check-blacklist.sh: Fix potential false positive

DiG might print error messages to stdout in case of errors, which
the script mistaken as legitimate responses. Now it checks the exit
code of DiG to avoid such situations.

This script is supposed to only return non-zero exit code when the
host is found to be on the blacklist, not for any other reasons,
so DNS failures are not reported as non-zero exit codes. Users of
this script should detect DNS errors by other means.

	modified:   host/check-blacklist.sh

diff --git a/host/check-blacklist.sh b/host/check-blacklist.sh
index 76c6e708543be9f32650d6b7f97c0529b1041e46..a00e0181593ab37faadabbb16e94adfb856b5403 100755 (executable)
--- a/host/check-blacklist.sh
+++ b/host/check-blacklist.sh
@@ -10,9 +10,10 @@ END
        exit 255
 fi
 
        exit 255
 fi
 

-ip=$(dig a "$1" +short)
-if [ -n "$ip" ]
+if ip=$(dig a "$1" +short) && [ -n "$ip" ]

 then
 then

-       bl=$(dig a "$(printf "%s." "$ip" | tac -s.)$2" +short)
-       [ -n "$bl" ] && { echo "$ip is blacklisted."; exit 1; } || echo "$ip is not blacklisted."
+       bl=$(dig a "$(printf "%s." "$ip" | tac -s.)$2" +short) \
+               && [ -n "$bl" ] && { echo "$ip is blacklisted ($bl)."; exit 1; } || echo "$ip is not blacklisted."
+else
+       echo "Could not resolve $1!"

 fi
 fi