Irreggularity in response.Authority

[Aniketh Gireesh]

Hi,

I have been playing around with dnspython for some time now and feels like I stumbled across a weird behaviour. I have added dnspython-dev in the list as I wasn't sure if that is a bug or if that is the way API was supposed to work. 

I was trying to iterate through the response.authority from the response of dns.query.udp() resolving against specific nameservers. For some specific queries, there are actually 3 Authoritative servers available according to dig, but then dnspython API only shows it has 1 (with the len(response.authority)) but lists out all the three servers when we iterate through the object. But I guess as a single string - I suppose that is why it meant it had only 1 authority server to query and returned length = 1. But when I try to get just the first element (response.authority[0]), it just lists all the additional servers and gives me a count of 3. Is that the way the API was intended to be designed or is it a bug? It wasn't mentioned in any of the documentation either I guess.

Cheers

--

Aniketh Girish 
Member at FOSS@Amrita
Amrita University

Github | GitLab | Blog | Website

"For the Love of Code."

[Bob Halley]

The response.authority section is a list of RRsets constructed from the RRs that were in the authority section of the DNS message.  So you saw one RRset, and that RRset had 3 Rdatas in it.  This is as intended.  See RFC 2181 for the definition of RRset.  I agree the dnspython documentation in this area could be better!

Let's look at an example that's a reply from one of dnspython.org's nameservers, first with "dig":

; <<>> DiG 9.10.6 <<>> @ns-1253.awsdns-28.org. dnspython.org soa

; (2 servers found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64458

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;dnspython.org. IN SOA

;; ANSWER SECTION:

dnspython.org. 900 IN SOA ns-1253.awsdns-28.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; AUTHORITY SECTION:

dnspython.org. 3600 IN NS ns-1253.awsdns-28.org.

dnspython.org. 3600 IN NS ns-2020.awsdns-60.co.uk.

dnspython.org. 3600 IN NS ns-343.awsdns-42.com.

dnspython.org. 3600 IN NS ns-518.awsdns-00.net.

The authority section has 4 NS RRs associated with the owner name dnspython.org.  Dnspython's message code constructs RRsets out of individual RRs as RRsets are the unit that is cached.  Now lets look at this with dnspython:

>>> import dns.query

>>> import dns.message

>>> q = dns.message.make_query('dnspython.org', 'soa')

>>> r = dns.query.udp(q, '205.251.196.229')

>>> len(r.authority)   # there is one RRset in the authority section

1

>>> r.authority[0]    # you can see it's an RRset here

<DNS dnspython.org. IN NS RRset>

>>> len(r.authority[0])   # that RRset has 4 Rdatas

4

>>> r.authority[0][0]    # Here's the first one, so you can see it's an NS rdata object

<DNS IN NS rdata: ns-1253.awsdns-28.org.>

>>> for rd in r.authority[0]:      # We can print all of them

...   print(rd)

... 

ns-1253.awsdns-28.org.

ns-2020.awsdns-60.co.uk.

ns-343.awsdns-42.com.

ns-518.awsdns-00.net.