//go:build standalone package checker import ( "encoding/json" "errors" "fmt" "net" "net/http" "strings" "github.com/miekg/dns" sdk "git.happydns.org/checker-sdk-go/checker" ) // RenderForm exposes a single "delegated domain" input for the standalone // /check route. The parent zone is derived by stripping the left-most label // and the declared NS / DS sets are resolved via the system resolver. func (p *delegationProvider) RenderForm() []sdk.CheckerOptionField { return []sdk.CheckerOptionField{ { Id: "domain", Type: "string", Label: "Delegated domain", Placeholder: "sub.example.com", Required: true, Description: "Fully-qualified name of the delegated zone to check.", }, } } // ParseForm turns the submitted domain into the CheckerOptions that Collect // expects: the parent zone, the sub-label, and a synthesized // abstract.Delegation service populated with the NS / DS records resolved // via the system resolver. func (p *delegationProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) { domain := strings.TrimSpace(r.FormValue("domain")) if domain == "" { return nil, errors.New("domain is required") } fqdn := dns.Fqdn(domain) labels := dns.SplitDomainName(fqdn) if len(labels) < 2 { return nil, fmt.Errorf("%q has no parent zone", domain) } parentZone := strings.Join(labels[1:], ".") subdomain := labels[0] resolver, err := interactiveResolver() if err != nil { return nil, err } nsRecords, err := lookupDelegationNS(resolver, fqdn) if err != nil { return nil, fmt.Errorf("NS lookup for %s: %w", domain, err) } if len(nsRecords) == 0 { return nil, fmt.Errorf("no NS records found for %s", domain) } dsRecords, err := lookupDelegationDS(resolver, fqdn) if err != nil { return nil, fmt.Errorf("DS lookup for %s: %w", domain, err) } body, err := json.Marshal(delegationService{NameServers: nsRecords, DS: dsRecords}) if err != nil { return nil, fmt.Errorf("marshal delegation service: %w", err) } svc := serviceMessage{ Type: "abstract.Delegation", Domain: parentZone, Service: body, } return sdk.CheckerOptions{ "domain_name": parentZone, "subdomain": subdomain, "service": svc, }, nil } func interactiveResolver() (string, error) { cfg, err := dns.ClientConfigFromFile("/etc/resolv.conf") if err != nil || len(cfg.Servers) == 0 { return net.JoinHostPort("1.1.1.1", "53"), nil } return net.JoinHostPort(cfg.Servers[0], cfg.Port), nil } func lookupDelegationNS(resolver, fqdn string) ([]*dns.NS, error) { msg := new(dns.Msg) msg.SetQuestion(fqdn, dns.TypeNS) msg.RecursionDesired = true c := new(dns.Client) in, _, err := c.Exchange(msg, resolver) if err != nil { return nil, err } if in.Rcode != dns.RcodeSuccess && in.Rcode != dns.RcodeNameError { return nil, fmt.Errorf("rcode %s", dns.RcodeToString[in.Rcode]) } var out []*dns.NS for _, rr := range in.Answer { if ns, ok := rr.(*dns.NS); ok { out = append(out, ns) } } return out, nil } func lookupDelegationDS(resolver, fqdn string) ([]*dns.DS, error) { msg := new(dns.Msg) msg.SetQuestion(fqdn, dns.TypeDS) msg.RecursionDesired = true msg.SetEdns0(4096, true) c := new(dns.Client) in, _, err := c.Exchange(msg, resolver) if err != nil { return nil, err } if in.Rcode != dns.RcodeSuccess && in.Rcode != dns.RcodeNameError { return nil, fmt.Errorf("rcode %s", dns.RcodeToString[in.Rcode]) } var out []*dns.DS for _, rr := range in.Answer { if ds, ok := rr.(*dns.DS); ok { out = append(out, ds) } } return out, nil }