From a01c87416b241315a9268bb4eb5206ade8328069 Mon Sep 17 00:00:00 2001 From: David Timber Date: Wed, 27 Apr 2022 17:40:41 +0800 Subject: Initial commit --- src/palhm-dnssec-check.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100755 src/palhm-dnssec-check.sh (limited to 'src/palhm-dnssec-check.sh') diff --git a/src/palhm-dnssec-check.sh b/src/palhm-dnssec-check.sh new file mode 100755 index 0000000..f5ee466 --- /dev/null +++ b/src/palhm-dnssec-check.sh @@ -0,0 +1,43 @@ +#!/bin/bash +set -e +. "$( dirname -- "${BASH_SOURCE[0]}" )"/common.sh + +do_query () { + # dig returns 0 upon successful reception and parse of the response message. + # All the other exit codes other than 0 will cause the script to terminate + # as a result of set -e. +short option makes dig return the values of RR. + # We assume that a status code has returned when dig produces no output with + # the option. Caution must be taken in this approach as zones with no + # record will also return nothing with the status code zero. + dig +short +dnssec ANY "$TARGET" > "$tmpf" + if [ ! -s "$tmpf" ]; then + palhm_die \ + "The nameserver returned no RR! +DNSSEC verification probably failed." + fi +} + +if [ "$#" -lt 1 ]; then + cat >&2 << EOF +The Periodic Automatic Linux Host Maintenance (PALHM) DNSSEC check +Usage: $0 + +The zone must contain at least one resource record set. The nameservers +configured for the host must support DNSSEC validation. + +To test your host configuration, running + \$ $0 dnssec-failed.org +should produce error messages. +EOF + exit 2 +fi + +declare TARGET="$1" +declare tmpf="$(mktemp --tmpdir "palhm-dnssec.XXXXXXXXXX")" + +do_query & set +e +wait -f "$!" +ec="$?" +rm "$tmpf" + +exit "$ec" -- cgit v1.2.3-70-g09d2