Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 475 lines (300 sloc) 13.497 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474
dnspython

INTRODUCTION

dnspython is a DNS toolkit for Python. It supports almost all record
types. It can be used for queries, zone transfers, and dynamic
updates. It supports TSIG authenticated messages and EDNS0.

dnspython provides both high and low level access to DNS. The high
level classes perform queries for data of a given name, type, and
class, and return an answer set. The low level classes allow direct
manipulation of DNS zones, messages, names, and records.

To see a few of the ways dnspython can be used, look in the examples/
directory.

dnspython originated at Nominum where it was developed to facilitate
the testing of DNS software. Nominum has generously allowed it to be
open sourced under a BSD-style license, and helps support its future
development by continuing to employ the author :).


ABOUT THIS RELEASE

This is dnspython 1.10.0

New since 1.9.4:

        Added dns.resolver.LRUCache. In this cache implementation,
the cache size is limited to a user-specified number of nodes,
and when adding a new node to a full cache the least-recently
used node is removed. If you're crawling the web or otherwise
doing lots of resolutions and you are using a cache, switching
to the LRUCache is recommended.

dns.resolver.query() will try TCP if a UDP response is
truncated.

The python socket module's DNS methods can be now be overriden
with implementations that use dnspython's resolver.

Old DNSSEC types KEY, NXT, and SIG have been removed.

Whitespace is allowed in SSHFP fingerprints.

Origin checking in dns.zone.from_xfr() can be disabled.

Trailing junk checking can be disabled.

A source port can be specified when creating a resolver query.

All EDNS values may now be specified to dns.message.make_query().

Bugs fixed since 1.9.4:

      IPv4 and IPv6 address processing is now stricter.

Bounds checking of slices in rdata wire processing is now more
strict, and bounds errors (e.g. we got less data than was
expected) now raise dns.exception.FormError rather than
IndexError.

Specifying a source port without specifying source used to
have no effect, but now uses the wildcard address and the
specified port.

New since 1.9.3:

        Nothing.

Bugs fixed since 1.9.3:

      The rdata _wire_cmp() routine now handles relative names.

The SIG RR implementation was missing 'import struct'.

New since 1.9.2:

     A boolean parameter, 'raise_on_no_answer', has been added to
the query() methods. In no-error, no-data situations, this
parameter determines whether NoAnswer should be raised or not.
If True, NoAnswer is raised. If False, then an Answer()
object with a None rrset will be returned.

Resolver Answer() objects now have a canonical_name field.

Rdata now have a __hash__ method.

Bugs fixed since 1.9.2:

        Dnspython was erroneously doing case-insensitive comparisons
of the names in NSEC and RRSIG RRs.

We now use "is" and not "==" when testing what section an RR
is in.

The resolver now disallows metaqueries.

New since 1.9.1:

     Nothing.

Bugs fixed since 1.9.1:

The dns.dnssec module didn't work at all due to missing
imports that escaped detection in testing because the test
suite also did the imports. The third time is the charm!

New since 1.9.0:

     Nothing.

Bugs fixed since 1.9.0:

        The dns.dnssec module didn't work with DSA due to namespace
contamination from a "from"-style import.

New since 1.8.0:

     dnspython now uses poll() instead of select() when available.

Basic DNSSEC validation can be done using dns.dnsec.validate()
and dns.dnssec.validate_rrsig() if you have PyCrypto 2.3 or
later installed. Complete secure resolution is not yet
available.

Added key_id() to the DNSSEC module, which computes the DNSSEC
key id of a DNSKEY rdata.

Added make_ds() to the DNSSEC module, which returns the DS RR
for a given DNSKEY rdata.

dnspython now raises an exception if HMAC-SHA284 or
HMAC-SHA512 are used with a Python older than 2.5.2. (Older
Pythons do not compute the correct value.)

Symbolic constants are now available for TSIG algorithm names.

Bugs fixed since 1.8.0

        dns.resolver.zone_for_name() didn't handle a query response
with a CNAME or DNAME correctly in some cases.

        When specifying rdata types and classes as text, Unicode
strings may now be used.

Hashlib compatibility issues have been fixed.

dns.message now imports dns.edns.

The TSIG algorithm value was passed incorrectly to use_tsig()
in some cases.

