Xaqron/edns.sh

## edns.sh
#!/usr/bin/env bash

# >>>>>>>>>>>>>>>>>>>>>>>> Functions >>>>>>>>>>>>>>>>>>>>>>>>

function AND () {
  if [ "$1" = "true" ] && [ "$2" = "true" ]; then
    echo true
  else
    echo false
  fi
}

function banner_simple () {
  local msg="* $* *"
  local edge=`echo "$msg" | sed 's/./*/g'`
  echo "$edge"
  echo "`tput bold`$msg`tput sgr0`"
  echo "$edge"
  echo
}

function test_result () {
  if [ "$1" = "true" ]; then
    echo "$2 `tput setaf 2`Passed`tput sgr0`"
  else
    echo "$2 `tput setaf 1`Failed`tput sgr0`"
  fi
}

function SOA_in_answer () {
  if echo "$1" | grep -A2 -P '^;; ANSWER SECTION:$' | grep SOA &> /dev/null; then
    echo "true"
  else
    echo "false"
  fi
}

function SOA_not_in_answer () {
  local result=`SOA_in_answer "$1"`
  if [ "$result" = "true" ]; then
    echo "false"
  else
    echo "true"
  fi
}

function status_is_BADVERS () {
  if echo "$1" | grep "status: BADVERS" &> /dev/null; then
    echo "true"
  else
    echo "false"
  fi
}

function status_is_NOERROR () {
  if echo "$1" | grep "status: NOERROR" &> /dev/null; then
    echo "true"
  else
    echo "false"
  fi
}

function OPTv0 () {
  if echo "$1" | grep -A2 -P '^;; OPT PSEUDOSECTION:$' | grep "EDNS: version: 0" &> /dev/null; then
    echo "true"
  else
    echo "false"
  fi
}

function no_EDNS () {
  if echo "$1" | grep -A2 -P '^;; OPT PSEUDOSECTION:$' | grep "EDNS" &> /dev/null; then
    echo "false"
  else
    echo "true"
  fi
}

function do_flag () {
  if echo "$1" | grep -A2 -P '^;; OPT PSEUDOSECTION:$' | grep "do" &> /dev/null; then
    echo "true"
  else
    echo "false"
  fi
}

# <<<<<<<<<<<<<<<<<<<<<<<< Functions <<<<<<<<<<<<<<<<<<<<<<<<


banner_simple "EDNS Compatibility Test"

echo "Usage with arguments: $0 example.com 8.8.8.8"
echo "Reference: https://kb.isc.org/docs/edns-compatibility-dig-queries"
echo

if ! [ `command -v dig` ]; then
  echo "Cannot find dig command. Run: sudo apt install dnsutils"
  exit 1
fi

if (( $# == 2 )); then
  ZONE="$1"
  DNSSERVER="$2"
else
  read -ep "What domain to test? " -i example.com ZONE
  read -ep "What DNS server to use? " -i a.iana-servers.net DNSSERVER

  : "${ZONE:=example.com}"
  : "${DNSSERVER:=1.1.1.1}"
fi

echo
echo `tput setaf 6; tput bold`Tests:`tput sgr0`
echo

# Plain DNS test
RESULT=`dig +norec +noedns soa $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
test_result $PASSED "Plain DNS ....................."

# Plain EDNS test
RESULT=`dig +norec +edns=0 soa $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
test_result $PASSED "Plain EDNS ...................."

# EDNS - Unknown Version
RESULT=`dig +norec +edns=100 +noednsneg soa $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(status_is_BADVERS "$RESULT") $PASSED)
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
PASSED=$(AND $(SOA_not_in_answer "$RESULT") $PASSED)
test_result $PASSED "EDNS - Unknown Version ........"

# EDNS - Unknown Option
RESULT=`dig +norec +ednsopt=100 soa $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
PASSED=$(AND $(no_EDNS "$RESULT") $PASSED) # possibly wrong rule
test_result $PASSED "EDNS - Unknown Option ........."

# EDNS - Unknown Flag
RESULT=`dig +norec +ednsflags=0x80 soa $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
# TODO: expect: Z bits to be clear in response
test_result $PASSED "EDNS - Unknown Flag ..........."

# EDNS - DO=1 (DNSSEC)
RESULT=`dig +norec +dnssec soa $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
PASSED=$(AND $(do_flag "$RESULT") $PASSED)
test_result $PASSED "EDNS - DO=1 (DNSSEC) .........."

