#!/bin/bash

#
# nothink.org
#
# Search DNS server that respond at 'any +dnssec +ignore' requests.
# Useful to choose a good server and domain to use during a DNS Amplification Attacks.
#
# (+ignore: ignore truncation in UDP responses instead of retrying with TCP.)
#
# Notes: isc.org, contours.biz
#

DIG='/usr/bin/dig'
DIG_PAM='any +dnssec +ignore +time=10'

# trap ctrl-c and call ctrl_c()
trap ctrl_c INT

function ctrl_c(){
	echo -e "\nExit!"
	exit 1
}

if [ $# -lt 2 ]; then
	echo "Usage: $0 <target list> <domain>"
	exit 1
fi

if [ ! -f $1 ]; then
	echo "Error: '$1' file does not exist!"
	exit 1
fi

target_list=$1
domain=$2

while read host 
do
	if [ ! -z "$host" ]; then  #check if the line is not blank
		RES=`$DIG $DIG_PAM $domain @$host`
		if [[ "$RES" == *"status: NOERROR"* ]]; then
			if [[ "$RES" != "flags: qr tc rd ra;" ]]; then
				# this sux!
				msg_size=`echo $RES | egrep -o 'MSG SIZE rcvd: [[:digit:]]{1,}' | egrep -o '[[:digit:]]{1,}'`
				printf "%-18s [$msg_size]\n" "$host"
			fi
		fi
	fi
done < $target_list

exit