happyDomain/checker-legacy-records
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2 commits 1 branch 1 tag 51 KiB
  • Go 97.2%
  • Makefile 1.6%
  • Dockerfile 1.2%
Find a file
Exact
Pierre-Olivier Mercier 231d6f1873 Include rules section
2026-04-30 08:56:14 +07:00
checker Initial commit 2026-04-27 01:38:42 +07:00
plugin Initial commit 2026-04-27 01:38:42 +07:00
.gitignore Initial commit 2026-04-27 01:38:42 +07:00
Dockerfile Initial commit 2026-04-27 01:38:42 +07:00
go.mod Initial commit 2026-04-27 01:38:42 +07:00
go.sum Initial commit 2026-04-27 01:38:42 +07:00
LICENSE Initial commit 2026-04-27 01:38:42 +07:00
main.go Initial commit 2026-04-27 01:38:42 +07:00
Makefile Initial commit 2026-04-27 01:38:42 +07:00
NOTICE Initial commit 2026-04-27 01:38:42 +07:00
README.md Include rules section 2026-04-30 08:56:14 +07:00

README.md

checker-legacy-records

A happyDomain checker that scans a working zone for DNS record types deprecated by the IETF and reports each occurrence with the relevant RFC reference and a concrete migration suggestion.

It runs in three deployment modes (standalone HTTP binary, Go plugin, Docker image), like every other checker in the happyDomain ecosystem.

What it detects

The checker walks every service in the working zone (AutoFillZone) and inspects each svcs.Orphan body for an embedded RR header. Records whose type is in the deprecatedTypes table produce a finding.

Severity Record types Why
Critical KEY, SIG, NXT RFC 3755: superseded by DNSKEY/RRSIG/NSEC; modern validators ignore them.
Warning SPF, A6, MD, MF RFC 7208 / RFC 6563 / RFC 973: replaced by TXT, AAAA, MX.
Informational WKS, MB, MG, MR, MINFO, NULL, GPOS, NSAP, NSAP-PTR, X25, ISDN, RT, ATMA, EID, NIMLOC, SINK, NINFO, RKEY Experimental or historical (RFC 1035, 1183, 1706, 1712, ...); safe to delete.

Rules

Code Description Severity
legacy_records Detects DNS record types deprecated by the IETF and reports each occurrence with RFC references. CRITICAL

Tests

go test ./... covers:

  • a clean zone (no findings, no errors, modern services skipped silently);
  • detection of common legacy types (SPF, A6, KEY, NXT, WKS);
  • grouping and ranking by severity (critical bubbles to the top, even when warning findings appear first in the zone);
  • the empty-zone OK path (rule still emits one OK state with the scan count);
  • a missing zone option (the host forgot to wire AutoFillZone) is a hard error;
  • the HTML "Fix this first" card always reflects the worst severity;
  • the OK banner appears when nothing legacy is found.

HTML report

The report renders as a standalone HTML page suitable for iframe embedding:

  • a coloured status banner (OK / Info / Warning / Critical) summarising the worst finding;
  • a "Fix this first" card with the most-severe legacy type, the RFC reason, the suggested replacement, and a concrete How to fix instruction; the card lists every owner where the type appears;
  • an "Other legacy records" section with one card per remaining type, sorted by descending severity then alphabetically;
  • a collapsible "skipped during scan" section listing parse errors so silent skips never masquerade as a clean pass.

Build

make            # standalone binary
make plugin     # .so plugin for happyDomain
make docker     # Docker image
make test       # run the unit tests