New since 1.7.1:

     Support for hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384
and hmac-sha512 has been contributed by Kevin Chen.

The tokenizer's tokens are now Token objects instead of (type,
value) tuples.

Bugs fixed since 1.7.1:

        Escapes in masterfiles now work correctly. Previously they
were only working correctly when the text involved was part of
a domain name.

      When constructing a DDNS update, if the present() method was
used with a single rdata, a zero TTL was not added.

The entropy pool needed locking to be thread safe.

The entropy pool's reading of /dev/random could cause
dnspython to block.

The entropy pool did buffered reads, potentially consuming more
randomness than we needed.

The entropy pool did not seed with high quality randomness on
Windows.

SRV records were compared incorrectly.

In the e164 query function, the resolver parameter was not
used.

New since 1.7.0:

     Nothing

Bugs fixed since 1.7.0:

      The 1.7.0 kitting process inadventently omitted the code for the
DLV RR.

Negative DDNS prerequisites are now handled correctly.

New since 1.6.0:

     Rdatas now have a to_digestable() method, which returns the
DNSSEC canonical form of the rdata, suitable for use in
signature computations.

The NSEC3, NSEC3PARAM, DLV, and HIP RR types are now supported.

An entropy module has been added and is used to randomize query ids.

EDNS0 options are now supported.

UDP IXFR is now supported.

The wire format parser now has a 'one_rr_per_rrset' mode, which
suppresses the usual coalescing of all RRs of a given type into a
single RRset.

Various helpful DNSSEC-related constants are now defined.

The resolver's query() method now has an optional 'source' parameter,
        allowing the source IP address to be specified.

Bugs fixed since 1.6.0:

      On Windows, the resolver set the domain incorrectly.

DS RR parsing only allowed one Base64 chunk.

TSIG validation didn't always use absolute names.

NSEC.to_text() only printed the last window.

We did not canonicalize IPv6 addresses before comparing them; we
would thus treat equivalent but different textual forms, e.g.
"1:00::1" and "1::1" as being non-equivalent.

If the peer set a TSIG error, we didn't raise an exception.

Some EDNS bugs in the message code have been fixed (see the ChangeLog
for details).

New since 1.5.0:
Added dns.inet.is_multicast().

Bugs fixed since 1.5.0:

If select() raises an exception due to EINTR, we should just
select() again.

If the queried address is a multicast address, then don't
check that the address of the response is the same as the
address queried.

NAPTR comparisons didn't compare the preference field due to a
typo.

Testing of whether a Windows NIC is enabled now works on Vista
thanks to code contributed by Paul Marks.

New since 1.4.0:

     Answer objects now support more of the python sequence
protocol, forwarding the requests to the answer rrset.
E.g. "for a in answer" is equivalent to "for a in
answer.rrset", "answer[i]" is equivalent to "answer.rrset[i]",
and "answer[i:j]" is equivalent to "answer.rrset[i:j]".

Making requests using EDNS, including indicating DNSSEC awareness,
is now easier. For example, you can now say:

q = dns.message.make_query('www.dnspython.org', 'MX',
want_dnssec=True)

dns.query.xfr() can now be used for IXFR.

Support has been added for the DHCID, IPSECKEY, and SPF RR types.

UDP messages from unexpected sources can now be ignored by
setting ignore_unexpected to True when calling dns.query.udp.

Bugs fixed since 1.4.0:

        If /etc/resolv.conf didn't exist, we raised an exception
instead of simply using the default resolver configuration.

In dns.resolver.Resolver._config_win32_fromkey(), we were
passing the wrong variable to self._config_win32_search().

New since 1.3.5:

        You can now convert E.164 numbers to/from their ENUM name
        forms:

>>> import dns.e164
>>> n = dns.e164.from_e164("+1 555 1212")
>>> n
<DNS name 2.1.2.1.5.5.5.1.e164.arpa.>
>>> dns.e164.to_e164(n)
'+15551212'

You can now convert IPv4 and IPv6 address to/from their
corresponding DNS reverse map names:

>>> import dns.reversename
>>> n = dns.reversename.from_address("127.0.0.1")
>>> n
<DNS name 1.0.0.127.in-addr.arpa.>
>>> dns.reversename.to_address(n)
'127.0.0.1'

You can now convert between Unicode strings and their IDN ACE
form:

>>> n = dns.name.from_text(u'les-\u00e9l\u00e8ves.example.')
>>> n
<DNS name xn--les-lves-50ai.example.>
>>> n.to_unicode()
u'les-\xe9l\xe8ves.example.'

