Last active
May 22, 2019 06:48
-
-
Save Xaqron/c905d71d9033ec8318d930eaff77654d to your computer and use it in GitHub Desktop.
EDNS Compatibility Test bash script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# >>>>>>>>>>>>>>>>>>>>>>>> Functions >>>>>>>>>>>>>>>>>>>>>>>> | |
function AND () { | |
if [ "$1" = "true" ] && [ "$2" = "true" ]; then | |
echo true | |
else | |
echo false | |
fi | |
} | |
function banner_simple () { | |
local msg="* $* *" | |
local edge=`echo "$msg" | sed 's/./*/g'` | |
echo "$edge" | |
echo "`tput bold`$msg`tput sgr0`" | |
echo "$edge" | |
echo | |
} | |
function test_result () { | |
if [ "$1" = "true" ]; then | |
echo "$2 `tput setaf 2`Passed`tput sgr0`" | |
else | |
echo "$2 `tput setaf 1`Failed`tput sgr0`" | |
fi | |
} | |
function SOA_in_answer () { | |
if echo "$1" | grep -A2 -P '^;; ANSWER SECTION:$' | grep SOA &> /dev/null; then | |
echo "true" | |
else | |
echo "false" | |
fi | |
} | |
function SOA_not_in_answer () { | |
local result=`SOA_in_answer "$1"` | |
if [ "$result" = "true" ]; then | |
echo "false" | |
else | |
echo "true" | |
fi | |
} | |
function status_is_BADVERS () { | |
if echo "$1" | grep "status: BADVERS" &> /dev/null; then | |
echo "true" | |
else | |
echo "false" | |
fi | |
} | |
function status_is_NOERROR () { | |
if echo "$1" | grep "status: NOERROR" &> /dev/null; then | |
echo "true" | |
else | |
echo "false" | |
fi | |
} | |
function OPTv0 () { | |
if echo "$1" | grep -A2 -P '^;; OPT PSEUDOSECTION:$' | grep "EDNS: version: 0" &> /dev/null; then | |
echo "true" | |
else | |
echo "false" | |
fi | |
} | |
function no_EDNS () { | |
if echo "$1" | grep -A2 -P '^;; OPT PSEUDOSECTION:$' | grep "EDNS" &> /dev/null; then | |
echo "false" | |
else | |
echo "true" | |
fi | |
} | |
function do_flag () { | |
if echo "$1" | grep -A2 -P '^;; OPT PSEUDOSECTION:$' | grep "do" &> /dev/null; then | |
echo "true" | |
else | |
echo "false" | |
fi | |
} | |
# <<<<<<<<<<<<<<<<<<<<<<<< Functions <<<<<<<<<<<<<<<<<<<<<<<< | |
banner_simple "EDNS Compatibility Test" | |
echo "Usage with arguments: $0 example.com 8.8.8.8" | |
echo "Reference: https://kb.isc.org/docs/edns-compatibility-dig-queries" | |
echo | |
if ! [ `command -v dig` ]; then | |
echo "Cannot find dig command. Run: sudo apt install dnsutils" | |
exit 1 | |
fi | |
if (( $# == 2 )); then | |
ZONE="$1" | |
DNSSERVER="$2" | |
else | |
read -ep "What domain to test? " -i example.com ZONE | |
read -ep "What DNS server to use? " -i a.iana-servers.net DNSSERVER | |
: "${ZONE:=example.com}" | |
: "${DNSSERVER:=1.1.1.1}" | |
fi | |
echo | |
echo `tput setaf 6; tput bold`Tests:`tput sgr0` | |
echo | |
# Plain DNS test | |
RESULT=`dig +norec +noedns soa $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED) | |
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED) | |
test_result $PASSED "Plain DNS ....................." | |
# Plain EDNS test | |
RESULT=`dig +norec +edns=0 soa $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED) | |
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED) | |
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED) | |
test_result $PASSED "Plain EDNS ...................." | |
# EDNS - Unknown Version | |
RESULT=`dig +norec +edns=100 +noednsneg soa $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(status_is_BADVERS "$RESULT") $PASSED) | |
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED) | |
PASSED=$(AND $(SOA_not_in_answer "$RESULT") $PASSED) | |
test_result $PASSED "EDNS - Unknown Version ........" | |
# EDNS - Unknown Option | |
RESULT=`dig +norec +ednsopt=100 soa $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED) | |
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED) | |
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED) | |
PASSED=$(AND $(no_EDNS "$RESULT") $PASSED) # possibly wrong rule | |
test_result $PASSED "EDNS - Unknown Option ........." | |
# EDNS - Unknown Flag | |
RESULT=`dig +norec +ednsflags=0x80 soa $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED) | |
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED) | |
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED) | |
# TODO: expect: Z bits to be clear in response | |
test_result $PASSED "EDNS - Unknown Flag ..........." | |
# EDNS - DO=1 (DNSSEC) | |
RESULT=`dig +norec +dnssec soa $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED) | |
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED) | |
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED) | |
PASSED=$(AND $(do_flag "$RESULT") $PASSED) | |
test_result $PASSED "EDNS - DO=1 (DNSSEC) .........." | |
# EDNS - Truncated Response | |
RESULT=`dig +norec +dnssec +bufsize=512 +ignore dnskey $ZONE @$DNSSERVER` | |
PASSED=true | |
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED) | |
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED) | |
test_result $PASSED "EDNS - Truncated Response ....." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment