-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdual_stack_dns_preference_check.sh
More file actions
executable file
·100 lines (81 loc) · 2.9 KB
/
dual_stack_dns_preference_check.sh
File metadata and controls
executable file
·100 lines (81 loc) · 2.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/usr/bin/env bash
set -euo pipefail
# dual_stack_dns_preference_check.sh
# Compares A/AAAA availability and resolver answer-order bias for dual-stack hostnames.
usage() {
cat <<'EOF'
Usage: ./dual_stack_dns_preference_check.sh [options]
Options:
--host NAME Hostname to check (repeatable)
--resolver IP Resolver to query with dig (optional)
--timeout SEC dig timeout (default: 2)
--tries N dig tries (default: 1)
--strict Exit non-zero if host lacks one family or shows mismatch
-h, --help Show help
Exit codes:
0 = balanced dual-stack posture (or warnings in non-strict mode)
2 = strict mode and warnings detected
EOF
}
HOSTS=("cloudflare.com" "google.com")
RESOLVER=""
TIMEOUT=2
TRIES=1
STRICT=false
while [[ $# -gt 0 ]]; do
case "$1" in
--host) HOSTS+=("$2"); shift 2 ;;
--resolver) RESOLVER="$2"; shift 2 ;;
--timeout) TIMEOUT="$2"; shift 2 ;;
--tries) TRIES="$2"; shift 2 ;;
--strict) STRICT=true; shift ;;
-h|--help) usage; exit 0 ;;
*) echo "Unknown option: $1"; usage; exit 1 ;;
esac
done
if [[ "${#HOSTS[@]}" -gt 2 ]]; then
HOSTS=("${HOSTS[@]:2}")
fi
if ! command -v dig >/dev/null 2>&1; then
echo "dig command not found"
exit 1
fi
warn_count=0
echo "Dual-stack DNS preference check timestamp: $(date -Iseconds)"
echo "hosts=${HOSTS[*]} resolver=${RESOLVER:-system-default} timeout=${TIMEOUT}s tries=$TRIES strict_mode=$STRICT"
echo
for host in "${HOSTS[@]}"; do
echo "=== host=$host ==="
if [[ -n "$RESOLVER" ]]; then
a=$(dig @"$RESOLVER" "$host" A +short +time="$TIMEOUT" +tries="$TRIES" 2>/dev/null | sed '/^$/d' | sort -u || true)
aaaa=$(dig @"$RESOLVER" "$host" AAAA +short +time="$TIMEOUT" +tries="$TRIES" 2>/dev/null | sed '/^$/d' | sort -u || true)
else
a=$(dig "$host" A +short +time="$TIMEOUT" +tries="$TRIES" 2>/dev/null | sed '/^$/d' | sort -u || true)
aaaa=$(dig "$host" AAAA +short +time="$TIMEOUT" +tries="$TRIES" 2>/dev/null | sed '/^$/d' | sort -u || true)
fi
acount=$(printf '%s\n' "$a" | sed '/^$/d' | wc -l)
aaaacount=$(printf '%s\n' "$aaaa" | sed '/^$/d' | wc -l)
answer_order="unknown"
if command -v getent >/dev/null 2>&1; then
first_ip=$(getent ahosts "$host" 2>/dev/null | awk 'NR==1 {print $1}')
if [[ "$first_ip" == *:* ]]; then
answer_order="ipv6-first"
elif [[ -n "$first_ip" ]]; then
answer_order="ipv4-first"
fi
fi
status="OK"
if [[ "$acount" -eq 0 || "$aaaacount" -eq 0 ]]; then
status="WARN"
((warn_count+=1))
fi
echo "A_count=$acount AAAA_count=$aaaacount resolver_order=$answer_order status=$status"
[[ "$acount" -gt 0 ]] && echo "A: $(printf '%s' "$a" | paste -sd ';' -)"
[[ "$aaaacount" -gt 0 ]] && echo "AAAA: $(printf '%s' "$aaaa" | paste -sd ';' -)"
echo
done
echo "Summary: warn_count=$warn_count strict_mode=$STRICT"
if [[ "$STRICT" == true && "$warn_count" -gt 0 ]]; then
exit 2
fi
exit 0