DaTekShaman/clash-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01c3079aa61112d13b5219de6bc8a910cc06d81a
clash-rules/scripts/dnssec-tesst.sh

86 lines
3.1 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Целевой DNS-сервер для тестирования
RESOLVER="127.0.0.1"
# Тестовая выборка доменов (20 штук + 2 эталонных)
DOMAINS=(
# --- Эталонные домены для проверки DNSSEC ---
"sigok.verteiltesysteme.net" # Должен быть NOERROR
"sigfail.verteiltesysteme.net" # Должен быть SERVFAIL (Broken DNSSEC)
"dnssec-failed.org" # Должен быть SERVFAIL (Broken DNSSEC)
# --- Телеметрия и трекеры (часто блочат дешевые хостеры) ---
"fe3cr.delivery.mp.microsoft.com"
"telemetry.microsoft.com"
"tracking.miui.com"
"app-measurement.com"
"google-analytics.com"
"doubleclick.net"
# --- Торренты и пиратство (копирайт фильтры) ---
"rutracker.org"
"thepiratebay.org"
"1337x.to"
"yts.mx"
# --- Контент для взрослых (Child-protection фильтры) ---
"hui.com"
"pornhub.com"
"xvideos.com"
# --- Политика и соцсети (Государственные DPI / РКН) ---
"twitter.com"
"facebook.com"
"instagram.com"
"bbc.com"
"meduza.io"
)
echo -e "Starting DPI & DNSSEC interception test on resolver $RESOLVER..."
echo -e "Date: $(date -u +'%Y-%m-%d %H:%M:%S UTC')"
echo "--------------------------------------------------------------------------------"
printf "%-35s | %-20s | %-20s\n" "DOMAIN" "STATUS" "RESOLVED IP (FIRST)"
echo "--------------------------------------------------------------------------------"
for domain in "${DOMAINS[@]}"; do
# Запрашиваем A-запись с таймаутом в 2 секунды
output=$(dig @"$RESOLVER" "$domain" A +time=2 +tries=1)
# Парсим статус ответа (NOERROR, SERVFAIL, NXDOMAIN и т.д.)
status=$(echo "$output" | grep -oP 'status: \K[A-Z]+')
# Вытаскиваем первый попавшийся IP-адрес из секции ANSWER
ip=$(echo "$output" | grep -v '^;' | grep -w 'A' | awk '{print $5}' | head -n 1)
if [ -z "$status" ]; then
status="TIMEOUT"
fi
if [ -z "$ip" ]; then
ip="NONE"
fi
# Цветовая индикация и логика
if [ "$status" == "NOERROR" ]; then
if [[ "$ip" == "0.0.0.0" || "$ip" == "127.0.0.1" ]]; then
color_status="\e[31m$status (FAKE IP)\e[0m"
else
color_status="\e[32m$status\e[0m"
fi
elif [ "$status" == "SERVFAIL" ]; then
# SERVFAIL ожидаем только для этих двух доменов
if [[ "$domain" == "sigfail.verteiltesysteme.net" || "$domain" == "dnssec-failed.org" ]]; then
color_status="\e[32m$status (EXPECTED)\e[0m"
else
color_status="\e[31m$status (INTERCEPTED)\e[0m"
fi
else
color_status="\e[33m$status\e[0m"
fi
printf "%-35s | %-30b | %-20s\n" "$domain" "$color_status" "$ip"
done
echo "--------------------------------------------------------------------------------"
echo "Test completed."
Reference in New Issue View Git Blame Copy Permalink