Commit graph

3 commits

Author SHA1 Message Date
af0dceca6c checker: fail over to other auth servers on SERVFAIL/REFUSED
queryAtAuth already failed over on transport errors but treated any DNS
response as final, so a SERVFAIL from the first auth server terminated the
chain as Crit even when a sibling server would answer NOERROR. This made
the check flap against a flaky server. Treat SERVFAIL/REFUSED as transient
and try the remaining servers, returning a definitive answer when any
server gives one and only falling back to the transient response (or the
last transport error) when every server fails.
2026-06-18 09:47:28 +09:00
0becf6bc8c checker: require SOA owner to match candidate in findApex
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
A recursive resolver following a CNAME returns the target zone's SOA in
the answer, which made findApex wrongly treat a CNAME owner as an apex.
Only accept a SOA whose owner is the candidate itself.
2026-06-18 04:54:14 +09:00
eea7e4e459 Initial commit 2026-04-26 19:42:18 +07:00