#!/bin/sh
# 
# update-ignoreip version 0.1
# Written by J.P. Larocque, <piranha@thoughtcrime.us>, OpenPGP 0x0c14cdda
# This software is in the public domain.
# 
# This script is intended for djbdns users that have applied Russell
# Nelson's patch to circumvent wildcard A records in TLDs:
#
#     http://tinydns.org/djbdns-1.05-ignoreip2.patch
#
# This script will try the wildcard name for each TLD in the
# 'stupid_tlds' variable (eg, '*.com', '*.cx', etc.).  For those
# addresses that resolve, they get added to your dnscache
# 'root/ignoreip' file, and dnscache is restarted.
# 
# Run this script from your dnscache directory.  This script depends
# on a proper PATH.  Old 'root/ignoreips' entries are kept (and dups
# removed), so you can add this program to a cron job to keep ahead
# of new bogus redirection addresses added by Verisign and other TLD
# operators.
# 
# Adding this script to a cron job was its intended purpose, but
# please don't do so without understanding how it works and what could
# happen if it breaks.
# 
# The latest version of this program can be found at the URL:
#       http://ely.ath.cx/~piranha/software/ignoreip-update/
# This program has been signed with my public key.  Its fingerprint is:
#       810B A0AC A7F7 2899 46D2  F2F6 3E7D 5279 0C14 CDDA
# The detached signature can be found at the URL:
#       http://ely.ath.cx/~piranha/software/ignoreip-update/ignoreip-update-0.1.asc
# 
# Changelog:
#   version 0.1 (2003/Sep/17)
#       Initially written and released.

stupid_tlds='ac cc com cx museum net nu ph sh tm ws'
ignoreip='root/ignoreip'

set -e

me="`basename "$0"`"

if [ ! -d 'root' ]; then
	echo "$me: run me from the dnscache directory" >&2
	exit 1
fi

# I originally implemented this with random names, then realized all
# the current $stupid_tlds answer to "*.$stupid_tld" just like any
# other random name.  This code may be useful in the future, if an
# arms race of sorts develops.  (Sigh.)

if which md5sum > /dev/null 2>&1; then
	hash_prog=md5sum
elif which md5 > /dev/null 2>&1; then
	hash_prog=md5
else    
	echo "$me: can't find a suitable hash program" >&2
	exit 1
fi

[ "$1" = '-v' ] && verbose=1 || verbose=''

temp1="`mktemp "ignoreip-update-$$-1-XXXXXX"`"
temp2="`mktemp "ignoreip-update-$$-2-XXXXXX"`"
trap 'rm -f "$temp1" "$temp2"' EXIT

## Generate random name
#rand="`dd if=/dev/urandom bs=16 count=1 2> /dev/null | "$hash_prog"`"

# Do lookups on random addresses; break into one addres/line; remove
# empty lines
for stupid_tld in $stupid_tlds; do
	dnsip "$rand.$stupid_tld"
	#dnsip "*.$stupid_tld"
done | xargs -n 1 echo | grep '.' > "$temp1"

# Abort if there were no new bogus addresses
[ ! -s "$temp1" ] && exit

# Remove duplicates (from old list and, eg, .sh/.tm)
touch "$ignoreip"
sort "$ignoreip" "$temp1" | uniq > "$temp2"

if [ "$verbose" ]; then
	diff -u "$ignoreip" "$temp2" || true
fi

# Update list and restart dnscache
chmod 644 "$temp2"
mv "$temp2" "$ignoreip"
#svc -t .