With #dnspython 2.4.0+, @DNSresolver can be configured to use a DoH resolver without changes in the current code.

DoQ and DoT requires minimal changes

🤔

De l'intérêt de RTFM : il y a une fonction dans le module resolver de #dnspython pour récupérer le A et AAAA d'un nom d'un coup. Ce qui ne diminue bien sûr pas le nombre de requêtes à faire mais allège le code quand on cherche les deux

Je m'ennuie au taf, donc je regarde comment faire de la validation #DNSSEC avec #dnspython. Et peut-être implémenter la chose dans mon check_soa 🤔

Just added EDNS(0) Padding when using #DNS over #TLS in my check_soa scripts 🥰

(Thanks once again to the great #dnspython toolkit ❤)

https://framagit.org/Shaft/dns-tools

So in my check_soa_multi script (multi-process check_soa using multiprocessing.Pool) is broken when using #dnspython 2.4.0+, if I set payload to whatever value but 0, it crashes the starmap func I use in the Pool 🤔 #Python

Knowing that payload is either an int or None (None doesn't work)

https://framagit.org/Shaft/dns-tools/-/issues/1

Thanks to #dnspython, I have a tool to easily “deduplicate” my adblock list. I remove any domain for which the parent zone is present in the list (eg. if there is ads.example.com and tracker.ads.example.com, the latter will be removed. I use my adblock list such as if a domain is blocked, the whole subtree is blocked)

The list is divided by 2: from 186950 to 98610 domain.

The deduplication is quite CPU extensive though

RFC 4034, Appendix B:

“The key tag is the same for all DNSKEY algorithm types except algorithm 1 [...]. The key tag algorithm is the sum of the wire format of the DNSKEY RDATA broken into 2 octet groups. First, the RDATA (in wire format) is treated as a series of 2 octet groups. These groups are then added together, ignoring any carry bits.”

Ok #DNSSEC, you win. I will rely on #dnspython function to find a key tag and will not try to implement that myself ^^'

Trying to test #dnspython 2.3.0 #DNSSEC signing function

Private keys need to be a cryptography.hazmat.primitives.asymmetric private key class

Have not find a way, if any, to import in that format my ldns-genereated private key

Cryptography doc states:

"This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns."

Don't want to mess with that!

Et... #dnspython 2.3.0 arrive aussi dans Debian Testing \o/