Initial commit

checker/types.go

@@ -0,0 +1,148 @@
+package checker
+
+import (
+	"encoding/json"
+
+	"github.com/miekg/dns"
+)
+
+// ObservationKeyAlias is the observation key for alias data.
+const ObservationKeyAlias = "alias"
+
+// AliasKind identifies the flavour of indirection involved in a hop.
+type AliasKind string
+
+const (
+	KindCNAME  AliasKind = "CNAME"
+	KindDNAME  AliasKind = "DNAME"
+	KindALIAS  AliasKind = "ALIAS" // provider-flattened apex alias (pseudo-record)
+	KindTarget AliasKind = "TARGET"
+)
+
+// ChainHop represents one step of the resolution chain.
+type ChainHop struct {
+	Owner  string    `json:"owner"`
+	Kind   AliasKind `json:"kind"`
+	Target string    `json:"target,omitempty"`
+	TTL    uint32    `json:"ttl,omitempty"`
+	// Server is the authoritative server that answered for this hop.
+	Server string `json:"server,omitempty"`
+	// Synthesized is true when this hop is a CNAME synthesized from a DNAME.
+	Synthesized bool `json:"synthesized,omitempty"`
+}
+
+// CoexistingRRset records an RRset that sits next to a CNAME at the same owner.
+type CoexistingRRset struct {
+	Type string `json:"type"`
+	TTL  uint32 `json:"ttl,omitempty"`
+}
+
+// TerminationReason classifies why a chain walk stopped.
+type TerminationReason string
+
+const (
+	TermOK       TerminationReason = "ok"
+	TermLoop     TerminationReason = "loop"
+	TermTooLong  TerminationReason = "too_long"
+	TermQueryErr TerminationReason = "query_error"
+	TermRcode    TerminationReason = "rcode"
+)
+
+// ChainTermination records why the chain walk stopped. It is always populated
+// once the walk returns; rules key off Reason to decide whether they fire.
+type ChainTermination struct {
+	Reason  TerminationReason `json:"reason"`
+	Subject string            `json:"subject,omitempty"`
+	Detail  string            `json:"detail,omitempty"`
+	// Rcode is populated only when Reason == TermRcode.
+	Rcode string `json:"rcode,omitempty"`
+}
+
+// AliasData is the observation payload persisted by the checker. It carries
+// raw facts only: rules are the sole judges.
+type AliasData struct {
+	// Owner is the name we started resolving from (FQDN).
+	Owner string `json:"owner"`
+
+	// Apex is the zone apex of Owner (where SOA lives). Empty iff the
+	// apex lookup failed; ApexLookupError explains why.
+	Apex string `json:"apex,omitempty"`
+
+	// ApexLookupError, when non-empty, captures why findApex failed.
+	ApexLookupError string `json:"apex_lookup_error,omitempty"`
+
+	// AuthServers are the authoritative servers of the apex zone.
+	AuthServers []string `json:"auth_servers,omitempty"`
+
+	// Chain is the ordered list of hops from Owner down to the final
+	// resolvable (or unresolvable) target.
+	Chain []ChainHop `json:"chain,omitempty"`
+
+	// ChainTerminated records why the walk stopped.
+	ChainTerminated ChainTermination `json:"chain_terminated"`
+
+	// FinalTarget is the last name in the chain (possibly Owner itself when
+	// there is no indirection).
+	FinalTarget string `json:"final_target,omitempty"`
+
+	// FinalA / FinalAAAA hold the addresses that the chain ultimately resolves
+	// to. Empty when the target does not produce any address.
+	FinalA    []string `json:"final_a,omitempty"`
+	FinalAAAA []string `json:"final_aaaa,omitempty"`
+
+	// FinalRcode is the textual rcode of the final A/AAAA lookups (e.g.
+	// "NOERROR", "NXDOMAIN", "SERVFAIL"); empty when not applicable.
+	FinalRcode string `json:"final_rcode,omitempty"`
+
+	// Coexisting lists RRsets that share the owner with a CNAME. Populated
+	// only when a CNAME is present at Owner.
+	Coexisting []CoexistingRRset `json:"coexisting,omitempty"`
+
+	// OwnerIsApex is true when the queried name is the zone apex.
+	OwnerIsApex bool `json:"owner_is_apex,omitempty"`
+
+	// OwnerHasCNAME is true when a CNAME record exists at Owner.
+	OwnerHasCNAME bool `json:"owner_has_cname,omitempty"`
+
+	// ApexHasA / ApexHasAAAA record the presence of A/AAAA at the apex
+	// (populated only when OwnerIsApex).
+	ApexHasA    bool `json:"apex_has_a,omitempty"`
+	ApexHasAAAA bool `json:"apex_has_aaaa,omitempty"`
+
+	// ApexHasCNAME is true when a CNAME literally sits at the apex.
+	ApexHasCNAME bool `json:"apex_has_cname,omitempty"`
+
+	// ApexFlattening is true when the apex returns A/AAAA alongside SOA/NS
+	// without a CNAME (classic ALIAS/ANAME provider-side flattening).
+	ApexFlattening bool `json:"apex_flattening,omitempty"`
+
+	// ZoneSigned reports whether the apex has DNSKEY records (DNSSEC signed).
+	ZoneSigned bool `json:"zone_signed,omitempty"`
+
+	// CNAMESigCheckDone is true when the DO-bit probe that verifies the
+	// CNAME's RRSIG actually ran (i.e. the zone was signed and a CNAME was
+	// present to probe).
+	CNAMESigCheckDone bool `json:"cname_sig_check_done,omitempty"`
+
+	// CNAMESigned reports whether the CNAME hop at Owner carries an RRSIG.
+	CNAMESigned bool `json:"cname_signed,omitempty"`
+
+	// DNAMESubstitutions records any DNAME record encountered above Owner
+	// that rewrote the name during resolution.
+	DNAMESubstitutions []ChainHop `json:"dname_substitutions,omitempty"`
+}
+
+// cnameService is the minimal local mirror of happyDomain's `svcs.CNAME` and
+// `svcs.SpecialCNAME` types. Both carry a single *dns.CNAME under the key
+// "cname". github.com/miekg/dns marshals it in the shape happyDomain uses.
+type cnameService struct {
+	Record *dns.CNAME `json:"cname"`
+}
+
+// serviceMessage is the minimal local mirror of happyDomain's ServiceMessage
+// envelope.
+type serviceMessage struct {
+	Type    string          `json:"_svctype"`
+	Domain  string          `json:"_domain"`
+	Service json.RawMessage `json:"Service"`
+}