Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-05 16:29:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix ~/.digrc

Browse Source 
A private ~/.digrc overrides the commandline options from dig. So
we need to make sure that the output is still what is expected.

This commit addresses it by adding additional parameters, mostly
to existing awk commands so that only the fields we want are returned.

see #1220
This commit is contained in:
Dirk Wetter 2019-03-29 17:16:07 +01:00
parent afc4f5e4e6
commit 50de0ccdc2
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@ -17070,7 +17070,7 @@ get_a_record() {
fi
if [[ -z "$ip4" ]]; then
if type -p dig &> /dev/null ; then
ip4=$(filter_ip4_address $(dig +timeout=2 +tries=2 +short -t a "$1" 2>/dev/null | awk '/^[0-9]/'))
ip4=$(filter_ip4_address $(dig +timeout=2 +tries=2 +short -t a "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
fi
fi
if [[ -z "$ip4" ]]; then
@ -17117,7 +17117,7 @@ get_aaaa_record() {
fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." $ERR_DNSBIN
fi
elif type -p dig &> /dev/null; then
ip6=$(filter_ip6_address $(dig +short +timeout=2 +tries=2 -t aaaa "$1" 2>/dev/null | awk '/^[0-9]/'))
ip6=$(filter_ip6_address $(dig +short +timeout=2 +tries=2 -t aaaa "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
elif type -p host &> /dev/null ; then
ip6=$(filter_ip6_address $(host -t aaaa "$1" | awk '/address/ { print $NF }'))
elif type -p drill &> /dev/null; then
@ -17150,7 +17150,7 @@ get_caa_rr_record() {
OPENSSL_CONF=""
check_resolver_bins
if type -p dig &> /dev/null; then
raw_caa="$(dig +timeout=3 +tries=3 $1 type257 +short)"
raw_caa="$(dig +timeout=3 +tries=3 $1 type257 +short | awk '{ print $1" "$2" "$3 }')"
# empty if no CAA record
elif type -p drill &> /dev/null; then
raw_caa="$(drill $1 type257 | awk '/'"^${1}"'.*CAA/ { print $5,$6,$7 }')"
@ -17220,7 +17220,7 @@ get_mx_record() {
if type -p host &> /dev/null; then
mxs="$(host -t MX "$1" 2>/dev/null | awk '/is handled by/ { print $(NF-1), $NF }')"
elif type -p dig &> /dev/null; then
mxs="$(dig +short -t MX "$1" 2>/dev/null | awk '/^[0-9]/')"
mxs="$(dig +short -t MX "$1" 2>/dev/null | awk '/^[0-9]/ { print $1" "$2 }')"
elif type -p drill &> /dev/null; then
mxs="$(drill mx $1 | awk '/IN[ \t]MX[ \t]+/ { print $(NF-1), $NF }')"
elif type -p nslookup &> /dev/null; then
@ -17319,11 +17319,11 @@ determine_rdns() {
if type -p avahi-resolve &>/dev/null; then
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
elif type -p dig &>/dev/null; then
rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer | awk '/PTR/ { print $NF }')
rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer +short | awk '{ print $1 }')
fi
elif type -p dig &> /dev/null; then
# 1+2 should suffice. It's a compromise for if e.g. network is down but we have a docker/localhost server
rDNS=$(dig -x $nodeip +timeout=1 +tries=2 +noall +answer | awk '/PTR/ { print $NF }') # +short returns also CNAME, e.g. openssl.org
rDNS=$(dig -x $nodeip +timeout=1 +tries=2 +noall +answer +short | awk '{ print $1 }') # +short returns also CNAME, e.g. openssl.org
elif type -p host &> /dev/null; then
rDNS=$(host -t PTR $nodeip 2>/dev/null | awk '/pointer/ { print $NF }')
elif type -p drill &> /dev/null; then