With #dnspython 2.4.0+, @DNSresolver can be configured to use a DoH resolver without changes in the current code.
DoQ and DoT requires minimal changes
đ€
De l'intĂ©rĂȘt de RTFM : il y a une fonction dans le module resolver de #dnspython pour rĂ©cupĂ©rer le A et AAAA d'un nom d'un coup. Ce qui ne diminue bien sĂ»r pas le nombre de requĂȘtes Ă faire mais allĂšge le code quand on cherche les deux
Je m'ennuie au taf, donc je regarde comment faire de la validation #DNSSEC avec #dnspython. Et peut-ĂȘtre implĂ©menter la chose dans mon check_soa đ€
Just added EDNS(0) Padding when using #DNS over #TLS in my check_soa scripts đ„°
(Thanks once again to the great #dnspython toolkit â€)
So in my check_soa_multi script (multi-process check_soa using multiprocessing.Pool) is broken when using #dnspython 2.4.0+, if I set payload to whatever value but 0, it crashes the starmap func I use in the Pool đ€ #Python
Knowing that payload is either an int or None (None doesn't work)
Thanks to #dnspython, I have a tool to easily âdeduplicateâ my adblock list. I remove any domain for which the parent zone is present in the list (eg. if there is ads.example.com and tracker.ads.example.com, the latter will be removed. I use my adblock list such as if a domain is blocked, the whole subtree is blocked)
The list is divided by 2: from 186950 to 98610 domain.
The deduplication is quite CPU extensive though
RFC 4034, Appendix B:
âThe key tag is the same for all DNSKEY algorithm types except algorithm 1 [...]. The key tag algorithm is the sum of the wire format of the DNSKEY RDATA broken into 2 octet groups. First, the RDATA (in wire format) is treated as a series of 2 octet groups. These groups are then added together, ignoring any carry bits.â
Ok #DNSSEC, you win. I will rely on #dnspython function to find a key tag and will not try to implement that myself ^^'
Trying to test #dnspython 2.3.0 #DNSSEC signing function
Private keys need to be a cryptography.hazmat.primitives.asymmetric private key class
Have not find a way, if any, to import in that format my ldns-genereated private key
Cryptography doc states:
"ï»żThis is a âHazardous Materialsâ module. You should ONLY use it if youâre 100% absolutely sure that you know what youâre doing because this module is full of land mines, dragons, and dinosaurs with laser guns."
Don't want to mess with that!