3 # update-ignoreip version 0.1
4 # Written by J.P. Larocque, <piranha@thoughtcrime.us>, OpenPGP 0x0c14cdda
5 # This software is in the public domain.
7 # This script is intended for djbdns users that have applied Russell
8 # Nelson's patch to circumvent wildcard A records in TLDs:
10 # http://tinydns.org/djbdns-1.05-ignoreip2.patch
12 # This script will try the wildcard name for each TLD in the
13 # 'stupid_tlds' variable (eg, '*.com', '*.cx', etc.). For those
14 # addresses that resolve, they get added to your dnscache
15 # 'root/ignoreip' file, and dnscache is restarted.
17 # Run this script from your dnscache directory. This script depends
18 # on a proper PATH. Old 'root/ignoreips' entries are kept (and dups
19 # removed), so you can add this program to a cron job to keep ahead
20 # of new bogus redirection addresses added by Verisign and other TLD
23 # Adding this script to a cron job was its intended purpose, but
24 # please don't do so without understanding how it works and what could
25 # happen if it breaks.
27 # The latest version of this program can be found at the URL:
28 # http://ely.ath.cx/~piranha/software/ignoreip-update/
29 # This program has been signed with my public key. Its fingerprint is:
30 # 810B A0AC A7F7 2899 46D2 F2F6 3E7D 5279 0C14 CDDA
31 # The detached signature can be found at the URL:
32 # http://ely.ath.cx/~piranha/software/ignoreip-update/ignoreip-update-0.1.asc
35 # version 0.1 (2003/Sep/17)
36 # Initially written and released.
38 stupid_tlds='ac cc com cx museum net nu ph sh tm ws'
39 ignoreip='root/ignoreip'
45 if [ ! -d 'root' ]; then
46 echo "$me: run me from the dnscache directory" >&2
50 # I originally implemented this with random names, then realized all
51 # the current $stupid_tlds answer to "*.$stupid_tld" just like any
52 # other random name. This code may be useful in the future, if an
53 # arms race of sorts develops. (Sigh.)
55 if which md5sum > /dev/null 2>&1; then
57 elif which md5 > /dev/null 2>&1; then
60 echo "$me: can't find a suitable hash program" >&2
64 [ "$1" = '-v' ] && verbose=1 || verbose=''
66 temp1="`mktemp "ignoreip-update-$$-1-XXXXXX"`"
67 temp2="`mktemp "ignoreip-update-$$-2-XXXXXX"`"
68 trap 'rm -f "$temp1" "$temp2"' EXIT
70 ## Generate random name
71 #rand="`dd if=/dev/urandom bs=16 count=1 2> /dev/null | "$hash_prog"`"
73 # Do lookups on random addresses; break into one addres/line; remove
75 for stupid_tld in $stupid_tlds; do
76 dnsip "$rand.$stupid_tld"
77 #dnsip "*.$stupid_tld"
78 done | xargs -n 1 echo | grep '.' > "$temp1"
80 # Abort if there were no new bogus addresses
81 [ ! -s "$temp1" ] && exit
83 # Remove duplicates (from old list and, eg, .sh/.tm)
85 sort "$ignoreip" "$temp1" | uniq > "$temp2"
87 if [ "$verbose" ]; then
88 diff -u "$ignoreip" "$temp2" || true
91 # Update list and restart dnscache
93 mv "$temp2" "$ignoreip"