diff --git a/lib/contacts.py b/lib/contacts.py index 56fe49b8d..ac72ba4d2 100644 --- a/lib/contacts.py +++ b/lib/contacts.py @@ -7,34 +7,6 @@ import bitcoin from util import StoreDict, print_error from i18n import _ -# Import all of the rdtypes, as py2app and similar get confused with the dnspython -# autoloader and won't include all the rdatatypes -try: - import dns.name - import dns.query - import dns.dnssec - import dns.message - import dns.resolver - import dns.rdatatype - import dns.rdtypes.ANY.NS - import dns.rdtypes.ANY.CNAME - import dns.rdtypes.ANY.DLV - import dns.rdtypes.ANY.DNSKEY - import dns.rdtypes.ANY.DS - import dns.rdtypes.ANY.NSEC - import dns.rdtypes.ANY.NSEC3 - import dns.rdtypes.ANY.NSEC3PARAM - import dns.rdtypes.ANY.RRSIG - import dns.rdtypes.ANY.SOA - import dns.rdtypes.ANY.TXT - import dns.rdtypes.IN.A - import dns.rdtypes.IN.AAAA - from dns.exception import DNSException - OA_READY = True -except ImportError: - OA_READY = False - - class Contacts(StoreDict): def __init__(self, config): @@ -58,11 +30,7 @@ class Contacts(StoreDict): out = self.resolve_openalias(k) if out: address, name = out - try: - validated = self.validate_dnssec(k) - except: - validated = False - traceback.print_exc(file=sys.stderr) + validated = False return { 'address': address, 'name': name, @@ -122,51 +90,3 @@ class Contacts(StoreDict): except AttributeError: return None - def validate_dnssec(self, url): - print_error('Checking DNSSEC trust chain for ' + url) - default = dns.resolver.get_default_resolver() - ns = default.nameservers[0] - parts = url.split('.') - - for i in xrange(len(parts), 0, -1): - sub = '.'.join(parts[i - 1:]) - query = dns.message.make_query(sub, dns.rdatatype.NS) - response = dns.query.udp(query, ns, 3) - if response.rcode() != dns.rcode.NOERROR: - print_error("query error") - return False - - if len(response.authority) > 0: - rrset = response.authority[0] - else: - rrset = response.answer[0] - - rr = rrset[0] - if rr.rdtype == dns.rdatatype.SOA: - #Same server is authoritative, don't check again - continue - - query = dns.message.make_query(sub, - dns.rdatatype.DNSKEY, - want_dnssec=True) - response = dns.query.udp(query, ns, 3) - if response.rcode() != 0: - self.print_error("query error") - return False - # HANDLE QUERY FAILED (SERVER ERROR OR NO DNSKEY RECORD) - - # answer should contain two RRSET: DNSKEY and RRSIG(DNSKEY) - answer = response.answer - if len(answer) != 2: - print_error("answer error", answer) - return False - - # the DNSKEY should be self signed, validate it - name = dns.name.from_text(sub) - try: - dns.dnssec.validate(answer[0], answer[1], {name: answer[0]}) - except dns.dnssec.ValidationFailure: - print_error("validation error") - return False - - return True