Source code for dns_sprockets_lib.validators.dnssectype_ambiguous
'''
dnssectype_ambiguous - Zone test: DnssectypeAmbiguous
.. Copyright (c) 2015 Neustar, Inc. All rights reserved.
.. See COPYRIGHT.txt for full notice. See LICENSE.txt for terms and conditions.
'''
import dns_sprockets_lib.validators as validators
[docs]class DnssectypeAmbiguous(validators.ZoneTest):
# pylint: disable=too-few-public-methods
'''
Checks for existence of both NSEC and NSEC3 in the zone.
'''
[docs] def run(self, context, suggested_tested):
result = None
# Insure there's just NSEC's or just NSEC3's in the zone:
has_nsec = next(context.zone_obj.iterate_rdatasets('NSEC'), None)
has_nsec3 = next(context.zone_obj.iterate_rdatasets('NSEC3'), None)
if has_nsec and has_nsec3:
result = 'Zone has both NSEC and NSEC3 records'
# If that's ok, see if there's an NSEC3PARAM and NSEC's:
if not result and has_nsec and context.nsec3param_rdataset:
result = 'Zone has NSEC3PARAM and NSEC records'
return (suggested_tested, result)
# end of file