5.2.1

- Fix bug where TLSA records would not be checked in some cases - Improved debug logging
domainaware · Jan 4, 2024 · 42ac9ba · 42ac9ba
1 parent 424dfd1
commit 42ac9ba
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,12 @@
 Changelog
 =========
 
+5.2.1
+-----
+
+- Fix bug where TLSA records would not be checked in some cases
+- Improved debug logging
+
 5.2.0
 -----
 

diff --git a/checkdmarc/_constants.py b/checkdmarc/_constants.py
@@ -18,7 +18,7 @@
 See the License for the specific language governing permissions and
 limitations under the License."""
 
-__version__ = "5.2.0"
+__version__ = "5.2.1"
 
 OS = platform.system()
 OS_RELEASE = platform.release()

diff --git a/checkdmarc/dnssec.py b/checkdmarc/dnssec.py
@@ -56,6 +56,7 @@ def get_dnskey(domain: str, nameservers: list[str] = None,
     if domain in cache:
         return cache[domain]
 
+    logging.debug(f"Checking for DNSKEY records at {domain}")
     request = dns.message.make_query(domain,
                                      dns.rdatatype.DNSKEY,
                                      want_dnssec=True)
@@ -144,6 +145,7 @@ def get_tlsa_records(hostname: str, nameservers: list[str] = None,
     if query_hostname in TLSA_CACHE:
         return TLSA_CACHE[query_hostname]
     tlsa_records = []
+    logging.debug(f"Checking for TLSA records at {query_hostname}")
     request = dns.message.make_query(query_hostname,
                                      dns.rdatatype.TLSA,
                                      want_dnssec=True)

diff --git a/checkdmarc/smtp.py b/checkdmarc/smtp.py
@@ -343,6 +343,11 @@ def get_mx_hosts(domain: str, skip_tls: bool = False,
                                               nameservers=nameservers,
                                               resolver=resolver,
                                               timeout=timeout)
+            tlsa_records = get_tlsa_records(hostname,
+                                            nameservers=nameservers,
+                                            timeout=timeout)
+            if len(tlsa_records) > 0:
+                host["tlsa"] = tlsa_records
             if len(host["addresses"]) == 0:
                 warnings.append(
                     f"{hostname} does not have any A or AAAA DNS records")
@@ -378,11 +383,6 @@ def get_mx_hosts(domain: str, skip_tls: bool = False,
                                     "the A/AAAA DNS records for "
                                     f"{hostname} do not resolve to "
                                     f"{address}")
-        tlsa_records = get_tlsa_records(hostname,
-                                        nameservers=nameservers,
-                                        timeout=timeout)
-        if len(tlsa_records) > 0:
-            host["tlsa"] = tlsa_records
         if not skip_tls and platform.system() == "Windows":
             logging.warning("Testing TLS is not supported on Windows")
             skip_tls = True