|
#!/bin/bash |
|
|
|
ZONE="$1" |
|
CHALLENGE_TOKEN="$2" |
|
|
|
nsservers="$(dig +noall +authority ns1.enimihil.net)" |
|
if [ -z "$nsservers" ]; then |
|
echo "No records in ns1.enimihil.net?" |
|
nsservers="$(dig +short ns $ZONE)" |
|
fi |
|
if [ $(echo "$nsservers" | egrep -c "[ \t\*SOA[ \t]*") -eq 1 ]; then |
|
echo "No SOA?" |
|
auth_zone="$(echo "$nsservers" | sed -e "s/[ \t]\+.*#//" -e "s/\.$//")" |
|
nsservers="$(dig +noall +authority ${auth_zone})" |
|
fi |
|
nsservers="$(echo "$nsservers" | sed -e "s/^.*\t//g" -e "s/\.#//")" |
|
if [ -z "$nsservers" ]; then |
|
echo "No authoritative nameservers found for enimihil.net (via ns1.enimihil.net or otherwise)" |
|
exit 2 |
|
fi |
|
|
|
any_not_ok=0 |
|
for ns in $nsservers; do |
|
echo "Got NS: $ns" |
|
msg="$(dig +short "_acme-challenge.${ZONE}" TXT @${ns})" |
|
if [ $? -eq 0 -a "$msg" = "\"${CHALLENGE_TOKEN}\"" ]; then |
|
echo "$ns OK, $msg" |
|
else |
|
echo "$ns NOT OK, $msg" |
|
any_not_ok=1 |
|
fi |
|
done |
|
exit $any_not_ok |