happyDomain/checker-ptr
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update rules section

Browse source
This commit is contained in:
nemunaire 2026-04-30 08:49:27 +07:00
commit be64d8fcef
1 changed files with 15 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

34
README.md
View file

@ -71,25 +71,21 @@ happyDomain will delegate observation collection to this endpoint.
## Rules
Each rule emits a finding code. Severity can be affected by the options above.
| Code | Default severity | Condition |
|------|-----------------|-----------|
| `ptr_not_in_reverse_zone` | critical | The PTR owner is not under `in-addr.arpa` or `ip6.arpa`. |
| `ptr_owner_malformed` | critical | The reverse-arpa owner cannot be decoded back to an IP address. |
| `ptr_no_reverse_zone` | critical | The reverse zone serving the owner cannot be located (no SOA). |
| `ptr_query_failed` | critical | The PTR query failed (network error, timeout, unreachable authoritative server). |
| `ptr_rcode` | critical | The authoritative server returned a non-NOERROR rcode (typically NXDOMAIN). |
| `ptr_missing` | critical | No PTR record is served at the owner name. |
| `ptr_multiple` | warning | More than one PTR record exists at the same owner (RFC 1912 §2.1). Suppressed when `allowMultiplePTR` is enabled. |
| `ptr_declared_mismatch` | critical | The authoritative PTR target differs from the target declared in happyDomain. |
| `ptr_target_invalid` | critical | The PTR target is not a syntactically valid hostname (RFC 952/1123). |
| `ptr_generic_hostname` | warning | The PTR target embeds the IP or matches a common ISP auto-generated pattern. Only reported when `flagGenericPTR` is enabled. |
| `ptr_target_unresolvable` | critical / warning with `requireForwardMatch=false` | The PTR target has no A or AAAA record. |
| `ptr_forward_mismatch` | critical / warning with `requireForwardMatch=false` | The PTR target's A/AAAA does not include the original IP (FCrDNS check failed). |
| `ptr_ipv6_missing` | critical | An `ip6.arpa` owner has no PTR record. |
| `ptr_low_ttl` | warning | The observed PTR TTL is below `minTTL`. |
| `ptr_declared_low_ttl` | info | The declared PTR TTL is below `minTTL`. |
| Code | Description | Severity |
|----------------------------|----------------------------------------------------------------------------------------------------|----------|
| `ptr.in_reverse_arpa` | Verifies the PTR owner lies under in-addr.arpa or ip6.arpa. | CRITICAL |
| `ptr.owner_decodable` | Verifies the reverse-arpa owner name decodes back to an IP address. | CRITICAL |
| `ptr.reverse_zone_located` | Verifies the reverse zone serving the PTR owner can be located (SOA found). | CRITICAL |
| `ptr.query_succeeded` | Verifies the PTR query returns NOERROR from the authoritative servers. | CRITICAL |
| `ptr.record_present` | Verifies at least one PTR record is served at the owner name. | CRITICAL |
| `ptr.single_record` | Flags multiple PTR records on the same IP (RFC 1912 §2.1 recommends exactly one). | WARNING |
| `ptr.declared_match` | Verifies the PTR target served by the authoritative servers matches the declared target. | CRITICAL |
| `ptr.target_syntax_valid` | Verifies the PTR target is a syntactically valid hostname (RFC 952/1123). | CRITICAL |
| `ptr.generic_hostname` | Flags PTR targets that embed the IP or match common ISP auto-generated patterns. | WARNING |
| `ptr.target_resolves` | Verifies the PTR target resolves to at least one A or AAAA record. | CRITICAL |
| `ptr.fcrdns_match` | Verifies the PTR target's A/AAAA resolves back to the original IP (Forward-Confirmed Reverse DNS). | CRITICAL |
| `ptr.ipv6` | Reports whether the PTR concerns an IPv6 (ip6.arpa) address. | CRITICAL |
| `ptr.ttl_hygiene` | Verifies the PTR TTL is at or above the configured minimum. | WARNING |
## License