|
| 1 | +#! /bin/sh |
| 2 | + |
| 3 | +# Check a single DNS stamp for availability |
| 4 | +# Usage: ./check-stamp.sh sdns://... |
| 5 | +# Exit codes: 0 = working, 1 = not working or error |
| 6 | + |
| 7 | +DNSCRYPT_PROXY=~/src/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy |
| 8 | +CONFIG="/tmp/dnscrypt-proxy-check.toml" |
| 9 | +PIDFILE="/tmp/dnscrypt-proxy-check.pid" |
| 10 | +LOGFILE="/tmp/dnscrypt-proxy-check.log" |
| 11 | + |
| 12 | +# Check arguments |
| 13 | +if [ $# -ne 1 ]; then |
| 14 | + echo "Usage: $0 sdns://..." >&2 |
| 15 | + exit 1 |
| 16 | +fi |
| 17 | + |
| 18 | +STAMP="$1" |
| 19 | + |
| 20 | +# Validate stamp format |
| 21 | +if ! echo "$STAMP" | grep -q '^sdns://'; then |
| 22 | + echo "Error: Invalid stamp format. Must start with 'sdns://'" >&2 |
| 23 | + exit 1 |
| 24 | +fi |
| 25 | + |
| 26 | +# Check if dnscrypt-proxy is available |
| 27 | +if [ ! -x "$DNSCRYPT_PROXY" ]; then |
| 28 | + echo "Error: dnscrypt-proxy not found at $DNSCRYPT_PROXY" >&2 |
| 29 | + exit 1 |
| 30 | +fi |
| 31 | + |
| 32 | +# Clean up any previous runs |
| 33 | +cleanup() { |
| 34 | + if [ -f "$PIDFILE" ]; then |
| 35 | + kill $(cat "$PIDFILE") 2>/dev/null |
| 36 | + fi |
| 37 | + rm -f "$CONFIG" "$PIDFILE" "$LOGFILE" |
| 38 | +} |
| 39 | +trap cleanup EXIT |
| 40 | + |
| 41 | +# Create config file |
| 42 | +{ |
| 43 | + echo 'listen_addresses = ["127.0.0.1:5300"]' |
| 44 | + echo 'server_names = ["test-server"]' |
| 45 | + echo 'odoh_servers = true' |
| 46 | + echo 'timeout = 5000' |
| 47 | + echo 'keepalive = 30' |
| 48 | + echo |
| 49 | + echo '[static."test-server"]' |
| 50 | + echo "stamp = '$STAMP'" |
| 51 | +} >"$CONFIG" |
| 52 | + |
| 53 | +# Check DNSSEC support |
| 54 | +DNSSEC=false |
| 55 | +if $DNSCRYPT_PROXY -config "$CONFIG" -list -json 2>/dev/null | grep -F '"dnssec": true' >/dev/null; then |
| 56 | + DNSSEC=true |
| 57 | +fi |
| 58 | + |
| 59 | +# Show certificate info (silent mode) |
| 60 | +if ! $DNSCRYPT_PROXY -config "$CONFIG" -show-certs >/dev/null 2>&1; then |
| 61 | + echo "Error: Failed to retrieve certificate information" >&2 |
| 62 | + exit 1 |
| 63 | +fi |
| 64 | + |
| 65 | +# Start dnscrypt-proxy |
| 66 | +$DNSCRYPT_PROXY -config "$CONFIG" -pidfile "$PIDFILE" -logfile "$LOGFILE" -loglevel 3 & |
| 67 | +sleep 1 |
| 68 | + |
| 69 | +# Check if process is running |
| 70 | +if [ ! -f "$PIDFILE" ] || ! kill -0 $(cat "$PIDFILE") 2>/dev/null; then |
| 71 | + echo "Error: Failed to start dnscrypt-proxy" >&2 |
| 72 | + if [ -f "$LOGFILE" ]; then |
| 73 | + tail -n 10 "$LOGFILE" >&2 |
| 74 | + fi |
| 75 | + exit 1 |
| 76 | +fi |
| 77 | + |
| 78 | +# Test resolver with retries |
| 79 | +RETRIES=3 |
| 80 | +SUCCESS=false |
| 81 | + |
| 82 | +for i in $(seq 1 $RETRIES); do |
| 83 | + if $DNSCRYPT_PROXY -config "$CONFIG" -resolve "example.com" >/tmp/resolve-output 2>/dev/null; then |
| 84 | + # Check DNSSEC if expected |
| 85 | + if [ "$DNSSEC" = "true" ]; then |
| 86 | + if grep -F "resolver doesn't support DNSSEC" /tmp/resolve-output >/dev/null; then |
| 87 | + echo "Error: DNSSEC support expected but not detected" >&2 |
| 88 | + exit 1 |
| 89 | + fi |
| 90 | + fi |
| 91 | + SUCCESS=true |
| 92 | + break |
| 93 | + fi |
| 94 | + [ $i -lt $RETRIES ] && sleep 1 |
| 95 | +done |
| 96 | + |
| 97 | +# Clean up |
| 98 | +kill $(cat "$PIDFILE") 2>/dev/null |
| 99 | +rm -f /tmp/resolve-output |
| 100 | + |
| 101 | +# Return result |
| 102 | +if [ "$SUCCESS" = "true" ]; then |
| 103 | + echo "OK: Resolver is working" |
| 104 | + exit 0 |
| 105 | +else |
| 106 | + echo "FAIL: Unable to resolve queries" >&2 |
| 107 | + exit 1 |
| 108 | +fi |
0 commit comments