pycares Support for DNSSEC

It seems that c-ares supports DNSSEC for example it seems they support DNSKEY queries: https://github.com/c-ares/c-ares/blob/7ebedab25dab50b2f008fbef8601c223096bb780/test/dns-proto.cc#L132

However, when I try with pycares I get this error:

It works with dns.resolver.query('dnssec-tools.org', 'DNSKEY')

Mar 28 '20 21:03 NotoriousRebel

__main__.py: https://github.com/saghul/pycares/blob/master/src/pycares/main.py#L39-L60

Mar 28 '22 23:03 westurner

Last I checked c-ares does not support parsing DNSKEY RRs.

Mar 29 '22 05:03 saghul

https://github.com/c-ares/c-ares/search?q=dnskey&type=

https://github.com/c-ares/c-ares/blob/main/src/tools/adig.c#L791-L793

delv (bind) does dnssec ... Fwiw:

https://bind9.readthedocs.io/en/latest/dnssec-guide.html#what-does-dnssec-add-to-dns
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#dnssec-troubleshooting
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#dnssec-keys #types-of-keys
https://github.com/isc-projects/bind9/blob/main/LICENSE
- Mozilla Public License, version 2.0
isc_result_t dns_zoneverify_dnssec https://github.com/isc-projects/bind9/blob/main/lib/dns/zoneverify.c#L1960
setup_dnsseckeys https://github.com/isc-projects/bind9/blob/main/bin/delv/delv.c#L801
dns_dnssec_verify https://github.com/isc-projects/bind9/blob/main/lib/dns/dnssec.c#L374

Mar 29 '22 06:03 westurner

https://pypi.org/search/?q=dnskey

class DNSKEY(RD): https://github.com/paulc/dnslib/blob/master/dnslib/dns.py#L1504 BSD
TODO https://github.com/Yurzs/triton/blob/master/triton/resolver/root.py#L171 MIT

Mar 29 '22 06:03 westurner

Thanks for compiling those links!

This project being a c-ares wrapper, will gain better DNSSEC support once it's also better supported by c-ares itself.

Mar 29 '22 09:03 saghul

pycares pycares copied to clipboard

Support for DNSSEC

pycares
pycares copied to clipboard