec3.tjeb.nl,A is NOERROR/SECURE ok.nods.nsec3.tjeb.nl,A is NOERROR/PROVABLY_INSECURE sigexpired.nsec3.tjeb.nl,A is NOERROR/BOGUS *Exception* signotincepted.nsec3.tjeb.nl,A is NOERROR/BOGUS *Exception* bogussig.nsec3.tjeb.nl,A is NOERROR/BOGUS *Exception* unknownalgorithm.nsec3.tjeb.nl,A is NOERROR/BOGUS *Exception* sources.org,A is NODATA/PROVABLY_INSECURE cha.ru,A is NOERROR/PROVABLY_INSECURE 0.217.88.in-addr.arpa,A is NODATA/PROVABLY_INSECURE cz,A is NODATA/SECURE cat,A is NODATA/SECURE badsign-a.testsub.dnssec-deployment.org,A is NOERROR/BOGUS *Exception* abcdef.test.dnssec-tools.org,TXT is NOERROR/SECURE abcdef.test.dnssec-tools.org,A is NODATA/SECURE zzzzz.test.dnssec-tools.org,A is NODATA/SECURE abcdef.nsec3-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE abcdef.nsec3-ns.test.dnssec-tools.org,A is NODATA/SECURE zzzzz.nsec3-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* cnametodne-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* cnametodne-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* futuredate-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/SECURE good-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/SECURE good-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/SECURE good-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* nosig-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-baddata-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-baddata-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-badsign-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-badsign-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-futuredate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-futuredate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-good-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-good-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-nosig-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-nosig-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-pastdate-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-pastdate-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-cname-to-reverseddates-A.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-cname-to-reverseddates-AAAA.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.nsec3-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE futuredate-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/SECURE longlabel-01234567890123456789012345678901234567890123456789012.nsec3-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.nsec3-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.nsec3-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.rsamd5keys-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE futuredate-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/SECURE longlabel-01234567890123456789012345678901234567890123456789012.rsamd5keys-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.rsamd5keys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.rsamd5keys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.newkeys-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE futuredate-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/SECURE longlabel-01234567890123456789012345678901234567890123456789012.newkeys-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.newkeys-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.newkeys-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.newzsk-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE futuredate-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/SECURE longlabel-01234567890123456789012345678901234567890123456789012.newzsk-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.newzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.newzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.rollzsk-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE futuredate-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/SECURE longlabel-01234567890123456789012345678901234567890123456789012.rollzsk-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.rollzsk-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.rollzsk-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.reverseddates-ns.test.dnssec-tools.org,TXT is NOERROR/BOGUS *Exception* futuredate-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* longlabel-01234567890123456789012345678901234567890123456789012.reverseddates-ns.test.dnssec-tools.org,A is NODATA/BOGUS *Exception* nosig-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.reverseddates-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.reverseddates-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.pastdate-ds.test.dnssec-tools.org,TXT