Is there any way to notify zone in specific views using dnspython?
126 views
Skip to first unread message
Boobie Liu
Jul 31, 2018, 9:07:59 AM7/31/18
to dnspython-users
Just like the subject. I couldn't find any way to make that work. Is there a way to do that. Thanks!
Anand Buddhdev
Jul 31, 2018, 9:17:01 AM7/31/18
to Boobie Liu, dnspython-users
Hello Boobie,
You can use dnspython to send a NOTIFY message about any zone to any IP
address and port, optionally signing it with a TSIG key. What the
receiving server does with the NOTIFY message is up to that server.
Dnspython doesn't know about BIND and its views. For that matter,
dnspython doesn't know anything about any DNS server (Knot, NSD,
PowerDNS, Microsoft DNS, etc, etc); it's just a DNS library.
Regards,
Anand
You can use dnspython to send a NOTIFY message about any zone to any IP
address and port, optionally signing it with a TSIG key. What the
receiving server does with the NOTIFY message is up to that server.
Dnspython doesn't know about BIND and its views. For that matter,
dnspython doesn't know anything about any DNS server (Knot, NSD,
PowerDNS, Microsoft DNS, etc, etc); it's just a DNS library.
Regards,
Anand
Boobie Liu
Aug 1, 2018, 1:41:59 AM8/1/18
to dnspython-users
Hi Anandb,
Regards,
Thank you for your answer.
I've tried,but it didn't worked as except.Am I wrong?
import dns.message
import dns.rdatatype
import dns.opcode
import dns.flags
import dns.query
import dns.tsigkeyring
keyring = dns.tsigkeyring.from_text({"boboieliutest":"****"})
resolver = dns.resolver.Resolver()
resolver.nameservers = [socket.gethostbyname(dns_server)]
notify = dns.message.make_query('boobieliu.com', dns.rdatatype.SOA)
notify.keryring=keyring
notify.set_opcode(dns.opcode.NOTIFY)
notify.flags -= dns.flags.RD
#
response = dns.query.udp(notify, '192.168.52.131', timeout=5)
Boobie
Anand Buddhdev
Aug 8, 2018, 10:27:07 AM8/8/18
to dnspython-users
On 01/08/2018 07:41, Boobie Liu wrote:
Hi Boobie,
> Thank you for your answer.
>
> I've tried,but it didn't worked as except.Am I wrong?
See below, for errors:
> import dns.message
> import dns.rdatatype
> import dns.opcode
> import dns.flags
> import dns.query
> import dns.tsigkeyring
>
>
> keyring = dns.tsigkeyring.from_text({"boboieliutest":"****"})
>
> resolver = dns.resolver.Resolver()
> resolver.nameservers = [socket.gethostbyname(dns_server)]
>
> notify = dns.message.make_query('boobieliu.com', dns.rdatatype.SOA)
> notify.keryring=keyring
You have a typo here - keryring. It should be keyring.
Next, even though you have associated a keyring with the notify message,
you haven't told it which key to use. You additionally need:
notify.keyname=dns.name.from_text('boboieliutest')
However, instead of setting the keyring and keyname variables
individually, you can do:
notify.use_tsig(keying, keyname='boboieliutest')
Also note that if you don't specify the TSIG algorithm it will default
to HMAC_MD5. So you need to do:
notify.use_tsig(keying, keyname='boboieliutest',
algorithm=dns.tsig.HMAC_SHA256)
to use a different TSIG algorithm.
This last part is a bit strange, because in my opinion, the algorithm
should be stored in the keyring, but the dns.tsigkeyring class doesn't
seem to understand algorithms. It just associates a key name with the
key material.
Regards,
Anand
Hi Boobie,
> Thank you for your answer.
>
> I've tried,but it didn't worked as except.Am I wrong?
> import dns.message
> import dns.rdatatype
> import dns.opcode
> import dns.flags
> import dns.query
> import dns.tsigkeyring
>
>
> keyring = dns.tsigkeyring.from_text({"boboieliutest":"****"})
>
> resolver = dns.resolver.Resolver()
> resolver.nameservers = [socket.gethostbyname(dns_server)]
>
> notify = dns.message.make_query('boobieliu.com', dns.rdatatype.SOA)
> notify.keryring=keyring
Next, even though you have associated a keyring with the notify message,
you haven't told it which key to use. You additionally need:
notify.keyname=dns.name.from_text('boboieliutest')
However, instead of setting the keyring and keyname variables
individually, you can do:
notify.use_tsig(keying, keyname='boboieliutest')
Also note that if you don't specify the TSIG algorithm it will default
to HMAC_MD5. So you need to do:
notify.use_tsig(keying, keyname='boboieliutest',
algorithm=dns.tsig.HMAC_SHA256)
to use a different TSIG algorithm.
This last part is a bit strange, because in my opinion, the algorithm
should be stored in the keyring, but the dns.tsigkeyring class doesn't
seem to understand algorithms. It just associates a key name with the
key material.
Regards,
Anand
Reply all
Reply to author
Forward
0 new messages