# EDNS - Truncated Response
RESULT=`dig +norec +dnssec +bufsize=512 +ignore dnskey $ZONE @$DNSSERVER`
PASSED=true
PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
test_result $PASSED "EDNS - Truncated Response ....."
	#!/usr/bin/env bash

	# >>>>>>>>>>>>>>>>>>>>>>>> Functions >>>>>>>>>>>>>>>>>>>>>>>>

	function AND () {
	if [ "$1" = "true" ] && [ "$2" = "true" ]; then
	echo true
	else
	echo false
	fi
	}

	function banner_simple () {
	local msg="* $* *"
	local edge=`echo "$msg" \| sed 's/./*/g'`
	echo "$edge"
	echo "`tput bold`$msg`tput sgr0`"
	echo "$edge"
	echo
	}

	function test_result () {
	if [ "$1" = "true" ]; then
	echo "$2 `tput setaf 2`Passed`tput sgr0`"
	else
	echo "$2 `tput setaf 1`Failed`tput sgr0`"
	fi
	}

	function SOA_in_answer () {
	if echo "$1" \| grep -A2 -P '^;; ANSWER SECTION:$' \| grep SOA &> /dev/null; then
	echo "true"
	else
	echo "false"
	fi
	}

	function SOA_not_in_answer () {
	local result=`SOA_in_answer "$1"`
	if [ "$result" = "true" ]; then
	echo "false"
	else
	echo "true"
	fi
	}

	function status_is_BADVERS () {
	if echo "$1" \| grep "status: BADVERS" &> /dev/null; then
	echo "true"
	else
	echo "false"
	fi
	}

	function status_is_NOERROR () {
	if echo "$1" \| grep "status: NOERROR" &> /dev/null; then
	echo "true"
	else
	echo "false"
	fi
	}

	function OPTv0 () {
	if echo "$1" \| grep -A2 -P '^;; OPT PSEUDOSECTION:$' \| grep "EDNS: version: 0" &> /dev/null; then
	echo "true"
	else
	echo "false"
	fi
	}

	function no_EDNS () {
	if echo "$1" \| grep -A2 -P '^;; OPT PSEUDOSECTION:$' \| grep "EDNS" &> /dev/null; then
	echo "false"
	else
	echo "true"
	fi
	}

	function do_flag () {
	if echo "$1" \| grep -A2 -P '^;; OPT PSEUDOSECTION:$' \| grep "do" &> /dev/null; then
	echo "true"
	else
	echo "false"
	fi
	}

	# <<<<<<<<<<<<<<<<<<<<<<<< Functions <<<<<<<<<<<<<<<<<<<<<<<<


	banner_simple "EDNS Compatibility Test"

	echo "Usage with arguments: $0 example.com 8.8.8.8"
	echo "Reference: https://kb.isc.org/docs/edns-compatibility-dig-queries"
	echo

	if ! [ `command -v dig` ]; then
	echo "Cannot find dig command. Run: sudo apt install dnsutils"
	exit 1
	fi

	if (( $# == 2 )); then
	ZONE="$1"
	DNSSERVER="$2"
	else
	read -ep "What domain to test? " -i example.com ZONE
	read -ep "What DNS server to use? " -i a.iana-servers.net DNSSERVER

	: "${ZONE:=example.com}"
	: "${DNSSERVER:=1.1.1.1}"
	fi

	echo
	echo `tput setaf 6; tput bold`Tests:`tput sgr0`
	echo

	# Plain DNS test
	RESULT=`dig +norec +noedns soa $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
	PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
	test_result $PASSED "Plain DNS ....................."

	# Plain EDNS test
	RESULT=`dig +norec +edns=0 soa $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
	PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
	PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
	test_result $PASSED "Plain EDNS ...................."

	# EDNS - Unknown Version
	RESULT=`dig +norec +edns=100 +noednsneg soa $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(status_is_BADVERS "$RESULT") $PASSED)
	PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
	PASSED=$(AND $(SOA_not_in_answer "$RESULT") $PASSED)
	test_result $PASSED "EDNS - Unknown Version ........"

	# EDNS - Unknown Option
	RESULT=`dig +norec +ednsopt=100 soa $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
	PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
	PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
	PASSED=$(AND $(no_EDNS "$RESULT") $PASSED) # possibly wrong rule
	test_result $PASSED "EDNS - Unknown Option ........."

	# EDNS - Unknown Flag
	RESULT=`dig +norec +ednsflags=0x80 soa $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
	PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
	PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
	# TODO: expect: Z bits to be clear in response
	test_result $PASSED "EDNS - Unknown Flag ..........."

	# EDNS - DO=1 (DNSSEC)
	RESULT=`dig +norec +dnssec soa $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(SOA_in_answer "$RESULT") $PASSED)
	PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
	PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
	PASSED=$(AND $(do_flag "$RESULT") $PASSED)
	test_result $PASSED "EDNS - DO=1 (DNSSEC) .........."

	# EDNS - Truncated Response
	RESULT=`dig +norec +dnssec +bufsize=512 +ignore dnskey $ZONE @$DNSSERVER`
	PASSED=true
	PASSED=$(AND $(status_is_NOERROR "$RESULT") $PASSED)
	PASSED=$(AND $(OPTv0 "$RESULT") $PASSED)
	test_result $PASSED "EDNS - Truncated Response ....."