+fun dnsExists dnsRR dnsRecord =
+ let
+ val dnsRR_string = case dnsRR of
+ FwIPv6 => "AAAA"
+ | FwIPv4 => "A"
+ in
+ (* timeout chosen arbitrarilty, shorter is better if it's reliable *)
+ (* dig outputs true even if the lookup fails, but no output in short mode should work *)
+ case Slave.runOutput (Config.Firewall.dig, ["+short", "+timeout=3", "-t", dnsRR_string, dnsRecord]) of
+ (_, SOME s) => (case Domain.validDomain (substring (s, 0, size s - 2)) of (* delete trailing . from cname *)
+ true => dnsExists dnsRR s (* dig will return CNAME, must recurse *)
+ | false => true) (* maybe also double check ip? use size s - 1 if so! *)
+
+ | (_, NONE) => false
+ end
+
+fun filterHosts (hosts, ipv6) =
+ List.filter (fn host => if (Domain.validIpv6 host orelse Domain.validIp host)
+ then
+ true
+ else
+ dnsExists ipv6 host)
+ hosts
+
+