From f8a87315cf171cda889388187cbd5b18f2573204 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 1 Sep 2021 18:28:12 +0200
Subject: [PATCH 1/2] Fix cases where dig -r wasn't working

* the ignore ~/.digrc option from dig is now parsed from the builtin help
* there was a potential DNS call which is now avoided
* for +noidnout check however there's a call to invalid. added
* the OPENSSL_CONF="" in check_resolver_bins() was moved a few lines
  higher to avoid other errors in the terminal

Tested on (EOL) Ubuntu 14.04 which only has dig in an older version

See also #1950
---
 testssl.sh | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index d814a7e..d2a7c05 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -20106,6 +20106,7 @@ get_local_a() {
 check_resolver_bins() {
      local saved_openssl_conf="$OPENSSL_CONF"
 
+     OPENSSL_CONF=""                         # see https://github.com/drwetter/testssl.sh/issues/134
      type -p dig   &> /dev/null &&  HAS_DIG=true
      type -p host  &> /dev/null &&  HAS_HOST=true
      type -p drill &> /dev/null &&  HAS_DRILL=true
@@ -20115,17 +20116,15 @@ check_resolver_bins() {
      type -p idn2 &>/dev/null && HAS_IDN2=true
 
      # Old dig versions don't have an option to ignore $HOME/.digrc
-     if dig -r 2>&1 | grep -qiE 'invalid|usage'; then
+     if ! dig -h | grep -E '\-r.*~/.digrc'; then
           HAS_DIG_R=false
           DIG_R=""
      fi
-
-     OPENSSL_CONF=""                         # see https://github.com/drwetter/testssl.sh/issues/134
      if ! "$HAS_DIG" && ! "$HAS_HOST" && ! "$HAS_DRILL" && ! "$HAS_NSLOOKUP"; then
           fatal "Neither \"dig\", \"host\", \"drill\" or \"nslookup\" is present" $ERR_DNSBIN
      fi
      if "$HAS_DIG"; then
-          if dig $DIG_R +noidnout -t a 2>&1 | grep -Eq 'Invalid option: \+noidnout|IDN support not enabled'; then
+          if dig $DIG_R +noidnout -t a invalid. 2>&1 | grep -Eq 'Invalid option: \+noidnout|IDN support not enabled'; then
                :
           else
                HAS_DIG_NOIDNOUT=true

From bc742e0ea4ef8c7d40ac3d766f4e19c37e1bac18 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Wed, 1 Sep 2021 18:44:28 +0200
Subject: [PATCH 2/2] Amend previous commit

* add -q in grep statement to make sure the console stays clean
* redo check for noidnout by also using the help function of dig
---
 testssl.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index d2a7c05..acc7f78 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -20116,7 +20116,7 @@ check_resolver_bins() {
      type -p idn2 &>/dev/null && HAS_IDN2=true
 
      # Old dig versions don't have an option to ignore $HOME/.digrc
-     if ! dig -h | grep -E '\-r.*~/.digrc'; then
+     if ! dig -h | grep -qE '\-r.*~/.digrc'; then
           HAS_DIG_R=false
           DIG_R=""
      fi
@@ -20124,9 +20124,7 @@ check_resolver_bins() {
           fatal "Neither \"dig\", \"host\", \"drill\" or \"nslookup\" is present" $ERR_DNSBIN
      fi
      if "$HAS_DIG"; then
-          if dig $DIG_R +noidnout -t a invalid. 2>&1 | grep -Eq 'Invalid option: \+noidnout|IDN support not enabled'; then
-               :
-          else
+          if dig -h | grep -Eq idnout; then
                HAS_DIG_NOIDNOUT=true
           fi
      fi