The origin parameter to dns.zone.from_text() and dns.zone.to_text()
is now optional. If not specified, the origin will be taken from
the first $ORIGIN statement in the master file.

Sanity checking of a zone can be disabled; this is useful when
working with files which are zone fragments.

Bugs fixed since 1.3.5:

      The correct delimiter was not used when retrieving the
list of nameservers from the registry in certain versions of
windows.

        The floating-point version of latitude and longitude in LOC RRs
(float_latitude and float_longitude) had incorrect signs for
south latitudes and west longitudes.

BIND 8 TTL syntax is now accepted in all TTL-like places (i.e.
SOA fields refresh, retry, expire, and minimum; SIG/RRSIG
field original_ttl).

TTLs are now bounds checked when their text form is parsed,
and their values must be in the closed interval [0, 2^31 - 1].

New since 1.3.4:

      In the resolver, if time goes backward a little bit, ignore
     it.

zone_for_name() has been added to the resolver module. It
returns the zone which is authoritative for the specified
name, which is handy for dynamic update. E.g.

import dns.resolver
print dns.resolver.zone_for_name('www.dnspython.org')

will output "dnspython.org." and

print dns.resolver.zone_for_name('a.b.c.d.e.f.example.')

will output ".".

The default resolver can be fetched with the
get_default_resolver() method.

     You can now get the parent (immediate superdomain) of a name
by using the parent() method.

Zone.iterate_rdatasets() and Zone.iterate_rdatas() now have
a default rdtype of dns.rdatatype.ANY like the documentation
says.

A Dynamic DNS example, ddns.py, has been added.

New since 1.3.3:

The source address and port may now be specified when calling
dns.query.{udp,tcp,xfr}.

The resolver now does exponential backoff each time it runs
through all of the nameservers.

Rcodes which indicate a nameserver is likely to be a
"permanent failure" for a query cause the nameserver to be removed
from the mix for that query.

New since 1.3.2:

     dns.message.Message.find_rrset() now uses an index, vastly
improving the from_wire() performance of large messages such
as zone transfers.

Added dns.message.make_response(), which creates a skeletal
response for the specified query.

Added opcode() and set_opcode() convenience methods to the
dns.message.Message class. Added the request_payload
attribute to the Message class.

        The 'file' parameter of dns.name.Name.to_wire() is now
optional; if omitted, the wire form will be returned as the
value of the function.

dns.zone.from_xfr() in relativization mode incorrectly set
zone.origin to the empty name.

The masterfile parser incorrectly rejected TXT records where a
value was not quoted.

New since 1.3.1:

The NSEC format doesn't allow specifying types by number, so
we shouldn't either. (Using the unknown type format is still
OK though.)

The resolver wasn't catching dns.exception.Timeout, so a timeout
erroneously caused the whole resolution to fail instead of just
going on to the next server.

The renderer module didn't import random, causing an exception
to be raised if a query id wasn't provided when a Renderer was
created.

        The conversion of LOC milliseconds values from text to binary was
incorrect if the length of the milliseconds string was not 3.

New since 1.3.0:

Added support for the SSHFP type.

New since 1.2.0:

Added support for new DNSSEC types RRSIG, NSEC, and DNSKEY.

This release fixes all known bugs.

See the ChangeLog file for more detailed information on changes since
the prior release.


REQUIREMENTS

Python 2.4 or later.


INSTALLATION

To build and install dnspython, type

python setup.py install


HOME PAGE

For the latest in releases, documentation, and information, visit the
dnspython home page at

http://www.dnspython.org/



DOCUMENTATION

Documentation is sparse at the moment. Use pydoc, or read the HTML
documentation at the dnspython home page, or download the HTML
documentation.


BUG REPORTS

Bug reports may be sent to bugs@dnspython.org


MAILING LISTS

A number of mailing lists are available. Visit the dnspython home
page to subscribe or unsubscribe.
Something went wrong with that request. Please try again.