dnssec

问题 I am trying to create private and public keys for DNSSEC algorithm 13: #include <stdio.h> #include <stdlib.h> #include <openssl/ec.h> #include <openssl/obj_mac.h> #include <openssl/bn.h> int main() { EC_KEY *eckey = NULL; const EC_POINT *pub_key = NULL; const EC_GROUP *group = NULL; const BIGNUM *res; BN_CTX *ctx; ctx = BN_CTX_new(); eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_generate_key(eckey); res = EC_KEY_get0_private_key(eckey); printf("Private: %s\n", BN_bn2hex(res))

问题 As the title says I want to programmatically check if a DNS response for a domain are protected with DNSSEC. How could I do this? It would be great, if there is a pythonic solution for this. UPDATE: changed request to response, sorry for the confusion 回答1: Using a DNS resolver (e.g. dnspython ), you can query the domain for its DNSKEY RRset and turn on the DO (dnssec OK) query flag. If the query succeeds, the answer will have the AD (authenticated data) flag set and will contain the RRSIG