John Shaft · @shaft
1454 followers · 6122 posts · Server piaille.fr

With 2.4.0+, @DNSresolver can be configured to use a DoH resolver without changes in the current code.

DoQ and DoT requires minimal changes

đŸ€”

#dnspython

Last updated 1 year ago

John Shaft · @shaft
1436 followers · 5904 posts · Server piaille.fr

De l'intĂ©rĂȘt de RTFM : il y a une fonction dans le module resolver de pour rĂ©cupĂ©rer le A et AAAA d'un nom d'un coup. Ce qui ne diminue bien sĂ»r pas le nombre de requĂȘtes Ă  faire mais allĂšge le code quand on cherche les deux

#dnspython

Last updated 1 year ago

John Shaft · @shaft
1434 followers · 5871 posts · Server piaille.fr

Je m'ennuie au taf, donc je regarde comment faire de la validation avec . Et peut-ĂȘtre implĂ©menter la chose dans mon check_soa đŸ€”

#dnssec #dnspython

Last updated 1 year ago

John Shaft · @shaft
1434 followers · 5869 posts · Server piaille.fr

Just added EDNS(0) Padding when using over in my check_soa scripts đŸ„°

(Thanks once again to the great toolkit ❀)

framagit.org/Shaft/dns-tools

#dns #tls #dnspython

Last updated 1 year ago

John Shaft · @shaft
1429 followers · 5758 posts · Server piaille.fr

So in my check_soa_multi script (multi-process check_soa using multiprocessing.Pool) is broken when using 2.4.0+, if I set payload to whatever value but 0, it crashes the starmap func I use in the Pool đŸ€”

Knowing that payload is either an int or None (None doesn't work)

framagit.org/Shaft/dns-tools/-

#dnspython #python

Last updated 1 year ago

John Shaft · @shaft
1324 followers · 4054 posts · Server piaille.fr

Thanks to , I have a tool to easily “deduplicate” my adblock list. I remove any domain for which the parent zone is present in the list (eg. if there is ads.example.com and tracker.ads.example.com, the latter will be removed. I use my adblock list such as if a domain is blocked, the whole subtree is blocked)

The list is divided by 2: from 186950 to 98610 domain.

The deduplication is quite CPU extensive though

#dnspython

Last updated 1 year ago

John Shaft · @shaft
1277 followers · 2419 posts · Server piaille.fr

RFC 4034, Appendix B:

“The key tag is the same for all DNSKEY algorithm types except algorithm 1 [...]. The key tag algorithm is the sum of the wire format of the DNSKEY RDATA broken into 2 octet groups. First, the RDATA (in wire format) is treated as a series of 2 octet groups. These groups are then added together, ignoring any carry bits.”

Ok , you win. I will rely on function to find a key tag and will not try to implement that myself ^^'

#dnssec #dnspython

Last updated 2 years ago

John Shaft · @shaft
1275 followers · 2391 posts · Server piaille.fr

Trying to test 2.3.0 signing function

Private keys need to be a cryptography.hazmat.primitives.asymmetric private key class

Have not find a way, if any, to import in that format my ldns-genereated private key

Cryptography doc states:

"ï»żThis is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns."

Don't want to mess with that!

#dnspython #dnssec

Last updated 2 years ago

John Shaft · @shaft
1253 followers · 1836 posts · Server piaille.fr

Et... 2.3.0 arrive aussi dans Debian Testing \o/

#dnspython

Last updated 2 years ago