Pierre-Olivier Mercier
744a75b25d
NS hostnames stored in happyDomain's abstract.Origin service are encoded relative to the zone apex (e.g. "ns0" instead of "ns0.example.com."). normalizeNSList was calling dns.Fqdn() directly, turning "ns0" into the useless single-label "ns0." rather than the correct FQDN. Expose domain_name in ServiceOpts so happyDomain auto-fills the zone apex at service scope, then use sdk.JoinRelative in normalizeNSList to absolutize relative labels. Absolute FQDNs (trailing dot) are kept as-is so external nameservers round-trip safely.
127 lines
4.2 KiB
Go
127 lines
4.2 KiB
Go
// This file is part of the happyDomain (R) project.
|
|
// Copyright (c) 2026 happyDomain
|
|
// Authors: Pierre-Olivier Mercier, et al.
|
|
//
|
|
// This program is offered under a commercial and under the AGPL license.
|
|
// For commercial licensing, contact us at <contact@happydomain.org>.
|
|
//
|
|
// For AGPL licensing:
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package checker
|
|
|
|
import (
|
|
"time"
|
|
|
|
sdk "git.happydns.org/checker-sdk-go/checker"
|
|
)
|
|
|
|
// Overridden via -ldflags by main/plugin at build time.
|
|
var Version = "built-in"
|
|
|
|
func (p *authoritativeConsistencyProvider) Definition() *sdk.CheckerDefinition {
|
|
return &sdk.CheckerDefinition{
|
|
ID: "authoritative-consistency",
|
|
Name: "Authoritative consistency",
|
|
Version: Version,
|
|
Availability: sdk.CheckerAvailability{
|
|
ApplyToService: true,
|
|
LimitToServices: []string{
|
|
"abstract.Origin",
|
|
"abstract.NSOnlyOrigin",
|
|
},
|
|
},
|
|
ObservationKeys: []sdk.ObservationKey{ObservationKey},
|
|
HasHTMLReport: true,
|
|
HasMetrics: true,
|
|
Options: sdk.CheckerOptionsDocumentation{
|
|
UserOpts: []sdk.CheckerOptionDocumentation{
|
|
{
|
|
Id: "requireTCP",
|
|
Type: "bool",
|
|
Label: "Require DNS over TCP",
|
|
Description: "When enabled, an authoritative server that fails to answer over TCP is flagged as critical (otherwise as warning). TCP/53 is required by RFC 7766 and by DNSSEC.",
|
|
Default: true,
|
|
},
|
|
{
|
|
Id: "checkEDNS",
|
|
Type: "bool",
|
|
Label: "Check EDNS0 support",
|
|
Description: "Probe each name server for EDNS0 (RFC 6891). Servers that drop or mishandle EDNS0 break DNSSEC and large answers.",
|
|
Default: true,
|
|
},
|
|
{
|
|
Id: "checkLatency",
|
|
Type: "bool",
|
|
Label: "Measure response latency",
|
|
Description: "Measure response time of every name server and warn on slow responders.",
|
|
Default: true,
|
|
},
|
|
{
|
|
Id: "latencyThresholdMs",
|
|
Type: "uint",
|
|
Label: "Latency warning threshold (ms)",
|
|
Description: "Response times above this value trigger a slow-server warning.",
|
|
Default: float64(500),
|
|
},
|
|
{
|
|
Id: "useParentNS",
|
|
Type: "bool",
|
|
Label: "Cross-check with parent delegation",
|
|
Description: "Query the parent zone for the delegation NS RRset and compare it to the service's declared name servers. Drifts are reported so the user can reconcile.",
|
|
Default: true,
|
|
},
|
|
{
|
|
Id: "warnOnStaleSaved",
|
|
Type: "bool",
|
|
Label: "Warn when live serial is older than the saved one",
|
|
Description: "When the saved SOA serial in happyDomain is newer than what the authoritative servers publish, report a warning, typically an un-pushed change.",
|
|
Default: true,
|
|
},
|
|
{
|
|
Id: "minNameServers",
|
|
Type: "uint",
|
|
Label: "Minimum number of name servers",
|
|
Description: "Below this count, a warning is emitted (RFC 1034 recommends at least 2).",
|
|
Default: float64(2),
|
|
},
|
|
},
|
|
DomainOpts: []sdk.CheckerOptionDocumentation{
|
|
{
|
|
Id: "domain_name",
|
|
Label: "Zone name",
|
|
AutoFill: sdk.AutoFillDomainName,
|
|
},
|
|
},
|
|
ServiceOpts: []sdk.CheckerOptionDocumentation{
|
|
{
|
|
Id: "service",
|
|
Label: "Origin service",
|
|
AutoFill: sdk.AutoFillService,
|
|
},
|
|
{
|
|
Id: "domain_name",
|
|
Label: "Zone name",
|
|
AutoFill: sdk.AutoFillDomainName,
|
|
},
|
|
},
|
|
},
|
|
Rules: Rules(),
|
|
Interval: &sdk.CheckIntervalSpec{
|
|
Min: 1 * time.Minute,
|
|
Max: 6 * time.Hour,
|
|
Default: 10 * time.Minute,
|
|
},
|
|
}
|
|
}
|