3 8Pe&@shddlZddlZddlZddlmZmZddlmZmZdZ GdddZ d ddZ d d Z d d Z dS)N)PopenPIPE)prefixversionzdnssec-checkdsc@sPeZdZdddddZdZdZdZdZdZdZ d Z dd d Z d d Z ddZ dS)SECRRzSHA-1zSHA-256ZGOSTzSHA-384)INNrcCs|stt|tk r$|jdj}n|j}t|dkrWt | dkrt ddSd} xv| D]n} | |krt d| j| jjd| j| jt j| jfd} n,t d| j| jjd| j| jt j| jfqW| s"t d|rdnd| S)Nz+noallz+answerz-tr,Zdsz-qr)stdoutr cSs|j|j|jfS)N)r'r(r))rrr-r-r.mszcheck..)keyz-fz-lZdnskey-)stdinr7rz$No DNSKEY records found in zone apexFz,%s for KSK %s/%03d/%05d (%s) found in parentTz0%s for KSK %s/%03d/%05d (%s) missing from parentz'No %s records were found for any DNSKEYrr)digrrZ communicate splitlinesrrrappendrsorted dsfromkeyrprintrr!rr(r'r6r)) zoneargs masterfile lookasideZrrlistcmdfp_lineZklistZintodsfoundr8r-r-r.checkcsV           rLcCstjtdd}d}tjdkr"dnd}|jdtdd|jd d d td d |jdddtdd |jdddtjjt |dtdd|jdddtjjt |dtdd|jdddt d|j }|j j d |_ |jr|jj d |_|S)!Nz: checks DS coverage) descriptionbinntZsbinrCz zone to check)rhelpz-fz--filerEzzone master file)destrrPz-lz --lookasiderFzDLV lookaside zonez-dz--digr=z path to 'dig')rQdefaultrrPz-Dz --dsfromkeyrAzdnssec-dsfromkeyzpath to 'dnssec-dsfromkey'z-vz --versionr)actionrr)argparseArgumentParserprogosname add_argumentrpathrrr parse_argsrCrrF)parserZbindirZsbindirrDr-r-r.r[s,        r[cCs.t}t|j||j|j}t|r$dnddS)Nrr)r[rLrCrErFexit)rDrKr-r-r.mainsr^)NN)rTrWsys subprocessrrZ isc.utilsrrrVrrLr[r^r-r-r-r. sI ;