python unbound client bug?

George (Yorgos) Thessalonikefs george at nlnetlabs.nl
Tue Jun 6 14:52:27 UTC 2023 

Hi Paul,

The single/double quotes mixup seems like a funny coincidence.
result.data.data includes the rdata which in this case (TXT) is the 
character string(s). So also the length of the character string at the 
start which in this case happens to be presented as '.
For this specific example (single character string) you can skip the 
first byte but I believe the correct approach is to provide something 
like 'as_txt_list()' method similar to the other methods to cleanly 
handle the possible multiple length occurrences there.

For now something like the following would help you with parsing TXT 
rdata (more or less similar to what is there now for domain names):

-------------------------------------------------------------------
def parse_txt_from_data(d):
     if not d:
         return []

     res = []
     dlen = len(d)

     idx = 0
     while (idx < dlen):
         complen = ord(d[idx])
         res.append(d[idx+1:idx+1+complen])
         idx += complen + 1

     return res

your_txt_records = map(lambda x:b''.join(parse_txt_from_data(x)),
     result.data.data)
-------------------------------------------------------------------

Disclaimer, I haven't tested the above code but I'll try to properly 
commit it soon-ish.

Best regards,
-- Yorgos

On 29/05/2023 20:42, Paul Wouters via Unbound-users wrote:
> 
> See:
> 
> $ dig  _aiven-challenge.nohats.ca txt +short
> "token=someveryrandomstring,expiry=never"
> 
> doing the same with unbound python:
> 
> 
> import os
> from unbound import ub_ctx,ub_strerror,RR_TYPE_TXT,RR_TYPE_A,RR_CLASS_IN
> 
> ctx = ub_ctx()
> ctx.resolvconf("/etc/resolv.conf")
> if os.path.isfile("/etc/unbound/dnssec-root.key"):
>      ctx.add_ta_file("/etc/unbound/dnssec-root.key") #read public keys 
> for DNSSEC verification
> status, result = ctx.resolve(f"_aiven-challenge.nohats.ca.", 
> RR_TYPE_TXT, RR_CLASS_IN)
> 
> if status == 0 and result.havedata:
>      print(result.data.data)
> 
> 
> $ python test.py [b"'token=someveryrandomstring,expiry=never"]
> 
> 
> Note there is a single quote at the beginning of the string (and not at 
> the end)
> 
> This is with python3-unbound-1.17.1-1.fc37.x86_64
> 
> Paul

More information about the Unbound-users mailing list