is NOERROR/BOGUS *Exception* futuredate-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* longlabel-01234567890123456789012345678901234567890123456789012.pastdate-ds.test.dnssec-tools.org,A is NODATA/BOGUS *Exception* nosig-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.pastdate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.pastdate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.futuredate-ds.test.dnssec-tools.org,TXT is NOERROR/BOGUS *Exception* futuredate-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* longlabel-01234567890123456789012345678901234567890123456789012.futuredate-ds.test.dnssec-tools.org,A is NODATA/BOGUS *Exception* nosig-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.futuredate-ds.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.futuredate-ds.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.nods-ns.test.dnssec-tools.org,TXT is NOERROR/BOGUS *Exception* futuredate-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* longlabel-01234567890123456789012345678901234567890123456789012.nods-ns.test.dnssec-tools.org,A is NODATA/BOGUS *Exception* nosig-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.nods-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.nods-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.nosig-ns.test.dnssec-tools.org,TXT is NOERROR/BOGUS *Exception* futuredate-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* longlabel-01234567890123456789012345678901234567890123456789012.nosig-ns.test.dnssec-tools.org,A is NODATA/BOGUS *Exception* nosig-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.nosig-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.nosig-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.badsign-ns.test.dnssec-tools.org,TXT is NOERROR/BOGUS *Exception* futuredate-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* good-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* longlabel-01234567890123456789012345678901234567890123456789012.badsign-ns.test.dnssec-tools.org,A is NODATA/BOGUS *Exception* nosig-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.badsign-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.badsign-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* addedlater-nosig-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* addedlater-nosig-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* baddata-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* badsign-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* badsign-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* extra-TXT.good-ns.test.dnssec-tools.org,TXT is NOERROR/SECURE futuredate-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* futuredate-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* good-A.good-ns.test.dnssec-tools.org,A is NOERROR/SECURE good-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/SECURE longlabel-01234567890123456789012345678901234567890123456789012.good-ns.test.dnssec-tools.org,A is NODATA/SECURE nosig-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* nosig-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* pastdate-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* pastdate-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* reverseddates-A.good-ns.test.dnssec-tools.org,A is NOERROR/BOGUS *Exception* reverseddates-AAAA.good-ns.test.dnssec-tools.org,AAAA is NOERROR/BOGUS *Exception* baddata-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE baddata-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE badsign-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE badsign-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE extra-TXT.insecure-ns.test.dnssec-tools.org,TXT is NOERROR/PROVABLY_INSECURE futuredate-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE futuredate-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE good-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE good-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE longlabel-01234567890123456789012345678901234567890123456789012.insecure-ns.test.dnssec-tools.org,A is NODATA/PROVABLY_INSECURE nosig-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE nosig-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE pastdate-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE pastdate-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE reverseddates-A.insecure-ns.test.dnssec-tools.org,A is NOERROR/PROVABLY_INSECURE reverseddates-AAAA.insecure-ns.test.dnssec-tools.org,AAAA