Update vsResolver v-6/27/2012 – DNS Validating Stub Resolver

Changes 6/27/2012:
– rewrote NegativeProofNsec3 per https://www.sidn.nl/fileadmin/docs/PDF-files_UK/wp-2011-0x01-v2.pdf. Works better now
– fixed NegativeProofNec bugs
– added more test cases to test negative proofs and rtypes other than A
– added NODATA status to account for cases where the domain exists but the record type doesn’tvsResolver is a DNSSEC validating stub resolver, for Windows, linux and Mac – the prerequisites are that dnspython and pycrypto must be installed.  I’ve also built a py2exe package for it on Windows 7 x64 that wraps the prerequisites up into a folder so that there is no need to install anything – it’s self-contained.  It should be possible to do the same for linux and Mac versions, so that there are no prerequistes for those platforms either.

The Validating Stub Resolver (vsResolver) is a DNS stub resolver that implements the Domain Name System Security Extensions (DNSSEC) specified in RFC 4033, RFC 4034 and RFC 4035. These add data origin authentication and data integrity to the Domain Name System. vsResolver extends the dnspython toolkit (http://www.dnspython.org/) and uses the pycrypto library for its underlying crypto implementation(https://www.dlitz.net/software/pycrypto/).

Click on this link for a ridiculously simple python page demonstrating vsResolver working – . Try entering some domains and click submit. Then, enable details, click submit to get the details,and compare with what you get for that domain at http://dnssec-debugger.verisignlabs.com.

Features : 

  • DNS Security Extenstions (DNSSEC) Validating Stub Resolver
  • Written in python, extends dnspython, which uses pycrypto
  • Backwards compatible with dns.Resolver.query()
  • Returns a query result along with a DNSSEC rating of BOGUS, PROVABLY_INSECURE or SECURE
  • negative results (e.g., NXDOMAIN) are also rated as BOGUS, PROVABLY_INSECURE or SECURE
  • See RFC4033, RFC4034 and RFC4035 for details on DNSSEC
  • Can be used as is as a utility to determine the DNSSEC status of a domain
  • Can be used as a software library to provide DNSSEC valiation to a DNS query
  • SecureOnly, NoBogus and Permissive modes of operation
  • Can be run with root trust anchor and/or specific islands of trust

How to use :
c:> vsResolver.py 192.168.1.9 0 [Example]

Download : vsresolver-code.zip (39.0 kB) | dist-win-x64.zip (3.3MB)
Find Other Version |
Read more in here

Our post Before :
http://www.seclist.us/vsresolver-v-6202012-dns-validating.html