|
@@ -231,7 +231,8 @@ def get_tsig_key(named_key_path):
|
|
|
|
|
|
|
|
|
def update_tlsa_record(zone, tlsa_port, digest, keyring, keyalgorithm,
|
|
|
- subdomain="", ttl=300, protocol="tcp"):
|
|
|
+ subdomain="", ttl=300, protocol="tcp",
|
|
|
+ dns_server="localhost"):
|
|
|
"""
|
|
|
Updates the tlsa record on the DNS server.
|
|
|
|
|
@@ -251,6 +252,8 @@ def update_tlsa_record(zone, tlsa_port, digest, keyring, keyalgorithm,
|
|
|
:type ttl: int
|
|
|
:param protocol: protocol for the TLSA record
|
|
|
:type protocol: str
|
|
|
+ :param dns_server: DNS server to use to create TLSA records
|
|
|
+ :type dns_server: str
|
|
|
:returns: response of the operation
|
|
|
:rtype: dns.message.Message
|
|
|
"""
|
|
@@ -262,7 +265,7 @@ def update_tlsa_record(zone, tlsa_port, digest, keyring, keyalgorithm,
|
|
|
else:
|
|
|
tlsa_record = "_%s._%s.%s." % (tlsa_port, protocol, zone)
|
|
|
update.replace(tlsa_record, ttl, "tlsa", tlsa_content)
|
|
|
- response = dns.query.tcp(update, 'localhost')
|
|
|
+ response = dns.query.tcp(update, dns_server)
|
|
|
return response
|
|
|
|
|
|
|
|
@@ -283,7 +286,8 @@ def get_log_level(input_level=""):
|
|
|
return logging.INFO
|
|
|
|
|
|
|
|
|
-def create_tlsa_records(domain, port, certificate, named_key_path):
|
|
|
+def create_tlsa_records(domain, port, certificate, named_key_path,
|
|
|
+ dns_server):
|
|
|
"""
|
|
|
Creates tlsa records for the specified (sub-)domain
|
|
|
|
|
@@ -295,11 +299,14 @@ def create_tlsa_records(domain, port, certificate, named_key_path):
|
|
|
:type certificate: OpenSSL.crypto.X509
|
|
|
:param named_key_path: path to the named session key
|
|
|
:type named_key_path: str
|
|
|
+ :param dns_server: DNS server to use to create TLSA records
|
|
|
+ :type dns_server: str
|
|
|
"""
|
|
|
hash_digest = create_tlsa_hash(certificate)
|
|
|
zone = "%s.%s" % (domain.split(".")[-2], domain.split(".")[-1])
|
|
|
tsig, keyalgo = get_tsig_key(named_key_path)
|
|
|
- update_tlsa_record(zone, port, hash_digest, tsig, keyalgo, domain)
|
|
|
+ update_tlsa_record(zone, port, hash_digest, tsig, keyalgo, domain,
|
|
|
+ dns_server=dns_server)
|
|
|
|
|
|
|
|
|
def get_subject_alt_name(certificate):
|