is NOERROR/PROVABLY_INSECURE a.wilda.rhybar.0skar.cz,A is NOERROR/BOGUS *Exception* a.wilda.nsec.0skar.cz,A is NOERROR/BOGUS *Exception*, expected=NOERROR/SECURE, expected no exception *****BAD***** a.wild.nsec.0skar.cz,A is NOERROR/BOGUS *Exception*, expected=NOERROR/SECURE, expected no exception *****BAD***** a.wilda.0skar.cz,A is NOERROR/SECURE a.wild.0skar.cz,A is NOERROR/SECURE www.wilda.nsec.0skar.cz,A is NOERROR/BOGUS *Exception*, expected=NOERROR/SECURE, expected no exception *****BAD***** www.wilda.0skar.cz,A is NOERROR/SECURE Passed 434/438, *** FAILED *** ent.shinkuro.com,A a.wilda.nsec.0skar.cz,A a.wild.nsec.0skar.cz,A www.wilda.nsec.0skar.cz,A In "query" mode, vsResolver as a main program does a query and validates the result for a given input. For example: C: vsResolver.py 192.168.1.9 0 comcast.net A comcast.net,A is NOERROR/SECURE http://superawesum.novas.us:8080/py/hello.py runs vsResolver wrapped with a simple modpython script that allow you to test the security of a domain/record type. Finally, vsResolver has a verbose mode that mimics the dnssec-debugger.verisignlabs.com output. For example: C: vsResolver.py 192.168.1.9 1 www.shinkuro.org A Found 2 DNSKEY records for . DS=19036/sha256 verifies DNSKEY=19036/SEP Found 1 RRSIGs over DNSKEY RRset RRSIG=19036 and DNSKEY=19036 verifies the DNSKEY RRset query for www.shinkuro.org/A . is trusted until 2012-02-12 12:44:10.030000 Found 2 DS records for org in the . zone Found 1 RRSIGs over DS RRset RRSIG=51201 and DNSKEY=51201 verifies the DS RRset Found 4 DNSKEY records for org DS=21366/sha256 verifies DNSKEY=21366/SEP DS=21366/sha1 verifies DNSKEY=21366/SEP Found 2 RRSIGs over DNSKEY RRset RRSIG=21366 and DNSKEY=21366 verifies the DNSKEY RRset Found 1 DS records for shinkuro.org in the org zone Found 1 RRSIGs over DS RRset RRSIG=55440 and DNSKEY=55440 verifies the DS RRset Found 2 DNSKEY records for shinkuro.org DS=31129/sha1 verifies DNSKEY=31129/SEP Found 2 RRSIGs over DNSKEY RRset RRSIG=31129 and DNSKEY=31129 verifies the DNSKEY RRset Found 0 DS records for www.shinkuro.org in the shinkuro.org zone Found 1 RRSIGs over DNAME RRset RRSIG=53703 and DNSKEY=53703 verifies the DNAME RRset shinkuro.org is a DNAME to shinkuro.info . is trusted until 2012-02-12 12:44:10.030000 Found 2 DS records for info in the . zone Found 1 RRSIGs over DS RRset RRSIG=51201 and DNSKEY=51201 verifies the DS RRset Found 4 DNSKEY records for info DS=54531/sha1 verifies DNSKEY=54531/SEP DS=54531/sha256 verifies DNSKEY=54531/SEP Found 2 RRSIGs over DNSKEY RRset RRSIG=5570 and DNSKEY=5570 verifies the DNSKEY RRset Found 2 DS records for shinkuro.info in the info zone Found 1 RRSIGs over DS RRset RRSIG=5570 and DNSKEY=5570 verifies the DS RRset Found 2 DNSKEY records for shinkuro.info DS=41101/sha1 verifies DNSKEY=41101/SEP DS=41101/sha256 verifies DNSKEY=41101/SEP Found 2 RRSIGs over DNSKEY RRset RRSIG=38847 and DNSKEY=38847 verifies the DNSKEY RRset Found 0 DS records for www.shinkuro.info in the shinkuro.info zone Found 1 RRSIGs over DNAME RRset RRSIG=38847 and DNSKEY=38847 verifies the DNAME RRset shinkuro.info is a DNAME to shinkuro.com . is trusted until 2012-02-12 12:44:10.030000 Found 1 DS records for com in the . zone Found 1 RRSIGs over DS RRset RRSIG=51201 and DNSKEY=51201 verifies the DS RRset Found 2 DNSKEY records for com DS=30909/sha256 verifies DNSKEY=30909/SEP Found 1 RRSIGs over DNSKEY RRset RRSIG=30909 and DNSKEY=30909 verifies the DNSKEY RRset Found 1 RRSIGs over NSEC3 RRset RRSIG=54350 and DNSKEY=54350 verifies the NSEC3 RRset Found 1 RRSIGs over SOA RRset RRSIG=54350 and DNSKEY=54350 verifies the SOA RRset Found 1 RRSIGs over NSEC3 RRset RRSIG=54350 and DNSKEY=54350 verifies the NSEC3 RRset validate_name got NegativeProved: (shinkuro.com has no DS in com, SECURE) www.shinkuro.org,A is NOERROR/PROVABLY_INSECURE www.shinkuro.com. A RR has value 66.92.164.104 www.shinkuro.com. A RR has value 70.88.139.89 The vsResolver API is simple and is demonstrated in the main() program in vsResolver.py. Here are the steps for using vsResolver: 1. Instantiate a dnspython Resolver object, with EDNS enabled and pointing to at least a security aware recursive resolver. 2. Pass that to ValidatingStubResolver, along with an optional logging function. 3. call query(name, rdtype, rdclass) on the ValidatingStubResolver object, passing the name of the domain, the rdata type of the record (e.g., 'A' for ipv4 address record), and the rdata class of the record (e.g., 'IN') for which you are querying. 