Skip to content

Instantly share code, notes, and snippets.

@bagder
Forked from dive/haxx.se.log.md
Last active May 6, 2022 11:14
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save bagder/b46386b7e7b41753b6f316416f06f2db to your computer and use it in GitHub Desktop.

Script

#!/bin/env sh

# http://haxx.se 
# http://daniel.haxx.se

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

check_dns() {
    echo "=== $1"
    echo "== nslookup";    nslookup "$1"
    echo "== dscacheutil"; dscacheutil -q host -a name "$1"
    echo "== dig";         dig "$1"
    echo "== curl";        curl --insecure -vvI "https://$1" 2>&1
    echo "== openssl";     echo | openssl s_client -connect "$1:443"
    echo "== show-cert";   echo | openssl s_client -servername "$1" -connect "$1:443" | openssl x509 -noout -dates

    # host -a haxx.se
    # echo "== dns-sd";      dns-sd -G v4 "$1"
}

check_dns haxx.se
check_dns daniel.haxx.se

haxx.se results

=== haxx.se
== nslookup
Server:		172.20.10.1
Address:	172.20.10.1#53

Non-authoritative answer:
Name:	haxx.se
Address: 159.253.31.95

== dscacheutil
name: haxx.se
ipv6_address: 2a02:750:7:3305::2aa

name: haxx.se
ip_address: 159.253.31.95

== dig

; <<>> DiG 9.10.6 <<>> haxx.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44433
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;haxx.se.			IN	A

;; ANSWER SECTION:
haxx.se.		4502	IN	A	159.253.31.95

;; Query time: 18 msec
;; SERVER: 172.20.10.1#53(172.20.10.1)
;; WHEN: Mon May 02 09:32:56 BST 2022
;; MSG SIZE  rcvd: 52

== curl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 159.253.31.95:443...
* Connected to haxx.se (159.253.31.95) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [312 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [4281 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=haxx.se
*  start date: Mar 21 15:52:01 2022 GMT
*  expire date: Jun 19 15:52:00 2022 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x140812e00)
> HEAD / HTTP/2
> Host: haxx.se
> user-agent: curl/7.79.1
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: nginx/1.21.1
< date: Mon, 02 May 2022 08:32:56 GMT
< content-type: text/html
< content-length: 1364
< last-modified: Sat, 28 Nov 2020 13:36:03 GMT
< etag: "554-5b52adbc2cded"
< accept-ranges: bytes
< vary: Accept-Encoding
< strict-transport-security: max-age=31536000
< 

  0  1364    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host haxx.se left intact
HTTP/2 200 
server: nginx/1.21.1
date: Mon, 02 May 2022 08:32:56 GMT
content-type: text/html
content-length: 1364
last-modified: Sat, 28 Nov 2020 13:36:03 GMT
etag: "554-5b52adbc2cded"
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000

