DIG DS work in local but not on my server

27 views
Skip to first unread message

Hugo Dos Santos

unread,
Aug 10, 2023, 12:20:01 PM8/10/23
to dnspython-users
Hey, 

I’m trying to retrieve the domain DS entry for DNSSEC.

It works locally but as soon as I switch to the server, I have this error (see attachment). 

Do you know why it's not working ? 

I have the same packages and the same virtual environment...

Thx ! 




error.jpg

Bob Halley

unread,
Aug 10, 2023, 3:41:27 PM8/10/23
to dnspython-users
From the 127.0.0.53 in the error, I conclude this means you are likely using systemd-resolved on this system.  My first suggestion would be to uninstall it, but if that doesn't work for you, it appears that systemd-resolved is willing to answer the question if you set some flags, e.g. if I did this it worked:

import dns.flags
import dns.resolver

res = dns.resolver.Resolver()

# This will SERVFAIL with systemd-resolved
#a = res.resolve("com", "ds")
#print(a.response)

# This is hackish but works.
res.set_flags(dns.flags.CD|dns.flags.RD)
res.use_edns(0, dns.flags.EDNSFlag.DO)
a = res.resolve("com", "ds")
print(a.response)

Anand Buddhdev

unread,
Aug 10, 2023, 3:49:52 PM8/10/23
to Hugo Dos Santos, dnspython-users
On 10/08/2023 18:20, Hugo Dos Santos wrote:

Hi Hugo,

> I’m trying to retrieve the domain DS entry for DNSSEC.
>
> It works locally but as soon as I switch to the server, I have this error
> (see attachment).
>
> Do you know why it's not working ?

No, we don't know why it's not working, because we don't have magic
crystal balls, and we cannot read your mind, nor see your code from afar.

Regards,
Anand

Hugo Dos Santos

unread,
Aug 11, 2023, 2:05:44 AM8/11/23
to dnspython-users
I'll try in the end of the day ! Thx !

Hugo Dos Santos

unread,
Aug 11, 2023, 2:09:35 AM8/11/23
to dnspython-users
Hello, 

Yes i should post my code sorry ... 

I use Django for use my function. 

In my views.py file, i have : 

import dns.resolver
from django.shortcuts import render
from api.main import dns_lookup, dateRestoration, dns_whois

def onglet_dnssec(request):
    domain_name = request.POST.get("domain")
    try:
        ds = dns_lookup(domain_name, "DS")
        return render(request, 'toolbox/dnssec.html', {'ds': ds, 'domain' : domain_name})
    except TypeError:
        return render(request, 'toolbox/dnssec.html')
    except (dns.resolver.NXDOMAIN):
        return render(request,'toolbox/dnssec.html', { 'domain_ko' : " n'existe pas ! ", "domain": domain_name})
    except (dns.resolver.NoNameservers):
        return render(request,'toolbox/dnssec.html', { 'domain_ko' : " n'a pas de DS record ! ", "domain": domain_name})

My function "dns_lookup()" in my try come from a file main.py : 

import dns.resolver

def dns_lookup(domain_name: str,  resource_type: str):
    try:
        n = dns.name.from_text(domain_name)
        answers = dns.resolver.resolve(n, resource_type)
        return [rdata.to_text() for rdata in answers]

    except (ValueError, TypeError, dns.resolver.NoAnswer, dns.resolver.LifetimeTimeout):
        return None

It may be clearer like that! :p  

Hugo Dos Santos

unread,
Aug 11, 2023, 9:37:42 AM8/11/23
to dnspython-users
I tried with your code but it didn't work.

I had the error : 

Internal Server Error: /toolbox/dnssec.html
Traceback (most recent call last):
File "/root/toolbox/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
^^^^^^^^^^^^^^^^^^^^^
File "/root/toolbox/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/toolbox/src/toolbox/views.py", line 80, in onglet_dnssec
ds = res.resolve(domain_name, "DS")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/toolbox/venv/lib/python3.11/site-packages/dns/resolver.py", line 1318, in resolve
(nameserver, tcp, backoff) = resolution.next_nameserver()

I detected strange behavior.

If I replace "DS" with "A" in my function.(ds = dns_lookup(domain_name, "A")) Then the latter works and return the IP address.

I don't understand why the DS is not working on the server :(

Le jeudi 10 août 2023 à 21:41:27 UTC+2, dnsp...@gmail.com a écrit :

Anand Buddhdev

unread,
Aug 11, 2023, 10:34:36 AM8/11/23
to dnspython-users
On 11/08/2023 15:37, Hugo Dos Santos wrote:

Hi Hugo,

> I detected strange behavior.
>
> If I replace "DS" with "A" in my function.(ds = dns_lookup(domain_name,
> "A")) Then the latter works and return the IP address.
>
> I don't understand why the DS is not working on the server :(

Did you read Bob's reply properly? He has already explained that
systemd-resolvd requires certain flags to be set before it will resolve
DS records for you. Did you adjust your code to match Bob's suggestion?

Anand

Hugo Dos Santos

unread,
Aug 11, 2023, 11:03:42 AM8/11/23
to dnspython-users
Hey, 

I tried but i don't know if i'm doing good. 

I put Bob code in my file like this :

def onglet_dnssec(request):
domain_name = request.GET.get("domain")
print(domain_name)
print(type(domain_name))
res = dns.resolver.Resolver()
res.set_flags(dns.flags.CD | dns.flags.RD)
res.use_edns(0, dns.flags.EDNSFlag.DO)
a = res.resolve(domain_name, "ds")
print(a.response)

the print(domain_name) return a good str but i have the error in attachment.

Maybe it's a settings on my django who block this ? 
noname.jpg
Reply all
Reply to author
Forward
0 new messages