Add tools to checker

2025-02-17 01:26:35 +08:00 · 2025-02-17 01:26:35 +08:00 · a1ce5266a7
commit a1ce5266a7
parent 340edec2ca
3 changed files with 104 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,10 +1,10 @@
-## Resolvers list
+# Resolvers list

 A list of domain servers for DNSCrypt

 Usage:

-```
+```toml
  [sources.'extra-resolvers']
    urls = ['https://c.fridu.us/services/resolvers-list.git/plain/extra-resolvers.md', 'https://git.sr.ht/~heckyel/resolvers-list/blob/master/extra-resolvers.md']
    cache_file = '/var/cache/dnscrypt-proxy/extra-resolvers.md'
@ -27,6 +27,24 @@ minisign -S -l -m extra-resolvers.md
 grep -o 'sdns://[^ ]*' extra-resolvers.md > list-ag-sdns.txt
 ```

+## Tools
+
+### Checker
+
+To verify DNSSEC support for the resolvers, use the checker.bash script:
+
+```sh
+bash tools/checker.bash
+```
+
+### DoH
+
+To verify DoH servers, use the doh.bash script:
+
+```sh
+bash tools/doh.bash
+```
+
 ### License

 This work is licensed under the [GNU GPLv3+](LICENSE)
--- a/tools/checker.bash
+++ b/tools/checker.bash
@ -0,0 +1,60 @@
+#!/bin/bash
+
+grep -o 'sdns://[^ ]*' extra-resolvers.md > input_sdns.txt
+
+INPUT_FILE="input_sdns.txt"
+OUTPUT_FILE="valid_sdns.txt"
+
+> "$OUTPUT_FILE"
+
+CONFIG_FILE="dnscrypt-proxy.toml"
+LOG_FILE="dnscrypt-proxy.log"
+
+echo "🔹 Starting DNSSEC server verification..."
+
+wait_for_dnscrypt() {
+    for i in {1..10}; do
+        if dnscrypt-proxy -resolve example.com &> /dev/null; then
+            return 0
+        fi
+        sleep 1
+    done
+    return 1
+}
+
+while read -r stamp; do
+    echo "Verifying $stamp ..."
+
+    cat <<EOF > "$CONFIG_FILE"
+listen_addresses = ['127.0.0.1:5353']
+server_names = ['test-server']
+[static]
+[static.'test-server']
+stamp = '$stamp'
+EOF
+
+    dnscrypt-proxy -config "$CONFIG_FILE" &> "$LOG_FILE" &
+    DNSCRYPT_PID=$!
+    if ! wait_for_dnscrypt; then
+        echo "❌ dnscrypt-proxy execution failed for $stamp"
+        echo ""
+        kill $DNSCRYPT_PID 2>/dev/null
+        continue
+    fi
+
+    if dnscrypt-proxy -resolve sigok.ippacket.stream | grep -E "DNSSEC\s*:\s*yes"; then
+        echo "$stamp" >> "$OUTPUT_FILE"
+        echo "✅ DNSSEC supported"
+        echo ""
+    else
+        echo "❌ No DNSSEC"
+        echo ""
+    fi
+
+    kill $DNSCRYPT_PID 2>/dev/null
+    wait $DNSCRYPT_PID 2>/dev/null
+done < "$INPUT_FILE"
+
+echo "🔹 Process completed. The SDNS with DNSSEC are in '$OUTPUT_FILE'."
+echo "🔹 Cleaning temporary files..."
+rm -f "$LOG_FILE" "$CONFIG_FILE"
--- a/tools/doh.bash
+++ b/tools/doh.bash
@ -0,0 +1,24 @@
+#!/bin/bash
+
+servers=(
+    "resolver1.dns.watch/dns-query"
+)
+
+domain="sigok.ippacket.stream"
+
+test_doh() {
+    local server="$1"
+    host=$(echo "$server" | sed -E 's~https?://([^/]+)/.*~\1~')
+    response=$(dig +https @"$host" "$domain" A +short 2>/dev/null)
+
+    if [[ -n "$response" ]]; then
+        echo "✅ $server - Responde con: $response"
+    else
+        echo "❌ $server - No respondió correctamente"
+    fi
+}
+
+echo "Verificando servidores DoH..."
+for server in "${servers[@]}"; do
+    test_doh "$server"
+done