vsResolver v-6/20/2012 – DNS Validating Stub Resolver

Changes 6/20/2012 :
– fixed a bug we noticed when we turned validation on for www.shinkuro.se – vsResolver incorrectly thought that a dnamed name was provably insecure instead of secure because of a bad comparison between the orignal name and the trimmed dname – should have used the NameHolder.isEntireName() method as is done now by the fix.
– added 3 test cases and changed some of the expected results now that some more zones are signed.vsResolver is a DNSSEC validating stub resolver, for Windows, linux and Mac – the prerequisites are that dnspython and pycrypto must be installed.  I’ve also built a py2exe package for it on Windows 7 x64 that wraps the prerequisites up into a folder so that there is no need to install anything – it’s self-contained.  It should be possible to do the same for linux and Mac versions, so that there are no prerequistes for those platforms either.The Validating Stub Resolver (vsResolver) is a DNS stub resolver that implements the Domain Name System Security Extensions (DNSSEC) specified in RFC 4033, RFC 4034 and RFC 4035. These add data origin authentication and data integrity to the Domain Name System. vsResolver extends the dnspython toolkit (http://www.dnspython.org/) and uses the pycrypto library for its underlying crypto implementation(https://www.dlitz.net/software/pycrypto/).

Click on this link for a ridiculously simple python page demonstrating vsResolver working – . Try entering some domains and click submit. Then, enable details, click submit to get the details,and compare with what you get for that domain at http://dnssec-debugger.verisignlabs.com.

Features : 

  • DNS Security Extenstions (DNSSEC) Validating Stub Resolver
  • Written in python, extends dnspython, which uses pycrypto
  • Backwards compatible with dns.Resolver.query()
  • Returns a query result along with a DNSSEC rating of BOGUS, PROVABLY_INSECURE or SECURE
  • negative results (e.g., NXDOMAIN) are also rated as BOGUS, PROVABLY_INSECURE or SECURE
  • See RFC4033, RFC4034 and RFC4035 for details on DNSSEC
  • Can be used as is as a utility to determine the DNSSEC status of a domain
  • Can be used as a software library to provide DNSSEC valiation to a DNS query
  • SecureOnly, NoBogus and Permissive modes of operation
  • Can be run with root trust anchor and/or specific islands of trust

How to use :
c:> vsResolver.py 0 [Example]

Download : vsresolver-code.zip (36.8 kB)
Find Other Version |
Read more in here :

Our post Before :