DKIM selectors where queried separatedly

2026-05-20 13:41:56 -03:00
parent e57df39562
commit c91c3f1023
5 changed files with 83 additions and 21 deletions
@@ -32,6 +32,7 @@ class ParsedSpfRecord:
@dataclass
 class DkimRecord:
    selector: str
+    domain: str
    query_name: str
    record: str | None = None
    error: str | None = None
@@ -138,7 +139,7 @@ def parse_spf_records(records: list[str]) -> tuple[ParsedSpfRecord, list[str]]:
 def collect_domain_dns_policy(
    domain: str,
    *,
-    selectors: list[str] | None = None,
+    selectors: list[str | tuple[str, str]] | None = None,
    txt_lookup: TxtLookup | None = None,
    mx_lookup: MxLookup | None = None,
 ) -> DomainDnsPolicy:
@@ -164,16 +165,34 @@ def collect_domain_dns_policy(
    except Exception as exc:
        policy.errors.append(f"MX lookup failed: {exc}")

-    for selector in sorted({item.strip().lower() for item in selectors or [] if item and item.strip()}):
-        query_name = f"{selector}._domainkey.{domain}"
+    selector_domains: set[tuple[str, str]] = set()
+    for item in selectors or []:
+        if isinstance(item, tuple):
+            selector, dkim_domain = item
+        else:
+            selector, dkim_domain = item, domain
+        selector = (selector or "").strip().lower()
+        dkim_domain = (dkim_domain or domain).strip().lower().rstrip(".")
+        if selector and dkim_domain:
+            selector_domains.add((selector, dkim_domain))
+
+    for selector, dkim_domain in sorted(selector_domains):
+        query_name = f"{selector}._domainkey.{dkim_domain}"
        try:
            records = txt_lookup(query_name)
            dkim_records = [record for record in records if record.strip().lower().startswith("v=dkim1")]
-            policy.dkim.append(DkimRecord(selector=selector, query_name=query_name, record=dkim_records[0] if dkim_records else None))
+            policy.dkim.append(
+                DkimRecord(
+                    selector=selector,
+                    domain=dkim_domain,
+                    query_name=query_name,
+                    record=dkim_records[0] if dkim_records else None,
+                )
+            )
            if not dkim_records:
-                policy.errors.append(f"DKIM record not found for selector {selector}")
+                policy.errors.append(f"DKIM record not found for selector {selector} on {dkim_domain}")
        except Exception as exc:
-            policy.dkim.append(DkimRecord(selector=selector, query_name=query_name, error=str(exc)))
-            policy.errors.append(f"DKIM lookup failed for selector {selector}: {exc}")
+            policy.dkim.append(DkimRecord(selector=selector, domain=dkim_domain, query_name=query_name, error=str(exc)))
+            policy.errors.append(f"DKIM lookup failed for selector {selector} on {dkim_domain}: {exc}")

    return policy