f

internetstandards · Dec 4, 2024 · a2dbfc0 · a2dbfc0
1 parent 8962011
commit a2dbfc0
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 9 deletions.
diff --git a/checks/resolver.py b/checks/resolver.py
@@ -40,7 +40,7 @@ def resolve_aaaa(label: str, allow_bogus=True) -> Tuple[List[str], DNSSECStatus]
     return [rr.address for rr in rrset], dnssec_status
 
 
-def resolve_mx(label: str, allow_bogus=True) -> Tuple[List[Tuple[str, int]], DNSSECStatus]:
+def dns_resolve_mx(label: str, allow_bogus=True) -> Tuple[List[Tuple[str, int]], DNSSECStatus]:
     rrset, dnssec_status = resolve(label, RdataType.MX, allow_bogus)
     return [(str(rr.exchange), rr.preference) for rr in rrset], dnssec_status
 
@@ -58,8 +58,6 @@ def dns_resolve_ns(label: str, allow_bogus=True) -> Tuple[List[str], DNSSECStatu
 # TODO: try to use TLSA return type
 def resolve_tlsa(label: str, allow_bogus=True) -> Tuple[List[Any], DNSSECStatus]:
     rrset, dnssec_status = resolve(label, RdataType.TLSA, allow_bogus)
-    for rr in rrset:
-        rr.cert_str = dns.rdata._hexify(rr.cert, chunksize=128)
     return rrset, dnssec_status
 
 

diff --git a/checks/tasks/mail.py b/checks/tasks/mail.py
@@ -583,7 +583,7 @@ def dmarc_verify_external_destinations(domain, parsed, public_suffix_list):
             ext_qname = f"{domain}._report._dmarc.{host}"
             is_dmarc = False
             try:
-                txt_records = resolve_txt(ext_qname)
+                txt_records, _ = resolve_txt(ext_qname)
                 for txt in txt_records:
                     ru_parsed = dmarc_parse(txt[0])
                     if ru_parsed:

diff --git a/checks/tasks/routing.py b/checks/tasks/routing.py
@@ -168,8 +168,8 @@ def asn_prefix_pairs_for_ip(ip_in: Ip) -> List[AsnPrefix]:
         asn_prefix_pairs = []
         for txt in result:
             try:
-                asns = txt[0].split("|")[0].strip().split(" ")
-                prefix = txt[0].split("|")[1].strip()
+                asns = txt.split("|")[0].strip().split(" ")
+                prefix = txt.split("|")[1].strip()
 
                 # Check that we didn't get any gibberish back.
                 ipaddress.ip_network(prefix)

diff --git a/checks/tasks/shared.py b/checks/tasks/shared.py
@@ -1,5 +1,6 @@
 # Copyright: 2022, ECP, NLnet Labs and the Internet.nl contributors
 # SPDX-License-Identifier: Apache-2.0
+import binascii
 import re
 import socket
 from collections import defaultdict
@@ -11,7 +12,8 @@
 from dns.resolver import NXDOMAIN, NoAnswer
 
 from checks.models import MxStatus
-from checks.resolver import resolve_spf, resolve_a, resolve_aaaa, DNSSECStatus, resolve_tlsa, dns_resolve_ns
+from checks.resolver import resolve_spf, resolve_a, resolve_aaaa, DNSSECStatus, resolve_tlsa, dns_resolve_ns, \
+    dns_resolve_mx
 from checks.tasks.spf_parser import parse as spf_parse
 from checks.scoring import ORDERED_STATUSES, STATUS_MAX
 from checks.tasks import SetupUnboundContext
@@ -113,7 +115,7 @@ def do_mail_get_servers(self, url, *args, **kwargs):
 
     """
     mailservers = []
-    mxlist, _ = resolve_mx(url)
+    mxlist, _ = dns_resolve_mx(url)
 
     for rdata, prio in mxlist:
         is_null_mx = prio == 0 and rdata == ""
@@ -228,7 +230,7 @@ def resolve_dane(port, dname, check_nxdomain=False):
             data, dnssec_status = resolve_a(qname)
         else:
             rrset, dnssec_status = resolve_tlsa(qname)
-            data = [(rr.usage, rr.selector, rr.mtype, rr.cert_str) for rr in rrset]
+            data = [(rr.usage, rr.selector, rr.mtype, binascii.hexlify(rr.cert).decode('ascii')) for rr in rrset]
     except NXDOMAIN:
         return {"nxdomain": True}
     except NoAnswer: