File: dnssecwalk.sh

package info (click to toggle)
thc-ipv6 3.6-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 2,116 kB
  • sloc: ansic: 52,618; sh: 529; makefile: 77; perl: 34
file content (25 lines) | stat: -rwxr-xr-x 962 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/bin/bash
test -z "$1" -o "$1" = "-h" && { echo "Syntax: $0 [-a] domain" ; echo will try dnssecwalk on all nameservers until one is found, or all if -a is given as option ; exit 1 ; } 

which dig > /dev/null 2>&1 || { echo Error: you need the dig command in your path ; exit 1 ; }

DNS=""
dig 1.0.0.1.0.0.0.0.3.0.0.2.ip6.arpa. ns | grep -q '^1\.0.*SOA' || DNS="@8.8.8.8"
ALL=""
test "$1" = "-a" && { ALL=1 ; shift ; }
DOMAIN=$1
echo $1 | grep -q '\.$' || DOMAIN=$1.
FILE=`echo $DOMAIN|sed 's/\.$//'`
OK=""

for j in `dig $DNS $DOMAIN ns | grep -w NS | grep -w IN | grep -v ';' | awk '{print$5}'`; do
  SERVER=`echo $j|sed 's/\.$//'`
  test -z "$OK" && { 
    echo Trying $j ...
    dnssecwalk -t -6 $j $DOMAIN > $SERVER-$FILE.dnssecwalk
    grep -q Found: $SERVER-$FILE.dnssecwalk && OK=1
    test -n "$OK" && echo Dnssecwalk succeeded, saved to $SERVER-$FILE.dnssecwalk
    test -n "$OK" || rm -f $SERVER-$FILE.dnssecwalk
    test -n "$ALL" && OK=""
  }
done