From 990a7a560c98dcbaa9c9e8deb0968819b646a664 Mon Sep 17 00:00:00 2001 From: David Timber Date: Mon, 16 May 2022 15:53:36 +0800 Subject: Changes ... - Deprecate palhm-dnssec-check.sh - Merge check-dnssec and boot-report config into the sample config - Add crontab sample - Reduce Python requirement to 3.5 - Remove use of capture_output - boot-report: remove systemd-analyze as the command is not available during boot time - Change config schema - "object-groups" and "objects" are now optional - Change "boot-report" include behaviour --- src/palhm-dnssec-check.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src/palhm-dnssec-check.sh') diff --git a/src/palhm-dnssec-check.sh b/src/palhm-dnssec-check.sh index 4601d8e..122e51d 100755 --- a/src/palhm-dnssec-check.sh +++ b/src/palhm-dnssec-check.sh @@ -1,4 +1,8 @@ #!/bin/bash + +# This script is a legacy. The same functionality can be implemented by setting +# up a back up task. See [conf/py-sample/sample.jsonc] + do_query () { # dig returns 0 upon successful reception and parse of the response message. # All the other exit codes other than 0 will cause the script to terminate @@ -6,7 +10,7 @@ do_query () { # We assume that a status code has returned when dig produces no output with # the option. Caution must be taken in this approach as zones with no # record will also return nothing with the status code zero. - dig +short +dnssec ANY "$TARGET" > "$tmpf" + dig +short +dnssec +notcp ANY "$TARGET" > "$tmpf" if [ ! -s "$tmpf" ]; then echo "The nameserver returned no RR! DNSSEC verification probably failed." >&2 @@ -33,7 +37,7 @@ declare TARGET="$1" declare tmpf="$(mktemp --tmpdir "palhm-dnssec.XXXXXXXXXX")" do_query & set +e -wait -f "$!" +wait ec="$?" rm "$tmpf" -- cgit v1.2.3-70-g09d2