freuds · January 11, 2020 14:48
diff --git a/checksigned.sh b/checksigned.sh
 #!/usr/bin/env bash 

 checksigned() {
  ZONE=`basename "$1" .`.
  if [ "$ZONE" = .. ]
  then
    ZONE=.
  fi
  NAME=`basename "$ZONE" .`
  NO_NS=true
  NO_SEC=false
  OPTS="+cd +noall +answer +nocl +nottl"

  dig $OPTS NS "$ZONE" @publicdns.goog | {
    # Check each delegated name server
    while read DOMAIN TYPE NS
    do
      if [ "$DOMAIN $TYPE" != "$ZONE NS" ]
      then
        continue
      fi
      NO_NS=false
      if dig +cd +dnssec +norecurse DNSKEY "$ZONE" "@$NS" |
          egrep 'RRSIG[[:space:]]+DNSKEY' > /dev/null
      then
        echo "$NS has DNSSEC data for $NAME"
      else
        echo "$NS does not have DNSSEC data for $NAME"
        NO_SEC=true
      fi
    done

  if "$NO_NS"
  then
    echo "$NAME is not a delegated DNS zone"
  else
    if "$NO_SEC"
    then
      return
    fi
    MINTTL=`dig +cd SOA "$ZONE" @publicdns.goog |
      awk '/^[^;]/ && $4=="SOA" { print $11 }'`
    echo "Negative cache for $NAME expires after $MINTTL seconds."
  fi
  }
 }
	#!/usr/bin/env bash

	checksigned() {
	ZONE=`basename "$1" .`.
	if [ "$ZONE" = .. ]
	then
	ZONE=.
	fi
	NAME=`basename "$ZONE" .`
	NO_NS=true
	NO_SEC=false
	OPTS="+cd +noall +answer +nocl +nottl"

	dig $OPTS NS "$ZONE" @publicdns.goog \| {
	# Check each delegated name server
	while read DOMAIN TYPE NS
	do
	if [ "$DOMAIN $TYPE" != "$ZONE NS" ]
	then
	continue
	fi
	NO_NS=false
	if dig +cd +dnssec +norecurse DNSKEY "$ZONE" "@$NS" \|
	egrep 'RRSIG[[:space:]]+DNSKEY' > /dev/null
	then
	echo "$NS has DNSSEC data for $NAME"
	else
	echo "$NS does not have DNSSEC data for $NAME"
	NO_SEC=true
	fi
	done

	if "$NO_NS"
	then
	echo "$NAME is not a delegated DNS zone"
	else
	if "$NO_SEC"
	then
	return
	fi
	MINTTL=`dig +cd SOA "$ZONE" @publicdns.goog \|
	awk '/^[^;]/ && $4=="SOA" { print $11 }'`
	echo "Negative cache for $NAME expires after $MINTTL seconds."
	fi
	}
	}