1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#!/bin/sh
set -e
setup() (
service named stop
service named start
)
teardown() (
service named stop
)
trap teardown EXIT
run() (
max_attempts=10
repeats=${max_attempts}
while [ "${repeats}" -gt "0" ]; do
# Make a query against an external nameserver and check for DNSSEC validation
echo "Checking for DNSSEC validation status of internetsociety.org"
out=$(dig -t a internetsociety.org @127.0.0.1 | grep -E 'flags:.+ad; QUERY' || true)
if [ "$out" ]; then
break
fi
# As a fallback in case of failure in internetsociety.org, check against ripe.net
echo "Checking for DNSSEC validation status of ripe.net"
out=$(dig -t a ripe.net @127.0.0.1 | grep -E 'flags:.+ad; QUERY' || true)
if [ "$out" ]; then
break
fi
repeats=$((repeats - 1))
sleep 1
done
if ! [ "$out" ]; then
echo "DNSSEC validation check failed after ${max_attempts} attempts"
exit 1
fi
)
setup
run
|
