checker: implement ShareKey to mutualise reverse-DNS lookups across targets
The reverse-DNS observation (zone location, authoritative NS, the PTR RRset, and the forward-confirm of the effective target) is determined entirely by the reverse-arpa owner name — i.e. the IP being asked about — never by which forward domain triggered the check. Implement sdk.ObservationSharer so the host runs the PTR + FCrDNS lookups once and serves every target that interrogates the same reverse name, instead of re-querying per record. The share key derives from the owner name and folds in the declared target and TTL: these are part of the observation and can change it — when no PTR is published the effective target (and therefore its forward-confirm) falls back to the declared value. ShareKey stays a pure function of opts (no network) per the contract. An empty owner yields "" so the host falls back to per-target caching.
This commit is contained in:
parent
5f454fa062
commit
ab1595d85f
2 changed files with 71 additions and 0 deletions
|
|
@ -2,6 +2,8 @@ package checker
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
|
|
@ -95,6 +97,28 @@ func (p *ptrProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (any
|
|||
return data, nil
|
||||
}
|
||||
|
||||
// ShareKey implements sdk.ObservationSharer. The reverse-DNS observation (zone
|
||||
// location, authoritative NS, the PTR RRset, and the forward-confirm of the
|
||||
// effective target) is determined entirely by the reverse-arpa owner name — i.e.
|
||||
// the IP being asked about — never by which forward domain triggered the check.
|
||||
// Two targets that interrogate the same reverse name produce identical data, so
|
||||
// the host can run the PTR + FCrDNS lookups once and serve the rest.
|
||||
//
|
||||
// The declared target and TTL are folded in because they are part of the
|
||||
// observation and can change it: when no PTR is published the effective target
|
||||
// (and therefore its forward-confirm) falls back to the declared value. This
|
||||
// stays a pure function of opts (no network) per the contract. An empty owner
|
||||
// returns "" so the host falls back to the default per-target caching.
|
||||
func (p *ptrProvider) ShareKey(opts sdk.CheckerOptions) (string, error) {
|
||||
owner, declaredTarget, declaredTTL, err := resolvePTRInputs(opts)
|
||||
if err != nil || owner == "" {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
h := sha256.Sum256(fmt.Appendf(nil, "%s|%s|%d", lowerFQDN(owner), declaredTarget, declaredTTL))
|
||||
return "ptr:" + hex.EncodeToString(h[:8]), nil
|
||||
}
|
||||
|
||||
// resolvePTRInputs extracts the PTR owner, declared target and TTL from the
|
||||
// auto-filled options.
|
||||
func resolvePTRInputs(opts sdk.CheckerOptions) (owner, target string, ttl uint32, err error) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue