81 lines
2.4 KiB
Python
81 lines
2.4 KiB
Python
#!/bin/env python
|
|
|
|
'''
|
|
Check whether the authoritative nameservers returned for all puzzle managed
|
|
domains belong to the list of pitc_nameservers and fail if one does not.
|
|
|
|
usage: ./dnsverify.py [-v]
|
|
'''
|
|
|
|
import sys
|
|
import yaml
|
|
|
|
from dns import resolver
|
|
|
|
# list of puzzle authoritative name servers
|
|
pitc_nameservers = [
|
|
'ns1.dnsimple.com.',
|
|
'ns2.dnsimple.com.',
|
|
'ns3.dnsimple.com.',
|
|
'ns4.dnsimple.com.',
|
|
'ns5.dnsmadeeasy.com.',
|
|
'ns6.dnsmadeeasy.com.',
|
|
'ns7.dnsmadeeasy.com.'
|
|
]
|
|
|
|
# list of puzzle managed zone files
|
|
pitc_domains = [ 'puzzle.ch.yaml', 'puzzle.yaml', 'nonpuzzle.yaml' ]
|
|
|
|
# configure opendns resolver
|
|
resolver = resolver.Resolver()
|
|
resolver.nameservers = ['208.67.222.222','208.67.220.220']
|
|
|
|
def get_authoritative_ns(domains, verbose=False):
|
|
'''
|
|
dsc: Query the domains and return the authoritative name server.
|
|
arg: [list], domain to query
|
|
ret: [str], nameserver
|
|
'''
|
|
for domain in domains:
|
|
answers = resolver.resolve(domain,'NS')
|
|
for server in answers:
|
|
if not verify_authoritative_ns(str(server)):
|
|
print("ERROR: {} got answer from {}, not managed by puzzle".format(domain, server), file=sys.stderr)
|
|
return False
|
|
elif verbose:
|
|
print("{} got answer from {}".format(domain, server))
|
|
return True
|
|
|
|
def get_domains(filenames):
|
|
'''
|
|
dsc: Loads domain names from a list of yaml files.
|
|
arg: [list], filenames
|
|
ret: [list], arbitrary list of domain names
|
|
'''
|
|
domains = []
|
|
for file in filenames:
|
|
with open(file, 'r') as zone_file:
|
|
yaml_data = yaml.safe_load(zone_file)
|
|
yaml_list = list(yaml_data.get('zones'))
|
|
domains.extend(yaml_list)
|
|
return domains
|
|
|
|
def verify_authoritative_ns(nameserver):
|
|
'''
|
|
dsc: Verifies if the authoritative NS belongs to the puzzle managed NS.
|
|
arg: [str], nameserver
|
|
ret: [boolean], true if ok; false if nok.
|
|
'''
|
|
if nameserver in pitc_nameservers:
|
|
return True
|
|
return False
|
|
|
|
if __name__ == '__main__':
|
|
VERBOSE = False
|
|
if '-v' in sys.argv:
|
|
VERBOSE = True
|
|
dns = get_domains(pitc_domains)
|
|
if not get_authoritative_ns(dns, VERBOSE):
|
|
sys.exit(1)
|
|
sys.exit(0)
|