Commit bf16858a authored by ummeegge's avatar ummeegge

init: Added rudimentary DNSSEC check

parent 6129a201
......@@ -482,6 +482,16 @@ fix_time_if_dns_fail() {
fi
}
check_dnssec_validation() {
echo -e "\nWill check for DNSSEC validation, this can take some seconds... "
# Do a rudimentary DNSSEC check and inform user
if dig com. SOA +dnssec | grep -q ' ad' && dig +noall +comments dnssec-failed.org | grep -q 'SERVFAIL'; then
echo -e "\e[32mDNSSEC validation seems to work\e[0m"
else
echo -e "\e[31mThere is a problem with DNSSEC since it do NOT vaildating correctly!!! \e[0m"
fi
}
use_custom_forwarders() {
# Check if USE_FORWADDERS is '0'
if grep -q "USE_FORWARDERS=0" /etc/sysconfig/unbound >/dev/null 2>&1; then
......@@ -494,6 +504,7 @@ use_custom_forwarders() {
update_hosts
fix_time_if_dns_fail
unbound-control list_forwards
check_dnssec_validation
$0 status
exit 0
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment