Unbound resolving and validation context.
The validation context is created to hold the resolver status, validation keys and a small cache (containing messages, rrsets, roundtrip times, trusted keys, lameness information).
Usage
>>> import unbound
>>> ctx = unbound.ub_ctx()
>>> ctx.resolvconf("/etc/resolv.conf")
>>> status, result = ctx.resolve("www.google.com", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
>>> if status==0 and result.havedata:
>>> print "Result:",result.data.address_list
Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
Creates a resolving and validation context.
An exception is invoked if the process of creation an ub_ctx instance fails.
Add a trust anchor to the given context.
The trust anchor is a string, on one line, that holds a valid DNSKEY or DS RR.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Add trust anchors to the given context.
Pass name of a file with DS and DNSKEY records (like from dig or drill).
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Cancel an async query in progress.
Its callback will not be called.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
setup configuration for the given context.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Add new local RR data
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
The local data ...
>>> ctx = unbound.ub_ctx()
>>> ctx.zone_add("mydomain.net.","static")
0
>>> status = ctx.data_add("test.mydomain.net. IN A 192.168.1.1")
0
>>> status, result = ctx.resolve("test.mydomain.net")
>>> if status==0 and result.havedata:
>>> print "Result:",result.data.address_list
Result: ['192.168.1.1']
Remove local RR data
If exists, remove resource record from local zone
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Set debug verbosity for the context Output is directed to stderr.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Set debug output (and error output) to the specified stream.
Pass None to disable. Default is stderr.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Usage:
In order to log into file, use
ctx = unbound.ub_ctx() fw = fopen("debug.log") ctx.debuglevel(3) ctx.debugout(fw)Another option is to print the debug informations to stderr output
ctx = unbound.ub_ctx() ctx.debuglevel(10) ctx.debugout(sys.stderr)
Get file descriptor.
Wait for it to become readable, at this point answers are returned from the asynchronous validating resolver. Then call the ub_process to continue processing. This routine works immediately after context creation, the fd does not change.
Returns: | (int) -1 on error, or file descriptor to use select(2) with. |
---|
Read list of hosts from the filename given.
Usually “/etc/hosts”. These addresses are not flagged as DNSSEC secure when queried for.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Poll a context to see if it has any new results Do not poll in a loop, instead extract the fd below to poll for readiness, and then check, or wait using the wait routine.
Returns: | (int) 0 if nothing to read, or nonzero if a result is available. If nonzero, call ctx_process() to do callbacks. |
---|
Print the local zones and their content (RR data) to the debug output.
Returns: | (int) 0 if OK, else error. |
---|
Call this routine to continue processing results from the validating resolver (when the fd becomes readable).
Will perform necessary callbacks.
Returns: | (int) 0 if OK, else error. |
---|
Read list of nameservers to use from the filename given.
Usually “/etc/resolv.conf”. Uses those nameservers as caching proxies. If they do not support DNSSEC, validation may fail.
Only nameservers are picked up, the searchdomain, ndots and other settings from resolv.conf(5) are ignored.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Perform resolution and validation of the target name.
Parameters: |
|
---|---|
Returns: |
|
Perform resolution and validation of the target name.
Asynchronous, after a while, the callback will be called with your data and the result. If an error happens during processing, your callback will be called with error set to a nonzero value (and result==None).
Parameters: |
|
---|---|
Returns: |
|
The call-back function looks as the follows:
def call_back(mydata, status, result):
pass
Set a context behaviour for asynchronous action.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Set machine to forward DNS queries to, the caching resolver to use.
IP4 or IP6 address. Forwards all DNS requests to that machine, which is expected to run a recursive resolver. If the is not DNSSEC-capable, validation may fail. Can be called several times, in that case the addresses are used as backup servers.
To read the list of nameservers from /etc/resolv.conf (from DHCP or so), use the call resolvconf().
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Set an option for the context.
Changes to the options after resolve(), resolve_async(), zone_add(), zone_remove(), data_add() or data_remove() have no effect (you have to delete and re-create the context).
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Add trust anchors to the given context.
Pass the name of a bind-style config file with trusted-keys{}.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Wait for a context to finish with results.
Calls after the wait for you. After the wait, there are no more outstanding asynchronous queries.
Returns: | (int) 0 if OK, else error. |
---|
Add new local zone
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
Remove local zone
If exists, removes local zone with all the RRs.
Parameters: |
|
---|---|
Returns: | (int) 0 if OK, else error. |
The validation and resolution results.
True, if the result is validated securely. False, if validation failed or domain queried has no security info.
It is possible to get a result with no data (havedata is false), and secure is true. This means that the non-existance of the data was cryptographically proven (with signatures).
If the result was not secure (secure==0), and this result is due to a security failure, bogus is true. This means the data has been actively tampered with, signatures failed, expected signatures were not present, timestamps on signatures were out of date and so on.
If secure==0 and bogus==0, this can happen if the data is not secure because security is disabled for that domain name. This means the data is from a domain where data is not signed.
DNS RCODE for the result. May contain additional error code if there was no data due to an error. 0 (RCODE_NOERROR) if okay. See predefined RCODE_ constants.
RCODE can be represented in display representation form (string) using rcode_str attribute.
Returns rcode in display representation form
Returns: | string |
---|
Class which makes the resolution results accessible
Represents data as a list of IP addresses (query for RR_TYPE_PTR)
Returns: | list of strings |
---|
Represents data as a list of domain names (query for RR_TYPE_A)
Returns: | list of strings |
---|
Represents data as a list of unicode domain names (query for RR_TYPE_A)
Returns: | list of strings |
---|
Represents data as a list of MX records (query for RR_TYPE_MX)
Returns: | list of tuples (priority, unicode dname) |
---|
Represents data as a list of MX records (query for RR_TYPE_MX)
Returns: | list of tuples (priority, dname) |
---|
Parses DNAME and produces a list of labels
Parameters: |
|
---|---|
Returns: | list of labels (string) |
Reverse domain name
Usable for reverse lookups when the IP address should be reversed
Converts domain name in IDN format to canonic domain name
Parameters: |
|
---|---|
Returns: | (string) domain name |
Converts canonic domain name in IDN format to unicode string
Parameters: |
|
---|---|
Returns: | (unicode string) domain name |