From 1d562e7aa4c29b139d5eb4705813d4e4f407ce1d Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 23 Apr 2026 11:29:39 +0700 Subject: [PATCH] checker: expose standalone /check route via CheckerInteractive MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implements RenderForm/ParseForm on the provider: users can hit /check with just a domain name; ParseForm resolves CAA records via direct DNS queries (walking up the label tree per RFC 8659) and hands the SDK a synthetic service payload so the standard Collect → Evaluate pipeline runs without a happyDomain host. TLS probes are not gathered here, so the rule reports StatusUnknown for the TLS cross-check in this mode. --- checker/interactive.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/checker/interactive.go b/checker/interactive.go index 18ff51d..3d92759 100644 --- a/checker/interactive.go +++ b/checker/interactive.go @@ -36,6 +36,7 @@ func (p *caaProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) { return nil, errors.New("domain is required") } domain = dns.Fqdn(domain) + bare := strings.TrimSuffix(domain, ".") records, err := lookupCAA(domain) if err != nil { @@ -55,12 +56,12 @@ func (p *caaProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) { svc := serviceMessage{ Type: serviceType, - Domain: strings.TrimSuffix(domain, "."), + Domain: bare, Service: svcBody, } return sdk.CheckerOptions{ - "domain": strings.TrimSuffix(domain, "."), + "domain": bare, "service": svc, }, nil } @@ -74,12 +75,12 @@ func lookupCAA(fqdn string) ([]CAARecord, error) { return nil, err } + c := new(dns.Client) for name := fqdn; name != "" && name != "."; { msg := new(dns.Msg) msg.SetQuestion(name, dns.TypeCAA) msg.RecursionDesired = true - c := new(dns.Client) in, _, err := c.Exchange(msg, resolver) if err != nil { return nil, err