]>
git.siccegge.de Git - tools.git/blob - dnssec-check
3 from __future__
import print_function
5 from unbound
import ub_ctx
, idn2dname
, RR_TYPE_SOA
, RR_TYPE_RRSIG
, ub_strerror
6 from optparse
import OptionParser
8 from datetime
import datetime
, timedelta
10 def parse_rrsig_expire(expirestring
):
11 expires
= datetime(int(expirestring
[:4]),
12 int(expirestring
[4:6]),
13 int(expirestring
[6:8]),
14 int(expirestring
[8:10]),
15 int(expirestring
[10:12]),
16 int(expirestring
[12:14]))
18 delta
= expires
- datetime
.utcnow()
21 def check_dnssec_expire(resolver
, name
, warn
, crit
):
22 s
, result
= resolver
.resolve(name
, rrtype
=RR_TYPE_SOA
)
28 print("CRIT (does not verify) %s" % (name
, ))
31 s
, packet
= ldns
.ldns_wire2pkt(result
.packet
)
32 rrsigs
= packet
.rr_list_by_type(RR_TYPE_RRSIG
, ldns
.LDNS_SECTION_ANSWER
).rrs()
34 delta
= parse_rrsig_expire(str(rrsig
.rrsig_expiration()))
37 print("CRIT (expires in %s) %s" % (delta
, name
))
40 print("WARN (expires in %s) %s" % (delta
, name
))
46 parser
= OptionParser()
47 parser
.add_option("-n", "--name",
48 action
="append", type="string", dest
="names",
49 help="DNS Names to check")
50 parser
.add_option("-a", "--ancor",
51 action
="store", type="string", dest
="ancor",
52 default
="/etc/unbound/root.key",
53 help="DNSSEC root ancor")
54 parser
.add_option("-w", "--warning-days",
55 action
="store", type=int, dest
="warn", default
=5,
56 help="minimum remaining validity in days before a warning is issued")
57 parser
.add_option("-c", "--critical-days",
58 action
="store", type=int, dest
="crit", default
=2,
59 help="minimum remaining validity in days before a warning is issued")
62 opts
, _args
= parser
.parse_args()
64 resolver
.add_ta_file(opts
.ancor
)
65 encoding
= sys
.getfilesystemencoding()
68 for name
in opts
.names
:
69 result
= check_dnssec_expire(resolver
, idn2dname(name
.decode(encoding
)),
70 timedelta(opts
.warn
), timedelta(opts
.crit
))
73 elif result
== 1 and final
!= 2:
75 elif result
== 3 and final
not in [1, 2]:
80 if __name__
== "__main__":