diff options
| -rw-r--r-- | README.md | 22 | ||||
| -rw-r--r-- | tools/checker.bash | 60 | ||||
| -rw-r--r-- | tools/doh.bash | 24 |
3 files changed, 104 insertions, 2 deletions
@@ -1,10 +1,10 @@ -## Resolvers list +# Resolvers list A list of domain servers for DNSCrypt Usage: -``` +```toml [sources.'extra-resolvers'] urls = ['https://c.fridu.us/services/resolvers-list.git/plain/extra-resolvers.md', 'https://git.sr.ht/~heckyel/resolvers-list/blob/master/extra-resolvers.md'] cache_file = '/var/cache/dnscrypt-proxy/extra-resolvers.md' @@ -27,6 +27,24 @@ minisign -S -l -m extra-resolvers.md grep -o 'sdns://[^ ]*' extra-resolvers.md > list-ag-sdns.txt ``` +## Tools + +### Checker + +To verify DNSSEC support for the resolvers, use the checker.bash script: + +```sh +bash tools/checker.bash +``` + +### DoH + +To verify DoH servers, use the doh.bash script: + +```sh +bash tools/doh.bash +``` + ### License This work is licensed under the [GNU GPLv3+](LICENSE) diff --git a/tools/checker.bash b/tools/checker.bash new file mode 100644 index 0000000..59ea4f1 --- /dev/null +++ b/tools/checker.bash @@ -0,0 +1,60 @@ +#!/bin/bash + +grep -o 'sdns://[^ ]*' extra-resolvers.md > input_sdns.txt + +INPUT_FILE="input_sdns.txt" +OUTPUT_FILE="valid_sdns.txt" + +> "$OUTPUT_FILE" + +CONFIG_FILE="dnscrypt-proxy.toml" +LOG_FILE="dnscrypt-proxy.log" + +echo "🔹 Starting DNSSEC server verification..." + +wait_for_dnscrypt() { + for i in {1..10}; do + if dnscrypt-proxy -resolve example.com &> /dev/null; then + return 0 + fi + sleep 1 + done + return 1 +} + +while read -r stamp; do + echo "Verifying $stamp ..." + + cat <<EOF > "$CONFIG_FILE" +listen_addresses = ['127.0.0.1:5353'] +server_names = ['test-server'] +[static] +[static.'test-server'] +stamp = '$stamp' +EOF + + dnscrypt-proxy -config "$CONFIG_FILE" &> "$LOG_FILE" & + DNSCRYPT_PID=$! + if ! wait_for_dnscrypt; then + echo "❌ dnscrypt-proxy execution failed for $stamp" + echo "" + kill $DNSCRYPT_PID 2>/dev/null + continue + fi + + if dnscrypt-proxy -resolve sigok.ippacket.stream | grep -E "DNSSEC\s*:\s*yes"; then + echo "$stamp" >> "$OUTPUT_FILE" + echo "✅ DNSSEC supported" + echo "" + else + echo "❌ No DNSSEC" + echo "" + fi + + kill $DNSCRYPT_PID 2>/dev/null + wait $DNSCRYPT_PID 2>/dev/null +done < "$INPUT_FILE" + +echo "🔹 Process completed. The SDNS with DNSSEC are in '$OUTPUT_FILE'." +echo "🔹 Cleaning temporary files..." +rm -f "$LOG_FILE" "$CONFIG_FILE" diff --git a/tools/doh.bash b/tools/doh.bash new file mode 100644 index 0000000..571d5c1 --- /dev/null +++ b/tools/doh.bash @@ -0,0 +1,24 @@ +#!/bin/bash + +servers=( + "resolver1.dns.watch/dns-query" +) + +domain="sigok.ippacket.stream" + +test_doh() { + local server="$1" + host=$(echo "$server" | sed -E 's~https?://([^/]+)/.*~\1~') + response=$(dig +https @"$host" "$domain" A +short 2>/dev/null) + + if [[ -n "$response" ]]; then + echo "✅ $server - Responde con: $response" + else + echo "❌ $server - No respondió correctamente" + fi +} + +echo "Verificando servidores DoH..." +for server in "${servers[@]}"; do + test_doh "$server" +done |