happyDomain/checker-delegation
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add NS TTL consistency and NS-target CNAME checks
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details

Browse source 
Observe the NS RRset TTL from each parent server (ParentView.NSTTL) and
whether each NS target name is a CNAME alias (ChildNSView.CNAMETarget).
Two new rules judge the collected facts:

- delegation_ns_ttl_inconsistent: warns when parent servers disagree on
  the NS TTL, which indicates zone-data inconsistency between primaries.
- delegation_ns_is_cname: flags NS targets that are CNAME aliases as
  critical, per RFC 2181 §10.3 which forbids aliased NS names.
This commit is contained in:
nemunaire 2026-05-16 21:21:12 +08:00
commit 70c548284e
4 changed files with 125 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
checker/types.go
View file

@ -32,6 +32,8 @@ type ParentView struct {
UDPNSError string `json:"udp_ns_error,omitempty"`
TCPNSError string `json:"tcp_ns_error,omitempty"`
NS []string `json:"ns,omitempty"`
NSTTLKnown bool `json:"ns_ttl_known,omitempty"`
NSTTL uint32 `json:"ns_ttl,omitempty"`
Glue map[string][]string `json:"glue,omitempty"`
DSQueryError string `json:"ds_query_error,omitempty"`
DS []DSRecord `json:"ds,omitempty"`
@ -40,6 +42,7 @@ type ParentView struct {
type ChildNSView struct {
NSName string `json:"ns_name"`
CNAMETarget string `json:"cname_target,omitempty"`
ResolveError string `json:"resolve_error,omitempty"`
Addresses []ChildAddressView `json:"addresses,omitempty"`
}