#!/bin/sh

set -e

setup() (
	service named stop
	service named start
)

teardown() (
	service named stop
)
trap teardown EXIT

run() (
	max_attempts=10
	repeats=${max_attempts}
	while [ "${repeats}" -gt "0" ]; do
		# Make a query against an external nameserver and check for DNSSEC validation
		echo "Checking for DNSSEC validation status of internetsociety.org"
		out=$(dig -t a internetsociety.org @127.0.0.1 | grep -E 'flags:.+ad; QUERY' || true)
		if [ "$out" ]; then
			break
		fi
		# As a fallback in case of failure in internetsociety.org, check against ripe.net
		echo "Checking for DNSSEC validation status of ripe.net"
		out=$(dig -t a ripe.net @127.0.0.1 | grep -E 'flags:.+ad; QUERY' || true)
		if [ "$out" ]; then
			break
		fi
		repeats=$((repeats - 1))
		sleep 1
	done
	if ! [ "$out" ]; then
		echo "DNSSEC validation check failed after ${max_attempts} attempts"
		exit 1
	fi
)

setup
run