queryAtAuth already failed over on transport errors but treated any DNS response as final, so a SERVFAIL from the first auth server terminated the chain as Crit even when a sibling server would answer NOERROR. This made the check flap against a flaky server. Treat SERVFAIL/REFUSED as transient and try the remaining servers, returning a definitive answer when any server gives one and only falling back to the transient response (or the last transport error) when every server fails. |
||
|---|---|---|
| .. | ||
| collect.go | ||
| definition.go | ||
| dns.go | ||
| dns_test.go | ||
| interactive.go | ||
| provider.go | ||
| report.go | ||
| rules_apex.go | ||
| rules_chain.go | ||
| rules_coexistence.go | ||
| rules_common.go | ||
| rules_dnssec.go | ||
| rules_test.go | ||
| types.go | ||