nadzoring.dns_lookup.validation module

DNS record validation functions.

nadzoring.dns_lookup.validation.apply_rtype_specific_checks(rtype: str, record_result: dict[str, Any], record_score: int, result: dict[str, list[str]]) int[source]

Apply validation rules specific to each DNS record type.

Delegates to specialized validation functions based on the record type.

Parameters:

  • rtype – DNS record type to validate.

  • record_result – Dictionary containing the record data to validate.

  • record_score – Current score before applying type-specific checks.

  • result – Result dictionary for collecting issues and warnings.

Returns:

Updated score after applying type-specific validations.

Return type:

int

See also

check_mx_priorities: Validates MX record priorities. check_txt_records: Validates TXT record content (SPF, DKIM).

nadzoring.dns_lookup.validation.calculate_record_score(rtype: str, record_result: dict[str, Any], result: dict[str, list[str]]) int[source]

Calculate a health score for a single DNS record type.

Evaluates DNS records based on their presence, errors, and content, applying a scoring system that penalizes issues and missing records.

Parameters:

  • rtype – DNS record type (e.g., ‘A’, ‘MX’, ‘TXT’, ‘CNAME’).

  • record_result – Dictionary containing record data and potential errors. Expected keys: ‘error’ (optional), ‘records’ (optional).

  • result – Result dictionary to collect warnings and issues during validation. Must contain ‘warnings’ and ‘issues’ lists.

Returns:

Calculated score between 0-100, where:

  • 100: Perfect configuration

  • 80-99: Minor issues (warnings only)

  • 50-79: Significant issues

  • Below 50: Critical issues

Return type:

int

Notes

The function delegates record-type specific checks to apply_rtype_specific_checks() for further validation.

nadzoring.dns_lookup.validation.check_dkim_record(txt: str, record_score: int, result: dict[str, list[str]]) int[source]

Validate DKIM (DomainKeys Identified Mail) record.

Verifies that the DKIM record contains a public key (p= tag), which is required for email signing and verification.

Parameters:

  • txt – DKIM record string starting with ‘v=DKIM1’.

  • record_score – Current score before validation.

  • result – Result dictionary for collecting issues.

Returns:

Updated score, reduced by 20 points if public key is missing.

Return type:

int

Example

>>> result = {"issues": [], "warnings": []}
>>> check_dkim_record("v=DKIM1; k=rsa;", 100, result)
80
>>> result["issues"]
['DKIM record missing public key']
nadzoring.dns_lookup.validation.check_mx_priorities(records: list[str], record_score: int, result: dict[str, list[str]]) int[source]

Validate MX record priorities for duplicate entries.

Checks MX records for duplicate priority values, which can cause undetermined mail server selection behavior.

Parameters:

  • records – List of MX record strings in format “priority mailserver”. Example: “10 mail.example.com”

  • record_score – Current score before validation.

  • result – Result dictionary for collecting issues.

Returns:

Updated score, reduced by 20 points for each duplicate

priority or malformed record.

Return type:

int

Example

>>> result = {"issues": [], "warnings": []}
>>> check_mx_priorities(["10 mail1.com", "10 mail2.com"], 100, result)
80
>>> result["issues"]
['Duplicate MX priority: 10']
nadzoring.dns_lookup.validation.check_spf_record(txt: str, record_score: int, result: dict[str, list[str]]) int[source]

Validate SPF (Sender Policy Framework) record.

Checks if the SPF record includes a required termination mechanism (~all or -all) to specify how to handle unauthorized senders.

Parameters:

  • txt – SPF record string starting with ‘v=spf1’.

  • record_score – Current score before validation.

  • result – Result dictionary for collecting warnings.

Returns:

Updated score, reduced by 10 points if missing softfail/hardfail.

Return type:

int

Example

>>> result = {"issues": [], "warnings": []}
>>> check_spf_record("v=spf1 include:spf.example.com", 100, result)
90
>>> result["warnings"]
['SPF record missing softfail/hardfail']
nadzoring.dns_lookup.validation.check_txt_records(records: list[str], record_score: int, result: dict[str, list[str]]) int[source]

Validate TXT records for email authentication compliance.

Examines TXT records for SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) standards compliance.

Parameters:

  • records – List of TXT record strings.

  • record_score – Current score before validation.

  • result – Result dictionary for collecting issues and warnings.

Returns:

Updated score after applying SPF and DKIM validations.

Return type:

int

See also

check_spf_record: Validates SPF record syntax and requirements. check_dkim_record: Validates DKIM record presence of public key.

nadzoring.dns_lookup.validation.determine_status(score: int) str[source]

Determine health status category based on numerical score.

Maps a numerical score to a human-readable health status.

Parameters:

score – Numerical score (typically 0-100) from DNS validation.

Returns:

Health status:

  • ”healthy”: Score >= 80 (good configuration)

  • ”degraded”: 50 <= Score < 80 (issues need attention)

  • ”unhealthy”: Score < 50 (critical issues)

Return type:

str

Examples

>>> determine_status(85)
'healthy'
>>> determine_status(65)
'degraded'
>>> determine_status(30)
'unhealthy'
nadzoring.dns_lookup.validation.validate_mx_records(mx_records: list[str]) dict[str, bool | list[str]][source]

Validate MX records for proper configuration.

Checks MX records for duplicate priorities, which can cause unpredictable mail server selection.

Parameters:

mx_records – List of MX record strings in format “priority mailserver”. Example: [“10 mail1.example.com”, “20 mail2.example.com”]

Returns:

Validation result containing:

  • valid (bool): True if all checks pass

  • issues (List[str]): List of critical issues found

  • warnings (List[str]): List of non-critical warnings (always empty)

Return type:

Dict[str, Union[bool, List[str]]]

Example

>>> validate_mx_records(["10 mail1.com", "10 mail2.com"])
{'valid': False, 'issues': ['Duplicate priority: 10'], 'warnings': []}
nadzoring.dns_lookup.validation.validate_txt_records(txt_records: list[str]) dict[str, bool | list[str]][source]

Validate TXT records for email authentication compliance.

Checks TXT records for SPF and DKIM compliance, identifying common configuration issues.

Parameters:

txt_records

List of TXT record strings to validate. Example: [“v=spf1 include:spf.example.com ~all”,

”v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ…”]

Returns:

Validation result containing:

  • valid (bool): True if all critical checks pass

  • issues (List[str]): List of critical issues (invalid DKIM)

  • warnings (List[str]): List of warnings (SPF missing ~all/-all)

Return type:

Dict[str, Union[bool, List[str]]]

Example

>>> result = validate_txt_records(["v=spf1 include:spf.com"])
>>> result["valid"]
True
>>> result["warnings"]
['SPF missing softfail/hardfail']