checker-legacy-records/README.md

# checker-legacy-records

A happyDomain checker that scans a working zone for **DNS record types
deprecated by the IETF** and reports each occurrence with the relevant
RFC reference and a concrete migration suggestion.

It runs in three deployment modes (standalone HTTP binary, Go plugin,
Docker image), like every other checker in the happyDomain ecosystem.

## What it detects

The checker walks every service in the working zone (`AutoFillZone`) and
inspects each `svcs.Orphan` body for an embedded RR header. Records whose
type is in the [`deprecatedTypes`](checker/deprecated.go) table produce a
finding.

| Severity     | Record types                                                                                  | Why                                                                                       |
|--------------|-----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
| Critical     | `KEY`, `SIG`, `NXT`                                                                           | RFC 3755: superseded by DNSKEY/RRSIG/NSEC; modern validators ignore them.                |
| Warning      | `SPF`, `A6`, `MD`, `MF`                                                                       | RFC 7208 / RFC 6563 / RFC 973: replaced by TXT, AAAA, MX.                                |
| Informational| `WKS`, `MB`, `MG`, `MR`, `MINFO`, `NULL`, `GPOS`, `NSAP`, `NSAP-PTR`, `X25`, `ISDN`, `RT`, `ATMA`, `EID`, `NIMLOC`, `SINK`, `NINFO`, `RKEY` | Experimental or historical (RFC 1035, 1183, 1706, 1712, ...); safe to delete. |

## Tests

`go test ./...` covers:

- a clean zone (no findings, no errors, modern services skipped silently);
- detection of common legacy types (`SPF`, `A6`, `KEY`, `NXT`, `WKS`);
- grouping and ranking by severity (critical bubbles to the top, even
  when warning findings appear first in the zone);
- the empty-zone OK path (rule still emits one OK state with the scan
  count);
- a missing `zone` option (the host forgot to wire AutoFillZone) is a
  hard error;
- the HTML "Fix this first" card always reflects the worst severity;
- the OK banner appears when nothing legacy is found.

## HTML report

The report renders as a standalone HTML page suitable for iframe embedding:

- a coloured status banner (OK / Info / Warning / Critical) summarising
  the worst finding;
- a **"Fix this first"** card with the most-severe legacy type, the RFC
  reason, the suggested replacement, and a concrete `How to fix`
  instruction; the card lists every owner where the type appears;
- an "Other legacy records" section with one card per remaining type,
  sorted by descending severity then alphabetically;
- a collapsible "skipped during scan" section listing parse errors so
  silent skips never masquerade as a clean pass.

## Build

```sh
make            # standalone binary
make plugin     # .so plugin for happyDomain
make docker     # Docker image
make test       # run the unit tests
```