search

18F / domain-scan

A lightweight pipeline, locally or in Lambda, for scanning things like HTTPS, third party service use, and web accessibility.
Other
370 stars 137 forks source link

Use latest trustymail #280

Closed jsf9k closed 6 years ago

jsf9k commented 6 years ago

The latest trustymail (0.6.2) fixes a bug where a domain was being labeled "not live" if a dns.resolver.NoNameservers or dns.resolver.NXDOMAIN exception was thrown when performing the DNS query to check the DMARC record. The issue is that the DNS query to check the DMARC record queries _dmarc.domain.gov and not the domain itself. The domain itself could well be live even if _dmarc.domain.gov does not exist.

We turned up a case where this behavior made a difference in the BOD-18-01 scanning.

jsf9k commented 6 years ago

@konklone, the CI tests ran before trustymail v0.6.2 was deployed to PyPI. If you rerun the tests they should pass. (I don't have permission to trigger a rerun, otherwise I would do it.)

IanLee1521 commented 6 years ago

@jsf9k -- I just pushed an empty commit (using git commit --allow-empty -m 'Trigger CI to rebuild') to force the CI to run.

jsf9k commented 6 years ago

Good call on fleshing out the PR description, @IanLee1521!