nadzoring.dns_lookup.validation module

DNS record validation functions.

nadzoring.dns_lookup.validation._apply_rtype_specific_checks(rtype: str, record_result: dict[str, Any], record_score: int, result: dict[str, list[str]]) int[source]

Apply validation rules specific to each DNS record type.

Parameters:

  • rtype – DNS record type to validate.

  • record_result – Dict containing the record data to validate.

  • record_score – Current score before applying type-specific checks.

  • result – Accumulator dict for issues and warnings.

Returns:

Updated score after applying type-specific validations.

nadzoring.dns_lookup.validation._check_dkim_record(txt: str, record_score: int, result: dict[str, list[str]]) int[source]

Deduct points when a DKIM record is missing the p= public-key tag.

Parameters:

  • txt – DKIM record string starting with "v=DKIM1".

  • record_score – Current score.

  • result – Accumulator dict for issues.

Returns:

Updated score; reduced by 20 when the public key is absent.

Examples

>>> r = {"issues": [], "warnings": []}
>>> _check_dkim_record("v=DKIM1; k=rsa;", 100, r)
80
nadzoring.dns_lookup.validation._check_mx_priorities(records: list[str], record_score: int, result: dict[str, list[str]]) int[source]

Deduct points for duplicate MX priorities or malformed records.

Parameters:

  • records – MX record strings in "priority mailserver" format.

  • record_score – Current score.

  • result – Accumulator dict for issues.

Returns:

Updated score; reduced by 20 for each duplicate or malformed entry.

Examples

>>> r = {"issues": [], "warnings": []}
>>> _check_mx_priorities(["10 mail1.com", "10 mail2.com"], 100, r)
80
nadzoring.dns_lookup.validation._check_spf_record(txt: str, record_score: int, result: dict[str, list[str]]) int[source]

Deduct points when an SPF record lacks a ~all or -all mechanism.

Parameters:

  • txt – SPF record string starting with "v=spf1".

  • record_score – Current score.

  • result – Accumulator dict for warnings.

Returns:

Updated score; reduced by 10 when termination mechanism is absent.

Examples

>>> r = {"issues": [], "warnings": []}
>>> _check_spf_record("v=spf1 include:spf.example.com", 100, r)
90
nadzoring.dns_lookup.validation._check_txt_records(records: list[str], record_score: int, result: dict[str, list[str]]) int[source]

Validate TXT records for SPF and DKIM compliance.

Parameters:

  • records – List of TXT record strings.

  • record_score – Current score.

  • result – Accumulator dict for issues and warnings.

Returns:

Updated score after SPF and DKIM checks.

nadzoring.dns_lookup.validation.calculate_record_score(rtype: str, record_result: dict[str, Any], result: dict[str, list[str]]) int[source]

Calculate a health score for a single DNS record type.

Starts at 100 and deducts points for errors, missing records, or type-specific issues.

Parameters:

  • rtype – DNS record type (e.g. "A", "MX", "TXT").

  • record_result – Dict with optional "error" and "records" keys.

  • result – Accumulator dict with "warnings" and "issues" lists updated in-place.

Returns:

Score between 0 and 100.

nadzoring.dns_lookup.validation.determine_status(score: int) str[source]

Map a numeric health score to a status label.

Parameters:

score – Numeric score in the range 0-100.

Returns:

"healthy" for score ≥ 80, "degraded" for 50-79, or "unhealthy" for scores below 50.

Examples

>>> determine_status(85)
'healthy'
>>> determine_status(65)
'degraded'
>>> determine_status(30)
'unhealthy'
nadzoring.dns_lookup.validation.validate_mx_records(mx_records: list[str]) dict[str, bool | list[str]][source]

Validate MX records for duplicate priority values.

Parameters:

mx_records – MX record strings in "priority mailserver" format.

Returns:

Dict with "valid" (bool), "issues" (list), and "warnings" (list) keys.

Examples

>>> validate_mx_records(["10 mail1.com", "10 mail2.com"])
{'valid': False, 'issues': ['Duplicate priority: 10'], 'warnings': []}
nadzoring.dns_lookup.validation.validate_txt_records(txt_records: list[str]) dict[str, bool | list[str]][source]

Validate TXT records for SPF and DKIM compliance.

Checks for SPF (missing ~all/-all) and DKIM (missing p= key).

Parameters:

txt_records – List of TXT record strings.

Returns:

Dict with "valid" (bool), "issues" (list), and "warnings" (list) keys.

Examples

>>> result = validate_txt_records(["v=spf1 include:spf.com"])
>>> result["valid"]
True
>>> result["warnings"]
['SPF missing softfail/hardfail']