4. query() returns a dnspython dns.resolver.Answer object that is identical to the object that dnspython dns.Resolver.query() returns, except that it is decorated with a new securityOutcome field, which is one of the following constants: BOGUS, PROVABLY_INSECURE, SECURE. There are 3 behavours or overall operating modes that ValidatingStubResolver can be set to. These are: 0: Permissive - return all results regardless of securityOutcome 1: *NoBogus - return results that are not BOGUS. BOGUS results raise a BadResult Exception. NoBogus is the DEFAULT behavior if none is specified. 2: SecureOnly - return results that are SECURE. BOGUS and PROVABLY_INSECURE results raise a BadResult Exception The BadResult exception has an actualResult field that provides the result (that would have been returned). The ValidatingStubResolver is essentially backwards compatible with dns.Resolver. ValidatingStubResolver provides a query() method that is indistiguishable - there is an additional field in dns.Resolver.Answer, and ValidatingStubResolver does raise additional exceptions. A difference is that ValidatingStubResolver returns results for NXDOMAIN whereas dns.Resolver didn't. But in DNSSEC, it's knowable if you should have gotten an answer but didn't (a BOGUS NXDOMAIN). That's pretty much it. Changes: 2/29/2012 - Added flaggableResolver.py, which overrides dns.Resolver.Query. This eliminates the need to patch dnspython and provides 3 features that dns.Resolver.query does not: - return_response_on_nxdomain - need a response for the NSEC/NSEC3 records - flags - specify CD so that a validating recursive resolver does not do validation and does return all records. This allows for running the recursive resolver that vsResolver uses as a validating resolver (but tells that resolver not to validate). - fixes a bug wherein an answer with rrset null raises an exception. 3/23/2012 - added logging to FlaggableResolver, log queries - fixed bug in nameHolder reverseDirection so it now works correctly when called mulitple times. added test case to test this. - added RRSetSource.has_RRSIG() method - major revision to vsResolver.py to fix several bad bugs in validation. Added 2 test cases. Passes all test cases. 6/20/2012 - fixed a bug we noticed when we turned validation on for www.shinkuro.se - vsResolver incorrectly thought that a dnamed name was provably insecure instead of secure because of a bad comparison between the orignal name and the trimmed dname - should have used the NameHolder.isEntireName() method as is done now by the fix. - added 3 test cases and changed some of the expected results now that some more zones are signed. 6/26/2012 - fixed a bug we noticed with wwww.shinkuro.com - should be NXDOMAIN/SECURE. We weren't checking wraparound for nsec correctly. - added more test cases. 6/27/2012 - rewrote NegativeProofNsec3 per https://www.sidn.nl/fileadmin/docs/PDF-files_UK/wp-2011-0x01-v2.pdf. Works better now - fixed NegativeProofNec bugs - added more test cases to test negative proofs and rtypes other than A - added NODATA status to account for cases where the domain exists but the record type doesn't 6/29/2012 - fixes a bug in NegativeProofNsec3 that I introduced when I refactored the name hashing code on 6/27/2012. 7/2/2012 - did a lot of work to get vsResolver to work against 8.8.8.8 so you don't have to install unbound to get it to work. vsResolver now works against 8.8.8.8 in 55 of the 65 test cases. The test cases that don't work return ServFail. The problem (I think) is that 8.8.8.8 doesn't handle synthesized CNAMEs correctly. 7/9/2012 - fixed a bug with empty non terminals and wildcards (e.g., a.xyz.shinkuro.com). 7/10/2012 - fixed a bug with distinguishing BOGUS and PROVABLY_INSECURE using signed zones and presence of RRSIG - changed test mechanism to use a file - added over 100 test zones from dnssec-tools.org - fixed whatever bugs cropped up 7/11/2012 - reworked the initial key lookups to also load BadSig and NegativeProof markers against zone names - use these to do a better job figuring security outcome - seems to work against all test cases, when run against a local copy of unbound. 8.8.8.8, not so much, but not too bad. 7/12/2012 - added more test cases - worked on CNAMEs from 8.8.8.8 - still not good. 8.8.8.8 doesn't return rrsigs for CNAMEs. 7/26/2012 - fixed timeouts, nsec3 algorithm - all test cases work against a decent resolver (unbound), many work against 8.8.8.8 but not all. 7/30/2012 - fixed the test cases (2 were missing a comma) - fixed the code so that 434/438 test cases run correctly against 8.8.8.8, and 438/438 run correctly against unbound.
Source: README.txt, updated 2012-07-30