From a1ce5266a770c65313aa148ad872f7574c9ff27f Mon Sep 17 00:00:00 2001
From: Astound <kirito@disroot.org>
Date: Mon, 17 Feb 2025 01:26:35 +0800
Subject: Add tools to checker

---
 tools/checker.bash | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 tools/checker.bash

(limited to 'tools/checker.bash')

diff --git a/tools/checker.bash b/tools/checker.bash
new file mode 100644
index 0000000..59ea4f1
--- /dev/null
+++ b/tools/checker.bash
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+grep -o 'sdns://[^ ]*' extra-resolvers.md > input_sdns.txt
+
+INPUT_FILE="input_sdns.txt"
+OUTPUT_FILE="valid_sdns.txt"
+
+> "$OUTPUT_FILE"
+
+CONFIG_FILE="dnscrypt-proxy.toml"
+LOG_FILE="dnscrypt-proxy.log"
+
+echo "🔹 Starting DNSSEC server verification..."
+
+wait_for_dnscrypt() {
+    for i in {1..10}; do
+        if dnscrypt-proxy -resolve example.com &> /dev/null; then
+            return 0
+        fi
+        sleep 1
+    done
+    return 1
+}
+
+while read -r stamp; do
+    echo "Verifying $stamp ..."
+
+    cat <<EOF > "$CONFIG_FILE"
+listen_addresses = ['127.0.0.1:5353']
+server_names = ['test-server']
+[static]
+[static.'test-server']
+stamp = '$stamp'
+EOF
+
+    dnscrypt-proxy -config "$CONFIG_FILE" &> "$LOG_FILE" &
+    DNSCRYPT_PID=$!
+    if ! wait_for_dnscrypt; then
+        echo "❌ dnscrypt-proxy execution failed for $stamp"
+        echo ""
+        kill $DNSCRYPT_PID 2>/dev/null
+        continue
+    fi
+
+    if dnscrypt-proxy -resolve sigok.ippacket.stream | grep -E "DNSSEC\s*:\s*yes"; then
+        echo "$stamp" >> "$OUTPUT_FILE"
+        echo "✅ DNSSEC supported"
+        echo ""
+    else
+        echo "❌ No DNSSEC"
+        echo ""
+    fi
+
+    kill $DNSCRYPT_PID 2>/dev/null
+    wait $DNSCRYPT_PID 2>/dev/null
+done < "$INPUT_FILE"
+
+echo "🔹 Process completed. The SDNS with DNSSEC are in '$OUTPUT_FILE'."
+echo "🔹 Cleaning temporary files..."
+rm -f "$LOG_FILE" "$CONFIG_FILE"
-- 
cgit v1.2.3