Initial commit

2026-04-27 00:58:19 +07:00 · 2026-04-27 00:58:19 +07:00 · d4a59fb9e8
commit d4a59fb9e8
18 changed files with 1439 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,59 @@
+# checker-legacy-records
+
+A happyDomain checker that scans a working zone for **DNS record types
+deprecated by the IETF** and reports each occurrence with the relevant
+RFC reference and a concrete migration suggestion.
+
+It runs in three deployment modes (standalone HTTP binary, Go plugin,
+Docker image), like every other checker in the happyDomain ecosystem.
+
+## What it detects
+
+The checker walks every service in the working zone (`AutoFillZone`) and
+inspects each `svcs.Orphan` body for an embedded RR header. Records whose
+type is in the [`deprecatedTypes`](checker/deprecated.go) table produce a
+finding.
+
+| Severity     | Record types                                                                                  | Why                                                                                       |
+|--------------|-----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
+| Critical     | `KEY`, `SIG`, `NXT`                                                                           | RFC 3755: superseded by DNSKEY/RRSIG/NSEC; modern validators ignore them.                |
+| Warning      | `SPF`, `A6`, `MD`, `MF`                                                                       | RFC 7208 / RFC 6563 / RFC 973: replaced by TXT, AAAA, MX.                                |
+| Informational| `WKS`, `MB`, `MG`, `MR`, `MINFO`, `NULL`, `GPOS`, `NSAP`, `NSAP-PTR`, `X25`, `ISDN`, `RT`, `ATMA`, `EID`, `NIMLOC`, `SINK`, `NINFO`, `RKEY` | Experimental or historical (RFC 1035, 1183, 1706, 1712, ...); safe to delete. |
+
+## Tests
+
+`go test ./...` covers:
+
+- a clean zone (no findings, no errors, modern services skipped silently);
+- detection of common legacy types (`SPF`, `A6`, `KEY`, `NXT`, `WKS`);
+- grouping and ranking by severity (critical bubbles to the top, even
+  when warning findings appear first in the zone);
+- the empty-zone OK path (rule still emits one OK state with the scan
+  count);
+- a missing `zone` option (the host forgot to wire AutoFillZone) is a
+  hard error;
+- the HTML "Fix this first" card always reflects the worst severity;
+- the OK banner appears when nothing legacy is found.
+
+## HTML report
+
+The report renders as a standalone HTML page suitable for iframe embedding:
+
+- a coloured status banner (OK / Info / Warning / Critical) summarising
+  the worst finding;
+- a **"Fix this first"** card with the most-severe legacy type, the RFC
+  reason, the suggested replacement, and a concrete `How to fix`
+  instruction; the card lists every owner where the type appears;
+- an "Other legacy records" section with one card per remaining type,
+  sorted by descending severity then alphabetically;
+- a collapsible "skipped during scan" section listing parse errors so
+  silent skips never masquerade as a clean pass.
+
+## Build
+
+```sh
+make            # standalone binary
+make plugin     # .so plugin for happyDomain
+make docker     # Docker image
+make test       # run the unit tests
+```