== openssl
CONNECTED(00000005)
---
Certificate chain
 0 s:/CN=letsencrypt-nginx-proxy-companion
   i:/CN=letsencrypt-nginx-proxy-companion
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFOTCCAyGgAwIBAgIUTYwRVKCydpCBqakZ5SfjcrFKc2EwDQYJKoZIhvcNAQEL
BQAwLDEqMCgGA1UEAwwhbGV0c2VuY3J5cHQtbmdpbngtcHJveHktY29tcGFuaW9u
MB4XDTIxMDkyNTE0MDkzNVoXDTIyMDkyNTE0MDkzNVowLDEqMCgGA1UEAwwhbGV0
c2VuY3J5cHQtbmdpbngtcHJveHktY29tcGFuaW9uMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEA1ex8y0tA5M8Q63RGjKNQ3Q7FUM2WDWpktV0o6boyhXCw
lKIqpulZdBS8KSxZukAEkJ9AdgV29/oCAInWH9V8ivpulcQZBLeZmeUr6c+421HR
8CYk55DdgMYdTJhoAHxV8Aw76dSDd4IymAKjq/VRVuggGfcZUi4CWcjN3BX9wLOv
+qqz2J6fWq1U+aIhlPomFIla8PI9eBpmwGHU/1SPRvFoBGOVYSvz0xQqSYe4DCPa
E4VqRF956glczx8ZYEtLdGK0bu38MQp8FoBdTLrN6CHd5BmU32zxAFkcCJmUuuC7
EPnq3xBdlcTJoAoFZSUaXlw0W3vfi1kL0H8cM+j5UymlkizAbTzxY7Rn5/ianJnU
40kr2vVL1S2bvoeYdIIR+TDCgmxlc9hHXwmMz5RxVoX62+gd38MnHhSBE4L7bzs3
ks5ELn4ZTmtZA7fkj4/qK9cynzXlWZ8hdGLHAtsWDCBhol4jvzycBLfFz84WrlyX
eaVMT/n8fd2Rz1wViOQFmjTmKLfk1C0tgmZWs7Fy0HU28FUi8EOv4u9wHBYZe7IT
HtUoYfvRl7a9i6WnM6/QSnIjODCKoQR7/RZzV4c+S9UCy6A9hXfJTf/WqyJy51ve
xsNaqcphYYPLTIqjfMIkNkrIomfXB88WFsmiwl4ktifBlwbOiu+TqaBi+ELMIEcC
AwEAAaNTMFEwHQYDVR0OBBYEFJal2PTVXrLq1mytrd8v83Kmp7D7MB8GA1UdIwQY
MBaAFJal2PTVXrLq1mytrd8v83Kmp7D7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggIBAHLBRpQxU81YJL4i7MdUIBnS7Re1vkLMakBOO0Vyj6D+mylN
Wv/zo7a5oVNckpc9UL7Hr1tfNsThxpk3heFB5iTSHQw/1+dcqXRLvhSm72Fk1CnJ
A4SjSbIYIeJiCJ+zerBFNiVK8Ks0H7VX2CQqRv7+UNICY7t5SZwFKBFVIAhsBuTr
xwiyYTKGG+DTnBcsrF4mSQpifXlzLOhTawDx4b8df7QaV0x0ZKkt3NlY4NgikcD0
X2TetofgONZfRveK17BXZdWeWh75KG3vb3LNaYwr++HMwIn7u1KpcMLthyMr7/x1
6XyCsNQI4kjKrcMO5U1LfpOYr1tTlinX2vNMzuW+kozTSCA5/QMcWyavvg704wm7
2eJyKv4wm8s5tXYRwXeuA3vuj67sA8ZHf7uibEFOZIrYsUh3df+gHFohnx0NqNYS
d9bJYjcEDOonX4vIh2PLehsRE8pjVmVf0km3cbl4jvatqUtZYLrOzdahIIj9BtGC
mOvjhA6kUUOAl42Hsc6TAITFhvRogaNzFgQ3vVFGypmPoUkCO75XBERsN8vLnp4N
2n/j7eIQeL8NViUjPgT2hUf3sQfVvmD8hAqAgu8kAO3YYMYw7sT6i9+J5xUPjR3/
6Q5+IqYvVUrtE713efVe7/Roogg4lv3q15p2K6EPspAz+Z/AAfbRa/ZutI+r
-----END CERTIFICATE-----
subject=/CN=letsencrypt-nginx-proxy-companion
issuer=/CN=letsencrypt-nginx-proxy-companion
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 2063 bytes and written 281 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: 6011316BEF2DF20AC2A1B061C6DEAC42E886F566670BBD4575B6217F41FAA0FB
    Session-ID-ctx: 
    Master-Key: AD6D96E9AD84E85DE9E1596D29D3C31ABBADBCBFB70B552896172D9F5449DF44A51DECD24631E4767AABFF19BBF33C70
    Start Time: 1651480376
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
== show-cert
notBefore=Mar 21 15:52:01 2022 GMT
notAfter=Jun 19 15:52:00 2022 GMT

daniel.haxx.se

=== daniel.haxx.se
== nslookup
Server:		172.20.10.1
Address:	172.20.10.1#53

Non-authoritative answer:
daniel.haxx.se	canonical name = dualstack.c.sni.global.fastly.net.
Name:	dualstack.c.sni.global.fastly.net
Address: 151.101.62.49

== dscacheutil
name: dualstack.c.sni.global.fastly.net
alias: daniel.haxx.se 
ipv6_address: 2a04:4e42:f::561

name: dualstack.c.sni.global.fastly.net
alias: daniel.haxx.se 
ip_address: 151.101.62.49

== dig

; <<>> DiG 9.10.6 <<>> daniel.haxx.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7068
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;daniel.haxx.se.			IN	A

;; ANSWER SECTION:
daniel.haxx.se.		4487	IN	CNAME	dualstack.c.sni.global.fastly.net.
dualstack.c.sni.global.fastly.net. 24 IN A	151.101.62.49

;; Query time: 8 msec
;; SERVER: 172.20.10.1#53(172.20.10.1)
;; WHEN: Mon May 02 09:32:57 BST 2022
;; MSG SIZE  rcvd: 106

== curl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 151.101.62.49:443...
* Connected to daniel.haxx.se (151.101.62.49) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [319 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1680 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [116 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=daniel.haxx.se
*  start date: Dec 16 13:07:49 2016 GMT
*  expire date: Dec 16 13:07:49 2026 GMT
*  issuer: C=ES; ST=Madrid; L=Madrid; O=Allot; OU=Allot; CN=allot.com/emailAddress=info@allot.com
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> HEAD / HTTP/1.1
> Host: daniel.haxx.se
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Pragma: no-cache
< Cache-Control: no-cache
< Expires: -1
< Content-Length: 647
< Content-Type: text/html
< 
* Excess found: excess = 647 url = / (zero-length body)

  0   647    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host daniel.haxx.se left intact
HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: -1
Content-Length: 647
Content-Type: text/html

