#!/bin/sh

# dnstwist should at least find the genuine domains run by the Debian project:
# - debian.org
# - debian.eu
# - debian.net
# - debian.com
#
# All those domains should have identical settings for the following records:
# - dns-a
# - dns-aaaa
# - dns-mx
# - dns-ns
#
# Return values have the following meaning:
# 0: success
# 1: error during dnstwist execution
# 2: error during json syntax validation
# 3: unexpected number of genuine Debian domain
# 4: different DNS records for genuine Debian domains

# Run dnstwist for debian.org domain
ALL_DOMAINS=`dnstwist --format json --ssdeep --registered --mxcheck --geoip --tld /usr/share/dnstwist/dictionaries/abused_tlds.dict debian.org`
if [ $? -ne 0 ]; then
	echo "dnstwist execution failed" > /dev/stderr
	exit 1
fi

# Validate json syntax
# Redirect stderr to /dev/null since jsonlint also prints success message to stderr
echo $ALL_DOMAINS | jsonlint 2> /dev/null
if [ $? -ne 0 ]; then
	echo "Error during json syntax validation of the following output:" > /dev/stderr
	echo $ALL_DOMAINS > /dev/stderr
	exit 2
fi

# Get information for genuine domains
GENUINE_DOMAINS=`echo $ALL_DOMAINS | jq '.[] | select(."domain-name" == "debian.org" or ."domain-name" == "debian.eu" or ."domain-name" == "debian.net" or ."domain-name" == "debian.com")'`

# Finally some counting
NUM_GENUINE_DOMAINS=`echo $GENUINE_DOMAINS | jq '."domain-name"' | wc -l`

NUM_GENUINE_DNS_A=`echo $GENUINE_DOMAINS | jq '."dns-a" | .[0]' | wc -l`
NUM_GENUINE_DNS_AAAA=`echo $GENUINE_DOMAINS | jq '."dns-aaaa" | .[0]' | wc -l`
NUM_GENUINE_DNS_MX=`echo $GENUINE_DOMAINS | jq '."dns-mx" | .[0]' | wc -l`
NUM_GENUINE_DNS_NS=`echo $GENUINE_DOMAINS | jq '."dns-ns" | .[0]' | wc -l`

NUM_DIFFERENT_GENUINE_DNS_A=`echo $GENUINE_DOMAINS | jq '."dns-a" | .[0]' | uniq | wc -l`
NUM_DIFFERENT_GENUINE_DNS_AAAA=`echo $GENUINE_DOMAINS | jq '."dns-aaaa" | .[0]' | uniq | wc -l`
NUM_DIFFERENT_GENUINE_DNS_MX=`echo $GENUINE_DOMAINS | jq '."dns-mx" | .[0]' | uniq | wc -l`
NUM_DIFFERENT_GENUINE_DNS_NS=`echo $GENUINE_DOMAINS | jq '."dns-ns" | .[0]' | uniq | wc -l`

echo "Information for all domains:"
echo $ALL_DOMAINS
echo
echo "================================================================================"
echo
echo "Information for genuine domains:"
echo $GENUINE_DOMAINS
echo
echo "================================================================================"
echo
echo "Number of genuine Debian domains: $NUM_GENUINE_DOMAINS"
echo
echo "Number of dns-a records for genuine domains: $NUM_GENUINE_DNS_A"
echo "Number of dns-aaaa records for genuine domains: $NUM_GENUINE_DNS_AAAA"
echo "Number of dns-mx records for genuine domains: $NUM_GENUINE_DNS_MX"
echo "Number of dns-ns records for genuine domains: $NUM_GENUINE_DNS_NS"
echo
echo "Number of different dns-a records for genuine domains: $NUM_DIFFERENT_GENUINE_DNS_A"
echo "Number of different dns-aaaa records for genuine domains: $NUM_DIFFERENT_GENUINE_DNS_AAAA"
echo "Number of different dns-mx records for genuine domains: $NUM_DIFFERENT_GENUINE_DNS_MX"
echo "Number of different dns-ns records for genuine domains: $NUM_DIFFERENT_GENUINE_DNS_NS"

if [ $NUM_GENUINE_DOMAINS -ne 4 -o \
	$NUM_GENUINE_DNS_A -ne 4 -o $NUM_GENUINE_DNS_AAAA -ne 4 -o \
	$NUM_GENUINE_DNS_MX -ne 4 -o $NUM_GENUINE_DNS_NS -ne 4 ]; then
	echo "Unexpected number of genuine Debian domains or their DNS records" > /dev/stderr
	exit 3
fi

if [ $NUM_DIFFERENT_GENUINE_DNS_A -ne 1 -o \
	$NUM_DIFFERENT_GENUINE_DNS_AAAA -ne 1 -o \
	$NUM_DIFFERENT_GENUINE_DNS_MX -ne 1 -o \
	$NUM_DIFFERENT_GENUINE_DNS_NS -ne 1 ]; then
	echo "Different DNS records for genuine Debian domains" > /dev/stderr
	exit 4
fi

exit 0
