I want to validate DNSSEC offline and store corresponding certificates locally via drill. drill man netlabs ldns/drillI then want to validate the stored certificate chain using dnspython.
However, I fail to read the stored certificates via dnspython. I have tried among others with dns.message.from_file, but the read file is only incompletely read in a way I do not understand.
An example file created looks like this:;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 19207
;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; ANSWER SECTION:
bsi.de. 4885 IN DNSKEY 256 3 8 AwEAAbk+uPUlkoZeKZ71XBfBzrnrDkfEIYFjugU2gbue+QGP3bjIBnl3YLJNXUPLW+UDlXE+1VRGy9WBTwLD9ka5cwWNy0It4fNnvpI0Y6bR8xSsW88MLf/tWbtYxt16IIohj7sdunoC0U3JWB7mFaXNG/gXLNqtaWPtRJURsV1+dcVb ;{id = 29544 (zsk), size = 1024b} bsi.de. 4885 IN DNSKEY 257 3 8 AwEAAcrBN29rSzsjyPqHEcygwTJXCJgZ+ASLK2ahyzNoNAt6RB5sK5a66tlNGRZQrZfBeZYJzwMsBGVeTiliSfvCAl40ldUy5c5QLad+VtT1AQnYK6iWAFE29h6hHzgZk4SKcQUDwkw+cW2berlcyDS/Vb5hIGkLg9ArIUUn9HhwC4KGRumswDYBj3cQ4vW8Z0/hnaHKJuTS2Ms+AaN7aAcpycfnCijhh46aYSwd893Mo5j1v1MHbjMzg1NutUggu5RRh1QYKNsl8sHSou7Gmio1mgeC5yHK1f5pc6dR1GMIxeSVcxtW8pVPpPIQCDK3+0sDWy4B27MzWZRTzd8DcoFDYAM= ;{id = 26119 (ksk), size = 2048b} bsi.de. 4885 IN RRSIG DNSKEY 8 2 14400 20210923153601 20210913153601 26119 bsi.de. f4jOKKsodoe9tnOj2rJlm/u902ByQt6QZqm7wEwhpP5xOJ7q67Na9hYtUt8XDMtGIjnqtLQts1hGLUv8ulAdAki0a/SL1lvT4sjrhjTPhT1C+ImoCR4pmW7nXrb3uJKocY8jyN4gn4QlmPgeNqt09LN2dK2RnYebR8MTWqZWumFVaMinhSjea5AUQn2nSIx0G28O7AoX0UGTOFornpB2PMFQru5kUV+q89c89JE7CmUzCGDM9yhSWfZDQvVNT1xZD6l8UCiuaYN36jI8TdwjYIsAuy17aAo0KAk5EdSDiJeCVRwS7DuEbYVbzAmdxS5JaaQnvf121yZnerKcp9Ixcg== bsi.de. 4885 IN RRSIG DNSKEY 8 2 14400 20210923153601 20210913153601 29544 bsi.de. ClbKOkbN3YYCoj+jHXyhBLhdopOIhz6bmsmbxUYx6d2EMD8SRe/znY8Tndfrffb1M0vbHt07tXEj7qMzs4hlKeYJv8Vy/+pzm6XFTYK8js5JI/r1fwMhHSh8k+kZkb4xkhrH9Q6bBvzpCVi3F8pMhy3r5GtCTtICtZR9j7IvrUM=
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 32 msec
;; EDNS: version 0; flags: do ; udp: 1232
;; SERVER: 1.1.1.1
;; WHEN: Wed Sep 15 20:48:09 2021
;; MSG SIZE rcvd: 919
and read via dns.message.from_file("./example.key") the following is imported:
id 35994
opcode QUERY
rcode NOERROR
flags
;QUESTION
;ANSWER
;AUTHORITY
;ADDITIONAL
In what way must the stored DNS response be formatted so that it is read in completely using dns.message.from_file? Or is there another way serving my purpose to read saved certificates which i overlooked in the documentation?