== openssl
CONNECTED(00000005)
---
Certificate chain
 0 s:/CN=c.sni-561-default.ssl.fastly.net
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA 2020
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA 2020
   i:/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGdjCCBV6gAwIBAgIQAUf5een4s38YZXNfJnzd1DANBgkqhkiG9w0BAQsFADBV
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UE
AxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA2MDcy
MjAzMDdaFw0yMjA3MDkyMjAzMDZaMCsxKTAnBgNVBAMMIGMuc25pLTU2MS1kZWZh
dWx0LnNzbC5mYXN0bHkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArwu0wXbuXx7yEmrxGIXpSOB9eyU9JijhV0E/hxvdxV6MzxNIbIv3uBiBe7Ym
uVEEX297nszWkISqTxf/ldesik528mxNOz2T1G8TIf2Piky12gsSAUqndALjGwwJ
7ii3Bx2anMbkVZOLztLY6PuvBxHtKjnn9qGx1PphbyNS+1s03MB11N3B2Ck+r2pr
WhRYZE+C7GkTSsOXCKzysG80qNPKbFz0IkPcvy18lKj5m3sA4Msd3mV6wlKvRgfp
LuvjMpPq6B7IUey7rkSKEnx3QwuMsBudSgr4aJc9H/VhB7XJh+gEtTtYh4kaczZj
GWb7jcQqhREY237uWLMBgcHtMQIDAQABo4IDajCCA2YwKwYDVR0RBCQwIoIgYy5z
bmktNTYxLWRlZmF1bHQuc3NsLmZhc3RseS5uZXQwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBDeb+03w6aX8
FgBybtkg1FQi0MUwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcC
ARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EM
AQIBMAkGA1UdEwQCMAAwgZoGCCsGAQUFBwEBBIGNMIGKMD4GCCsGAQUFBzABhjJo
dHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAy
MDBIBggrBgEFBQcwAoY8aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNl
cnQvZ3NhdGxhc3IzZHZ0bHNjYTIwMjAuY3J0MB8GA1UdIwQYMBaAFEJtVy1PHyZ3
dKYnZPaA+o9IaP58MEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5jb20vY2EvZ3NhdGxhc3IzZHZ0bHNjYTIwMjAuY3JsMIIBfgYKKwYBBAHW
eQIEAgSCAW4EggFqAWgAdQBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5t
RwAAAXnogDg3AAAEAwBGMEQCIHKOAJTD6nQDh04z4T3/hWNq21lbW4WC9P7LRG2Z
+tDUAiA04TvjvG4tigAY92MvRoMMhn3z/u3XDzKHqF6HelFmfQB2AFGjsPX9AXmc
Vm24N3iPDKR6zBsny/eeiEKaDf7UiwXlAAABeeiAOGEAAAQDAEcwRQIgdVqPHcZx
W+3sngUPSkAjyIfcR2hCed9u763Ayp1sQAUCIQCRV2J/I3GrsPEdMs6JROygA5Sc
dWnE97ShkCqvYsC7rQB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MM
AAABeeiAOK4AAAQDAEgwRgIhAJ6u6XMaDf0VtgRBoxY6MvOf6PtW2B8UfehR99T9
iq4AAiEAmstQScQLBJlifvcdXgFZ9oo8MtDQyHD34Wr5dynOmMcwDQYJKoZIhvcN
AQELBQADggEBAARLPUS6dH2l4ZVJg0kojQnYaph87ziwOx3EGCZ7PjfGk5IYkuiq
SmMZZfCXFxeLLXAsg4fWGBqHnbUK6J6Gy2aMjTUrZKU6A0Uc4iFdg+fPZSTTQOuP
CCJM5ZG2ISu3JtueNNcgr4OmAV1a74EctqNhH7tO4Y22hcKHBJU5Zg2qO6vKzLO5
MBG9WvvjcyhiIB3lh9hv0r372RAQ6KKqEIwJTjp02e7CML8KoZexuPhFP5PajLlF
YRKF6N9yXy6lBcaiMZlb28yFRPZNBioRgndEE5aABAU6bKu+Wx+NA4PcnkQfkucU
koXyB7ezLbaddonX9tdk2GULvJKIHwC+mcw=
-----END CERTIFICATE-----
subject=/CN=c.sni-561-default.ssl.fastly.net
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA 2020
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3480 bytes and written 281 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: B9F504166C7C859B531D747B419F1FBBF378D7935C1CF85F1B170D2B39201B4A
    Session-ID-ctx: 
    Master-Key: DC18D05DA068C0F69D98A496647ADA958D2A4BC3A40D97A6148D450F7DA700BE3C4DAC9D64ACA39059E828AA214B9B40
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 83 f8 5e 19 59 bd 30 20-99 24 b5 86 e8 9c ef 2f   ..^.Y.0 .$...../
    0010 - ab a5 13 ea 54 76 b9 61-12 2b ad c8 58 aa e6 71   ....Tv.a.+..X..q
    0020 - 17 3b 7f 62 f1 dc 68 93-76 bb 8f 63 82 2d d5 d8   .;.b..h.v..c.-..
    0030 - 26 b8 d2 b6 1d 94 c1 66-ba 3a a6 4d e5 6e 9e 48   &......f.:.M.n.H
    0040 - dd 22 90 34 8b 4d 54 43-64 91 98 53 41 45 3f b2   .".4.MTCd..SAE?.
    0050 - fd 0b 92 81 d2 11 a0 a9-b3 2d 13 6b 52 b5 60 82   .........-.kR.`.
    0060 - 53 62 4a 0c 08 c1 22 94-39 2e bd ad 93 fa 92 3c   SbJ...".9......<
    0070 - b2 55 8a 6e 6e 1a 51 d8-7f c0 18 c8 87 88 12 63   .U.nn.Q........c
    0080 - 4d 8a 25 eb 70 8b 62 36-46 ad 02 58 5d 05 f1 ac   M.%.p.b6F..X]...
    0090 - fc aa 01 f7 79 e9 64 6d-70 db 14 47 0d 75 a1 ec   ....y.dmp..G.u..

    Start Time: 1651480377
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
== show-cert
notBefore=Dec 16 13:07:49 2016 GMT
notAfter=Dec 16 13:07:49 2026 GMT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment