我正在编写一个脚本来使用 dnspython 验证 rrsigs,但我的代码有问题。以下是一个片段及其随附的错误消息:
domain = 'iana.org'
server = '8.8.8.8'
qname = dns.name.from_text(domain)
# get DNSKEYs
DNSKEY_query = dns.message.make_query(qname, dns.rdatatype.DNSKEY, want_dnssec=True)
(DNSKEY_response, _) = dns.query.udp_with_fallback(DNSKEY_query, server)
dnskey_set, dnskey_sig = DNSKEY_response.answer
# get RRset and RRsig to verify
query = dns.message.make_query(qname, dns.rdatatype.NS, want_dnssec=True)
(response, _) = dns.query.udp_with_fallback(query, server)
rrset, rrsig = response.answer
dns.dnssec.validate(rrset, rrsig, {dns.name.empty: dnskey_set}, None)
错误信息。
Traceback (most recent call last):
File "dnssec_validator.py", line 107, in <module>
dns.dnssec.validate(rrset, rrsig, {dns.name.empty: dnskey_set}, None)
File "/home/user/PycharmProjects/RPKIDNSSEC/venv/lib/python3.6/site-packages/dns/dnssec.py", line 494, in _validate
raise ValidationFailure("no RRSIGs validated")
dns.dnssec.ValidationFailure: no RRSIGs validated