Questions about TSIG requests and other

[Antonio Huete]

Hi,

I have a couple questions, if anybody could give me a hint I would appreciate it :-)

1. If acting as a server, when you receive a request with a TSIG key, you must specify a keyring or else the 'dns.message.UnknownTSIGKey' exception will be raised and anything defined within a 'try...except' will become undefined. That means you cannot make a response with make_response() because you have no request to base it upon.

2. How can you extract the zone information from a request with find_rrset() if you don't know the name you have to pass for the tuple?

Thanks!

Antonio Huete

[Bob Halley]

Re. 1:  Dnspython ought to put the message into the TSIG exceptions, but it doesn't.  We'll fix that.  In the meantime, you can work around the issue by doing what handle_wire() in tests/nanonameserver.py does (see dnspython source).  Namely, when you get an exception processing a message and want to be able to respond, you can try reparsing in "question-only" mode.  This would get you enough to be able to generate a TSIG error, though it wouldn't be quite right, as in the case where you know the key but the signature is bad, you're supposed to sign the response, and you wouldn't be able to do that, not knowing what the key was.

(Nanonameserver is a good starting point for how to do a server using dnspython, but it's mostly for testing purposes and so is not complete.)

Re. 2:  I'm not sure what you're asking here, in particular what you mean by "zone information".  Generally a server would look at the question section directly and not use find_rrset().  E.g. if you have done request = dns.message.from_wire(...) and the question section is not empty, then

request.question[0] will be your question RRset.

If that's not what you are asking, can you give a more detailed example?

/Bob

[Antonio Huete]

Hi,

1. Thanks, I did that and now it works.

2. What I need to do is identify update requests and get the records that need updating. What I am doing right now, which I know it's most likely wrong, is looping query.index.items and checking for dns.update.UpdateSection.UPDATE, then extracting the information from there.

Regards,

Antonio Huete

--
You received this message because you are subscribed to a topic in the Google Groups "dnspython-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dnspython-dev/iO_XQYpDEsA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dnspython-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dnspython-dev/49eec4be-e751-461a-8272-289043192658n%40googlegroups.com.

--

Antonio Huete
www.evicertia.com | ahu...@evicertia.com
Lagasca 95 - 28006 Madrid
Tel: +34 914237080

[Bob Halley]

To process each update, do

for rrset in your_update_message.update:

   do_something(rrset)

You definitely don't want to use the index as order matters, and also the indexing scheme doesn't work for updates (you could miss updates).

dnspython automatically parses updates in "one_rr_per_rrset" mode, so each rrset you get in that loop will have (at most) one rdata.  (This ensures you process things in the right order if there are complicated mixtures of adds and deletes in one message.)