DNSSEC validator

This example program performs DNSSEC validation of a DNS lookup.

Source code

#!/usr/bin/python
import os
from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN

ctx = ub_ctx()
ctx.resolvconf("/etc/resolv.conf")
if (os.path.isfile("keys")):
    ctx.add_ta_file("keys") #read public keys for DNSSEC verification

status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
if status == 0 and result.havedata:

    print "Result:", result.data.address_list

    if result.secure:
        print "Result is secure"
    elif result.bogus:
        print "Result is bogus"
    else:
        print "Result is insecure"

More detailed informations can be seen in libUnbound DNSSEC tutorial here.