1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/bin/bash
#
# Upon starting a new network interface, ask for a known invalid hostname.
# A good DNS server will reply with "NXDOMAIN". If we get a response, we
# know the DNS server is a liar, and we set our internal DNS intermediate to
# interpret the lie as NXDOMAIN in the future.
#
set -e -u
test -x /usr/bin/host || exit 0
case "$ADDRFAM" in
inet|inet6) : ;;
*) exit 0 ;;
esac
change_test=$(run-parts --list /etc/NetworkManager/dnsmasq.d |md5sum)
host=does-not-exist-${RANDOM}.example.com. # trailing dot necessary for FQDN!
t=$(tempfile)
test -f "$t"
trap "rm -f \"$t\"" EXIT
# ipv6.test-ipv6.com has IPv6 address 2001:470:1:18::119
# test-ipv6.com has address 216.218.228.119
if host -t ANY "${host}" >"$t"; then
cat "$t" |while read host has xaddress address v6address; do
if test "$has" != "has"; then continue; fi
if test "$xaddress" == "address"; then
if test "$address" == "${address/[^0-9.]/x}"; then
echo "bogus-nxdomain=${address/[^0-9.]/x}" >/etc/NetworkManager/dnsmasq.d/dns-veracity_discovered-"${address/[^0-9.]/x}"
continue
fi
fi
if test "$xaddress" == "IPv6"; then
if test "$address" == "address"; then
if test "$v6address" == "${v6address/[^0-9a-f:]/x}"; then
echo "bogus-nxdomain=${v6address/[^0-9a-f:]/x}" >/etc/NetworkManager/dnsmasq.d/dns-veracity_discovered-"${v6address/[^0-9a-f:]/x}"
continue
fi
fi
fi
test ! -x /usr/bin/logger || echo "lookup of ${host} yields unexpected answer: $host $has $xaddress $address $v6address" |logger --priority daemon.warning
done
fi
if test "${change_test}" != "$(run-parts --list /etc/NetworkManager/dnsmasq.d |md5sum)"; then
test ! -x /usr/sbin/service || echo "service network-manager restart" |at "now + 1 minute"
fi
|