zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-walk.py

#!/usr/bin/python
# vim:fileencoding=utf-8
#
# Walk a domain that's using NSEC and print in zonefile format.

import sys
import ldnsx

def walk(domain):
        res = ldnsx.resolver("193.110.157.136", dnssec=True)
        pkt = res.query(domain, 666)
        try:
                nsec_rr = pkt.authority(rr_type="NSEC")[0]
        except:
                print "no NSEC found, domain is not signed or using NSEC3"
                sys.exit()
        for rr_type in nsec_rr[5].split(' ')[:-1]:
                for rr in ldnsx.get_rrs(domain, rr_type):
                        print str(rr)[:-1]
        next_rec = nsec_rr[4]
        if (next_rec != domain) and (next_rec[-len(domain):] == domain):
                walk(next_rec)

walk("xelerance.com")
fix: populate ldns submodule and add autotools to LDNS build stage - Re-cloned zonemaster-ldns with --recurse-submodules so the bundled ldns C library source (including Changelog and configure.ac) is present - Added autoconf, automake, libtool to Dockerfile.backend ldns-build stage so libtoolize + autoreconf can generate ldns/configure during make Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-21 08:33:38 +02:00			`#!/usr/bin/python`
			`# vim:fileencoding=utf-8`
			`#`
			`# Walk a domain that's using NSEC and print in zonefile format.`

			`import sys`
			`import ldnsx`

			`def walk(domain):`
			`res = ldnsx.resolver("193.110.157.136", dnssec=True)`
			`pkt = res.query(domain, 666)`
			`try:`
			`nsec_rr = pkt.authority(rr_type="NSEC")[0]`
			`except:`
			`print "no NSEC found, domain is not signed or using NSEC3"`
			`sys.exit()`
			`for rr_type in nsec_rr[5].split(' ')[:-1]:`
			`for rr in ldnsx.get_rrs(domain, rr_type):`
			`print str(rr)[:-1]`
			`next_rec = nsec_rr[4]`
			`if (next_rec != domain) and (next_rec[-len(domain):] == domain):`
			`walk(next_rec)`

			`walk("xelerance.com")`