From a2dbfc0d99da28044f80e3e9b9a2b048f2a6a968 Mon Sep 17 00:00:00 2001 From: Sasha Romijn Date: Wed, 4 Dec 2024 20:38:29 +0000 Subject: [PATCH] f --- checks/resolver.py | 4 +--- checks/tasks/mail.py | 2 +- checks/tasks/routing.py | 4 ++-- checks/tasks/shared.py | 8 +++++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/checks/resolver.py b/checks/resolver.py index 65d072379..fbb31bf09 100644 --- a/checks/resolver.py +++ b/checks/resolver.py @@ -40,7 +40,7 @@ def resolve_aaaa(label: str, allow_bogus=True) -> Tuple[List[str], DNSSECStatus] return [rr.address for rr in rrset], dnssec_status -def resolve_mx(label: str, allow_bogus=True) -> Tuple[List[Tuple[str, int]], DNSSECStatus]: +def dns_resolve_mx(label: str, allow_bogus=True) -> Tuple[List[Tuple[str, int]], DNSSECStatus]: rrset, dnssec_status = resolve(label, RdataType.MX, allow_bogus) return [(str(rr.exchange), rr.preference) for rr in rrset], dnssec_status @@ -58,8 +58,6 @@ def dns_resolve_ns(label: str, allow_bogus=True) -> Tuple[List[str], DNSSECStatu # TODO: try to use TLSA return type def resolve_tlsa(label: str, allow_bogus=True) -> Tuple[List[Any], DNSSECStatus]: rrset, dnssec_status = resolve(label, RdataType.TLSA, allow_bogus) - for rr in rrset: - rr.cert_str = dns.rdata._hexify(rr.cert, chunksize=128) return rrset, dnssec_status diff --git a/checks/tasks/mail.py b/checks/tasks/mail.py index 68d03a0cb..b314adfa2 100644 --- a/checks/tasks/mail.py +++ b/checks/tasks/mail.py @@ -583,7 +583,7 @@ def dmarc_verify_external_destinations(domain, parsed, public_suffix_list): ext_qname = f"{domain}._report._dmarc.{host}" is_dmarc = False try: - txt_records = resolve_txt(ext_qname) + txt_records, _ = resolve_txt(ext_qname) for txt in txt_records: ru_parsed = dmarc_parse(txt[0]) if ru_parsed: diff --git a/checks/tasks/routing.py b/checks/tasks/routing.py index 8b2f5a5ff..5e55ac913 100644 --- a/checks/tasks/routing.py +++ b/checks/tasks/routing.py @@ -168,8 +168,8 @@ def asn_prefix_pairs_for_ip(ip_in: Ip) -> List[AsnPrefix]: asn_prefix_pairs = [] for txt in result: try: - asns = txt[0].split("|")[0].strip().split(" ") - prefix = txt[0].split("|")[1].strip() + asns = txt.split("|")[0].strip().split(" ") + prefix = txt.split("|")[1].strip() # Check that we didn't get any gibberish back. ipaddress.ip_network(prefix) diff --git a/checks/tasks/shared.py b/checks/tasks/shared.py index f52e94f9e..57b8cdea0 100644 --- a/checks/tasks/shared.py +++ b/checks/tasks/shared.py @@ -1,5 +1,6 @@ # Copyright: 2022, ECP, NLnet Labs and the Internet.nl contributors # SPDX-License-Identifier: Apache-2.0 +import binascii import re import socket from collections import defaultdict @@ -11,7 +12,8 @@ from dns.resolver import NXDOMAIN, NoAnswer from checks.models import MxStatus -from checks.resolver import resolve_spf, resolve_a, resolve_aaaa, DNSSECStatus, resolve_tlsa, dns_resolve_ns +from checks.resolver import resolve_spf, resolve_a, resolve_aaaa, DNSSECStatus, resolve_tlsa, dns_resolve_ns, \ + dns_resolve_mx from checks.tasks.spf_parser import parse as spf_parse from checks.scoring import ORDERED_STATUSES, STATUS_MAX from checks.tasks import SetupUnboundContext @@ -113,7 +115,7 @@ def do_mail_get_servers(self, url, *args, **kwargs): """ mailservers = [] - mxlist, _ = resolve_mx(url) + mxlist, _ = dns_resolve_mx(url) for rdata, prio in mxlist: is_null_mx = prio == 0 and rdata == "" @@ -228,7 +230,7 @@ def resolve_dane(port, dname, check_nxdomain=False): data, dnssec_status = resolve_a(qname) else: rrset, dnssec_status = resolve_tlsa(qname) - data = [(rr.usage, rr.selector, rr.mtype, rr.cert_str) for rr in rrset] + data = [(rr.usage, rr.selector, rr.mtype, binascii.hexlify(rr.cert).decode('ascii')) for rr in rrset] except NXDOMAIN: return {"nxdomain": True} except NoAnswer: