happyDomain/checker-srv
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source 
Generic SRV records checker for happyDomain.

For each SRV record attached to an svcs.UnknownSRV service, the checker
resolves every target and probes reachability:

  - DNS resolution (A/AAAA), CNAME detection (RFC 2782 violation),
    null-target detection (RFC 2782 "service explicitly unavailable")
  - TCP connect to target:port for _tcp SRVs
  - UDP probe for _udp SRVs, using ICMP port-unreachable detection

The checker also publishes TLS endpoints (host, port, SNI) for every
SRV target hitting a well-known direct-TLS port (443, 465, 636, 853,
993, 995, 5061, 5223, …) via the EndpointDiscoverer SDK interface, so
a downstream TLS checker can pick them up.

The HTML report groups records as cards and surfaces the most common
failure scenarios (DNS failure, CNAME target, TCP unreachable,
null-target) at the top with remediation guidance.
This commit is contained in:
nemunaire 2026-04-19 10:28:39 +07:00
commit 90f1b4943f
27 changed files with 2809 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

228
checker/collect.go Normal file
View file

@ -0,0 +1,228 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"encoding/json"
"fmt"
"net"
"strconv"
"strings"
"time"
sdk "git.happydns.org/checker-sdk-go/checker"
happydns "git.happydns.org/happyDomain/model"
)
// We decode SRV records by hand (instead of importing miekg/dns) so the
// checker stays light and its build surface minimal.
type unknownSRVPayload struct {
Records []struct {
Hdr struct {
Name string `json:"Name"`
} `json:"Hdr"`
Priority uint16 `json:"Priority"`
Weight uint16 `json:"Weight"`
Port uint16 `json:"Port"`
Target string `json:"Target"`
} `json:"srv"`
}
func (p *srvProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (any, error) {
svcMsg, ok := sdk.GetOption[happydns.ServiceMessage](opts, "service")
if !ok {
return p.collectFallback(ctx, opts)
}
if svcMsg.Type != "svcs.UnknownSRV" {
return nil, fmt.Errorf("service type is %q, expected svcs.UnknownSRV", svcMsg.Type)
}
var payload unknownSRVPayload
if err := json.Unmarshal(svcMsg.Service, &payload); err != nil {
return nil, fmt.Errorf("failed to decode UnknownSRV: %w", err)
}
if len(payload.Records) == 0 {
return nil, fmt.Errorf("service contains no SRV records")
}
subdomain, _ := sdk.GetOption[string](opts, "subdomain")
domain, _ := sdk.GetOption[string](opts, "domain")
serviceDomain := strings.TrimSuffix(subdomain, ".")
if domain != "" {
if serviceDomain != "" {
serviceDomain += "." + strings.TrimSuffix(domain, ".")
} else {
serviceDomain = strings.TrimSuffix(domain, ".")
}
}
tcpTimeout := durationOpt(opts, "tcpTimeout", 3000)
udpTimeout := durationOpt(opts, "udpTimeout", 2000)
data := &SRVData{
ServiceDomain: serviceDomain,
Records: make([]SRVRecord, 0, len(payload.Records)),
}
for _, r := range payload.Records {
owner := strings.TrimSuffix(r.Hdr.Name, ".")
svc, proto := parseOwner(owner, serviceDomain)
rec := SRVRecord{
Service: svc,
Proto: proto,
Owner: owner,
Target: strings.TrimSuffix(r.Target, "."),
Port: r.Port,
Priority: r.Priority,
Weight: r.Weight,
}
resolveAndProbe(ctx, &rec, tcpTimeout, udpTimeout)
data.Records = append(data.Records, rec)
}
return data, nil
}
// Owners that don't match _svc._proto have no proto we can trust, so we
// skip probing rather than silently defaulting to TCP and reporting a misleading status.
func resolveAndProbe(ctx context.Context, rec *SRVRecord, tcpTimeout, udpTimeout time.Duration) {
// RFC 2782: "." target means "service decidedly not available".
if rec.Target == "" || rec.Target == "." {
rec.IsNullTarget = true
return
}
// CNAME detection (RFC 2782 §"Usage rules": target MUST be a name that
// resolves to A/AAAA records directly, not a CNAME).
if cname, err := net.DefaultResolver.LookupCNAME(ctx, rec.Target); err == nil {
canon := strings.TrimSuffix(cname, ".")
if canon != "" && !strings.EqualFold(canon, rec.Target) {
rec.IsCNAME = true
rec.CNAMEChain = []string{rec.Target, canon}
}
}
ips, err := net.DefaultResolver.LookupIPAddr(ctx, rec.Target)
if err != nil {
rec.ResolveError = err.Error()
return
}
for _, ip := range ips {
rec.Addresses = append(rec.Addresses, ip.IP.String())
}
for _, addr := range rec.Addresses {
hostport := net.JoinHostPort(addr, strconv.Itoa(int(rec.Port)))
switch rec.Proto {
case protoTCP:
rec.Probes = append(rec.Probes, probeTCP(ctx, hostport, tcpTimeout))
case protoUDP:
rec.Probes = append(rec.Probes, probeUDP(ctx, hostport, udpTimeout))
}
}
}
func parseOwner(owner, serviceDomain string) (svc, proto string) {
// Returns ("", "") when the owner does not match: callers must treat
// that as "unknown" and skip proto-specific probing rather than guessing.
s := strings.TrimSuffix(owner, "."+serviceDomain)
parts := strings.Split(s, ".")
if len(parts) >= 2 && strings.HasPrefix(parts[0], "_") && strings.HasPrefix(parts[1], "_") {
return strings.TrimPrefix(parts[0], "_"), strings.TrimPrefix(parts[1], "_")
}
return "", ""
}
func durationOpt(opts sdk.CheckerOptions, key string, defMs int) time.Duration {
ms := defMs
if v, ok := opts[key]; ok {
switch n := v.(type) {
case float64:
ms = int(n)
case int:
ms = n
}
}
if ms < 100 {
ms = 100
}
if ms > 60000 {
ms = 60000
}
return time.Duration(ms) * time.Millisecond
}
func probeTCP(ctx context.Context, hostport string, timeout time.Duration) ProbeResult {
pr := ProbeResult{Address: hostport, Proto: protoTCP}
start := time.Now()
ctx, cancel := context.WithTimeout(ctx, timeout)
defer cancel()
conn, err := (&net.Dialer{}).DialContext(ctx, protoTCP, hostport)
pr.LatencyMs = float64(time.Since(start).Microseconds()) / 1000.0
if err != nil {
pr.Error = err.Error()
return pr
}
_ = conn.Close()
pr.Connected = true
return pr
}
func probeUDP(ctx context.Context, hostport string, timeout time.Duration) ProbeResult {
pr := ProbeResult{Address: hostport, Proto: protoUDP}
ctx, cancel := context.WithTimeout(ctx, timeout)
defer cancel()
conn, err := (&net.Dialer{}).DialContext(ctx, protoUDP, hostport)
if err != nil {
pr.Error = err.Error()
return pr
}
defer conn.Close()
// Send a single zero byte. If the host has nothing listening and returns
// ICMP port-unreachable, a subsequent Read will fail with "connection
// refused". Silent drops (firewalled) remain indistinguishable from a
// working service, report as "reachable (no response)".
_ = conn.SetDeadline(time.Now().Add(timeout))
if _, err := conn.Write([]byte{0}); err != nil {
pr.Error = err.Error()
return pr
}
buf := make([]byte, 1)
_, err = conn.Read(buf)
if err != nil {
if ne, ok := err.(net.Error); ok && ne.Timeout() {
// No ICMP unreachable came back: host probably accepts UDP,
// or packets are silently dropped. Treat as "reachable".
pr.Connected = true
pr.Error = "no UDP response (host may still be reachable)"
return pr
}
pr.Error = err.Error()
return pr
}
pr.Connected = true
return pr
}

35
checker/collect_plugin.go Normal file
View file

@ -0,0 +1,35 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
//go:build !standalone
package checker
import (
"context"
"fmt"
sdk "git.happydns.org/checker-sdk-go/checker"
)
func (p *srvProvider) collectFallback(ctx context.Context, opts sdk.CheckerOptions) (any, error) {
return nil, fmt.Errorf("service not provided")
}

85
checker/collect_standalone.go Normal file
View file

@ -0,0 +1,85 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
//go:build standalone
package checker
import (
"context"
"fmt"
"net"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
// collectFallback queries DNS for SRV records directly when no upstream
// service payload is available (standalone CLI/HTTP mode).
func (p *srvProvider) collectFallback(ctx context.Context, opts sdk.CheckerOptions) (any, error) {
subdomain, _ := sdk.GetOption[string](opts, "subdomain")
domain, _ := sdk.GetOption[string](opts, "domain")
serviceDomain := strings.TrimSuffix(subdomain, ".")
if domain != "" {
if serviceDomain != "" {
serviceDomain += "." + strings.TrimSuffix(domain, ".")
} else {
serviceDomain = strings.TrimSuffix(domain, ".")
}
}
if serviceDomain == "" {
return nil, fmt.Errorf("missing 'domain' option")
}
// Empty service/proto tells the resolver to query the literal name as-is,
// preserving _svc._proto labels already encoded in serviceDomain.
_, srvs, err := net.DefaultResolver.LookupSRV(ctx, "", "", serviceDomain)
if err != nil {
return nil, fmt.Errorf("SRV lookup for %s: %w", serviceDomain, err)
}
if len(srvs) == 0 {
return nil, fmt.Errorf("no SRV records at %s", serviceDomain)
}
tcpTimeout := durationOpt(opts, "tcpTimeout", 3000)
udpTimeout := durationOpt(opts, "udpTimeout", 2000)
svc, proto := parseOwner(serviceDomain, serviceDomain)
data := &SRVData{
ServiceDomain: serviceDomain,
Records: make([]SRVRecord, 0, len(srvs)),
}
for _, s := range srvs {
rec := SRVRecord{
Service: svc,
Proto: proto,
Owner: serviceDomain,
Target: strings.TrimSuffix(s.Target, "."),
Port: s.Port,
Priority: s.Priority,
Weight: s.Weight,
}
resolveAndProbe(ctx, &rec, tcpTimeout, udpTimeout)
data.Records = append(data.Records, rec)
}
return data, nil
}

88
checker/definition.go Normal file
View file

@ -0,0 +1,88 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"time"
sdk "git.happydns.org/checker-sdk-go/checker"
)
var Version = "built-in"
func (p *srvProvider) Definition() *sdk.CheckerDefinition {
return &sdk.CheckerDefinition{
ID: "srv",
Name: "SRV Records Tester",
Version: Version,
Availability: sdk.CheckerAvailability{
ApplyToService: true,
LimitToServices: []string{"svcs.UnknownSRV"},
},
HasHTMLReport: true,
ObservationKeys: []sdk.ObservationKey{ObservationKeySRV},
Options: sdk.CheckerOptionsDocumentation{
UserOpts: []sdk.CheckerOptionDocumentation{
{
Id: "tcpTimeout",
Type: "number",
Label: "TCP connect timeout (ms)",
Default: float64(3000),
Description: "Max time to wait for a TCP handshake on each target.",
},
{
Id: "udpTimeout",
Type: "number",
Label: "UDP probe timeout (ms)",
Default: float64(2000),
Description: "Max time to wait for a UDP response or ICMP unreachable.",
},
},
ServiceOpts: []sdk.CheckerOptionDocumentation{
{
Id: "service",
Label: "Service",
AutoFill: sdk.AutoFillService,
Hide: true,
},
{
Id: "subdomain",
Label: "Subdomain",
AutoFill: sdk.AutoFillSubdomain,
Hide: true,
},
{
Id: "domain",
Label: "Domain",
AutoFill: sdk.AutoFillDomainName,
Hide: true,
},
},
},
Rules: Rules(),
Interval: &sdk.CheckIntervalSpec{
Min: 5 * time.Minute,
Max: 7 * 24 * time.Hour,
Default: 6 * time.Hour,
},
}
}

124
checker/discover.go Normal file
View file

@ -0,0 +1,124 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"fmt"
sdk "git.happydns.org/checker-sdk-go/checker"
tlsct "git.happydns.org/checker-tls/contract"
)
// Matching on the service name is more authoritative than matching on the
// port: port 636 could carry anything, but _ldaps._tcp unambiguously
// designates LDAP over TLS, even on a non-standard port.
var directTLSServices = map[string]bool{
"https": true,
"ftps": true, // FTPS implicit
"smtps": true, // SMTP over TLS (legacy port 465 semantics)
"submissions": true, // RFC 8314: SMTP submission over TLS
"imaps": true,
"pop3s": true,
"nntps": true,
"ircs": true,
"telnets": true,
"ldaps": true,
"sips": true,
"ipps": true, // IPP over TLS (printing)
"xmpps-client": true, // XMPP client over direct TLS
"xmpps-server": true, // XMPP server-to-server over direct TLS
"mqtts": true,
"coaps": true,
"stuns": true,
"turns": true,
}
type starttlsSpec struct {
// When two SRV services share the same wire upgrade (submission/smtp both do
// ESMTP STARTTLS), Proto is the canonical one agreed with checker-tls/contract.
Proto string
// Required is false for opportunistic STARTTLS (e.g. SMTP on port 25, s2s XMPP).
// The consumer uses this to pick severity when the server does not advertise STARTTLS.
Required bool
}
// Proto values follow the tls.endpoint.v1 contract's vocabulary; the SDK
// itself has no opinion on these values, they belong to checker-tls.
var starttlsServices = map[string]starttlsSpec{
"submission": {"smtp", true}, // RFC 8314: STARTTLS required
"smtp": {"smtp", false}, // port 25: opportunistic
"imap": {"imap", true},
"pop3": {"pop3", true},
"xmpp-client": {"xmpp-client", true}, // RFC 7590
"xmpp-server": {"xmpp-server", false}, // s2s: opportunistic
"ldap": {"ldap", false},
"nntp": {"nntp", false},
"ftp": {"ftp", false},
"sieve": {"sieve", true},
"postgresql": {"postgres", false},
}
// DiscoverEntries publishes tls.endpoint.v1 entries for known TLS/STARTTLS services.
// Unknown service names produce no entries: we lean on the SRV naming
// convention rather than guessing from the port, since a port alone
// conveys no protocol semantics.
func (p *srvProvider) DiscoverEntries(data any) ([]sdk.DiscoveryEntry, error) {
d, ok := data.(*SRVData)
if !ok {
return nil, fmt.Errorf("unexpected data type %T", data)
}
var out []sdk.DiscoveryEntry
for _, r := range d.Records {
if r.IsNullTarget || r.Target == "" {
continue
}
if directTLSServices[r.Service] {
e, err := tlsct.NewEntry(tlsct.TLSEndpoint{
Host: r.Target,
Port: r.Port,
SNI: r.Target,
})
if err != nil {
return nil, fmt.Errorf("build tls entry for %s:%d: %w", r.Target, r.Port, err)
}
out = append(out, e)
continue
}
if spec, ok := starttlsServices[r.Service]; ok {
e, err := tlsct.NewEntry(tlsct.TLSEndpoint{
Host: r.Target,
Port: r.Port,
SNI: r.Target,
STARTTLS: spec.Proto,
RequireSTARTTLS: spec.Required,
})
if err != nil {
return nil, fmt.Errorf("build starttls entry for %s:%d: %w", r.Target, r.Port, err)
}
out = append(out, e)
}
}
return out, nil
}

70
checker/interactive.go Normal file
View file

@ -0,0 +1,70 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
//go:build standalone
package checker
import (
"errors"
"net/http"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
func (p *srvProvider) RenderForm() []sdk.CheckerOptionField {
return []sdk.CheckerOptionField{
{
Id: "name",
Type: "string",
Label: "SRV record name to check",
Placeholder: "_sip._tcp.example.com",
Required: true,
Description: "Fully-qualified SRV owner name (e.g. _service._proto.domain).",
},
}
}
func (p *srvProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
name := strings.TrimSpace(r.FormValue("name"))
if name == "" {
return nil, errors.New("name is required")
}
name = strings.TrimSuffix(name, ".")
// Split into subdomain + domain so collect's serviceDomain
// (subdomain + "." + domain) reconstructs the full SRV owner.
parts := strings.SplitN(name, ".", 2)
sub := parts[0]
parent := ""
if len(parts) == 2 {
parent = parts[1]
} else {
parent = name
sub = ""
}
return sdk.CheckerOptions{
"domain": parent,
"subdomain": sub,
}, nil
}

36
checker/provider.go Normal file
View file

@ -0,0 +1,36 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
sdk "git.happydns.org/checker-sdk-go/checker"
)
func Provider() sdk.ObservationProvider {
return &srvProvider{}
}
type srvProvider struct{}
func (p *srvProvider) Key() sdk.ObservationKey {
return ObservationKeySRV
}

312
checker/report.go Normal file
View file

@ -0,0 +1,312 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"encoding/json"
"fmt"
"html/template"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type reportData struct {
ServiceDomain string
Records []reportRecord
Alerts []reportAlert
Totals reportTotals
}
type reportRecord struct {
Owner string
Service string
Proto string
Target string
Port uint16
Priority uint16
Weight uint16
IsNullTarget bool
IsCNAME bool
CNAMEChain string
Addresses []string
ResolveError string
Probes []reportProbe
}
type reportProbe struct {
Address string
Proto string
Connected bool
LatencyMs float64
Error string
StatusClass string
StatusLabel string
}
type reportAlert struct {
Severity string // "crit", "warn", "info"
Title string
Body template.HTML
}
type reportTotals struct {
Records int
OKProbes int
BadProbes int
}
var htmlTpl = template.Must(template.New("srv").Parse(`<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SRV Records Report</title>
<style>
*,*::before,*::after{box-sizing:border-box}
:root{font-family:system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;font-size:14px;line-height:1.5;color:#1f2937;background:#f3f4f6}
body{margin:0;padding:1rem}
code{font-family:ui-monospace,monospace;font-size:.9em}
h1{margin:0 0 .4rem;font-size:1.15rem}
h2{font-size:1rem;margin:0 0 .6rem}
h3{font-size:.9rem;font-weight:600;margin:0 0 .4rem}
.hd,.section{background:#fff;border-radius:10px;padding:1rem 1.25rem;margin-bottom:.75rem;box-shadow:0 1px 3px rgba(0,0,0,.08)}
.section{border-radius:8px;padding:.85rem 1rem;margin-bottom:.6rem}
.badge{display:inline-flex;align-items:center;padding:.2em .65em;border-radius:9999px;font-size:.78rem;font-weight:700}
.ok{background:#d1fae5;color:#065f46}
.warn{background:#fef3c7;color:#92400e}
.crit{background:#fee2e2;color:#991b1b}
.info{background:#dbeafe;color:#1e40af}
.alert{border-left:4px solid #d1d5db;padding:.6rem .85rem;margin-bottom:.55rem;background:#fff;border-radius:6px;box-shadow:0 1px 3px rgba(0,0,0,.05)}
.alert.crit{border-left-color:#dc2626}
.alert.warn{border-left-color:#d97706}
.alert.info{border-left-color:#2563eb}
.alert .title{font-weight:600;margin-bottom:.2rem}
.alert .body{font-size:.88rem;color:#374151}
.alert .body code{background:#f3f4f6;padding:.05rem .3rem;border-radius:3px}
.rec{border:1px solid #e5e7eb;border-radius:8px;padding:.7rem .85rem;margin-bottom:.55rem;background:#fff}
.rec-hd{display:flex;flex-wrap:wrap;align-items:center;gap:.5rem;margin-bottom:.4rem}
.rec-hd .target{font-family:ui-monospace,monospace;font-weight:600}
.rec-hd .meta{color:#6b7280;font-size:.82rem}
table{border-collapse:collapse;width:100%;font-size:.85rem;margin-top:.25rem}
th,td{text-align:left;padding:.3rem .5rem;border-bottom:1px solid #f3f4f6}
th{font-weight:600;color:#6b7280;background:#f9fafb}
.errmsg{color:#b91c1c}
.note{color:#6b7280;font-size:.85rem}
.totals{display:flex;flex-wrap:wrap;gap:.5rem;margin-top:.25rem}
.tot{background:#f3f4f6;border-radius:6px;padding:.25rem .6rem;font-size:.8rem}
</style>
</head>
<body>
<div class="hd">
<h1>SRV Records &mdash; {{if .ServiceDomain}}<code>{{.ServiceDomain}}</code>{{else}}service{{end}}</h1>
<div class="totals">
<span class="tot">{{.Totals.Records}} record(s)</span>
<span class="tot">{{.Totals.OKProbes}} reachable probe(s)</span>
{{if .Totals.BadProbes}}<span class="tot" style="background:#fee2e2;color:#991b1b">{{.Totals.BadProbes}} failed probe(s)</span>{{end}}
</div>
</div>
{{if .Alerts}}
<div class="section">
<h2>What needs attention</h2>
{{range .Alerts}}
<div class="alert {{.Severity}}">
<div class="title">{{.Title}}</div>
<div class="body">{{.Body}}</div>
</div>
{{end}}
</div>
{{end}}
<div class="section">
<h2>Records</h2>
{{range .Records}}
<div class="rec">
<div class="rec-hd">
<span class="target">{{if .IsNullTarget}}<em>(null target)</em>{{else}}{{.Target}}{{end}}:{{.Port}}</span>
<span class="meta">prio {{.Priority}} &middot; weight {{.Weight}}</span>
{{if .Service}}<span class="meta">_{{.Service}}._{{.Proto}}</span>{{end}}
{{if .IsNullTarget}}<span class="badge warn">null target</span>{{end}}
{{if .IsCNAME}}<span class="badge warn">target is CNAME</span>{{end}}
{{if .ResolveError}}<span class="badge crit">DNS error</span>{{end}}
</div>
{{if .CNAMEChain}}
<p class="note">CNAME chain: <code>{{.CNAMEChain}}</code> &mdash; RFC 2782 forbids a CNAME as SRV target.</p>
{{end}}
{{if .ResolveError}}
<p class="errmsg">Resolution failed: {{.ResolveError}}</p>
{{end}}
{{if .Addresses}}
<p class="note">Resolves to: {{range .Addresses}}<code>{{.}}</code> {{end}}</p>
{{end}}
{{if .Probes}}
<table>
<tr>
<th>Address</th><th>Proto</th><th>Status</th><th>Latency</th><th>Details</th>
</tr>
{{range .Probes}}
<tr>
<td><code>{{.Address}}</code></td>
<td>{{.Proto}}</td>
<td><span class="badge {{.StatusClass}}">{{.StatusLabel}}</span></td>
<td>{{if .LatencyMs}}{{printf "%.1f ms" .LatencyMs}}{{end}}</td>
<td>{{if .Error}}<span class="errmsg">{{.Error}}</span>{{end}}</td>
</tr>
{{end}}
</table>
{{end}}
</div>
{{end}}
</div>
</body>
</html>`))
func (p *srvProvider) GetHTMLReport(ctx sdk.ReportContext) (string, error) {
var d SRVData
if err := json.Unmarshal(ctx.Data(), &d); err != nil {
return "", fmt.Errorf("failed to unmarshal SRV report: %w", err)
}
rd := reportData{ServiceDomain: d.ServiceDomain}
rd.Totals.Records = len(d.Records)
var resolveFails, cnames, nulls []string
type tcpFailure struct{ owner, address, err string }
var tcpDown []tcpFailure
for _, r := range d.Records {
rec := reportRecord{
Owner: r.Owner,
Service: r.Service,
Proto: r.Proto,
Target: r.Target,
Port: r.Port,
Priority: r.Priority,
Weight: r.Weight,
IsNullTarget: r.IsNullTarget,
IsCNAME: r.IsCNAME,
Addresses: r.Addresses,
ResolveError: r.ResolveError,
}
if len(r.CNAMEChain) > 0 {
rec.CNAMEChain = strings.Join(r.CNAMEChain, " → ")
}
if r.IsNullTarget {
nulls = append(nulls, r.Owner)
}
if r.IsCNAME {
cnames = append(cnames, template.HTMLEscapeString(r.Target))
}
if r.ResolveError != "" {
resolveFails = append(resolveFails, fmt.Sprintf("%s (%s)",
template.HTMLEscapeString(r.Target),
template.HTMLEscapeString(r.ResolveError)))
}
for _, pr := range r.Probes {
rp := reportProbe{
Address: pr.Address,
Proto: pr.Proto,
Connected: pr.Connected,
LatencyMs: pr.LatencyMs,
Error: pr.Error,
}
switch {
case pr.Connected:
rp.StatusClass = "ok"
rp.StatusLabel = "reachable"
rd.Totals.OKProbes++
default:
rp.StatusClass = "crit"
rp.StatusLabel = "unreachable"
rd.Totals.BadProbes++
if pr.Proto == "tcp" {
tcpDown = append(tcpDown, tcpFailure{r.Owner, pr.Address, pr.Error})
}
}
rec.Probes = append(rec.Probes, rp)
}
rd.Records = append(rd.Records, rec)
}
if len(resolveFails) > 0 {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "crit",
Title: fmt.Sprintf("DNS resolution failed for %d SRV target(s)", len(resolveFails)),
Body: template.HTML(fmt.Sprintf(
"%s<br>Clients will not be able to reach the service. Fix: either publish A/AAAA records for the target(s), or remove the broken SRV record.",
strings.Join(resolveFails, "<br>"))),
})
}
if len(cnames) > 0 {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "warn",
Title: "SRV target is a CNAME (RFC 2782 violation)",
Body: template.HTML(fmt.Sprintf(
"Target(s): %s<br>RFC 2782 requires SRV targets to resolve directly to A/AAAA. "+
"Some clients will refuse to follow the CNAME. Fix: point the SRV record to a hostname with A/AAAA records, "+
"or replace the CNAME with an ALIAS/ANAME at the DNS provider.",
"<code>"+strings.Join(cnames, "</code>, <code>")+"</code>")),
})
}
if len(tcpDown) > 0 {
var items []string
for _, f := range tcpDown {
items = append(items, fmt.Sprintf("<code>%s</code> (%s): %s",
template.HTMLEscapeString(f.address),
template.HTMLEscapeString(f.owner),
template.HTMLEscapeString(f.err)))
}
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "crit",
Title: fmt.Sprintf("%d target(s) unreachable on their advertised TCP port", len(tcpDown)),
Body: template.HTML(strings.Join(items, "<br>") +
"<br>Check: (1) the server is running and bound to the right port; " +
"(2) firewall/security-group allows inbound TCP to that port; " +
"(3) the SRV record is not pointing at an old IP."),
})
}
if len(nulls) > 0 && len(nulls) == len(d.Records) {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "warn",
Title: "All SRV records use the null target (\".\"): service is explicitly disabled",
Body: template.HTML(
"RFC 2782 defines a single SRV record with target <code>\".\"</code> to signal that the service is " +
"intentionally not available. If this is what you want, the configuration is correct. " +
"If you expected clients to reach this service, replace the null target with a real hostname."),
})
}
var buf strings.Builder
if err := htmlTpl.Execute(&buf, rd); err != nil {
return "", fmt.Errorf("failed to render SRV HTML report: %w", err)
}
return buf.String(), nil
}

73
checker/rules.go Normal file
View file

@ -0,0 +1,73 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
sdk "git.happydns.org/checker-sdk-go/checker"
)
// One rule per concern so each failure is individually visible rather than buried in a single rule's Code field.
func Rules() []sdk.CheckRule {
return []sdk.CheckRule{
RulePresent(),
RuleNullTarget(),
RuleTargetNotCNAME(),
RuleTargetsResolve(),
RuleTCPReachable(),
RuleUDPReachable(),
RulePortValid(),
RulePriorityWeightSanity(),
RuleRedundancy(),
}
}
func getData(ctx context.Context, obs sdk.ObservationGetter) (*SRVData, *sdk.CheckState) {
var d SRVData
if err := obs.Get(ctx, ObservationKeySRV, &d); err != nil {
return nil, &sdk.CheckState{
Status: sdk.StatusError,
Message: fmt.Sprintf("Failed to load SRV observation: %v", err),
Code: "srv_obs_error",
}
}
return &d, nil
}
func countProbeResults(d *SRVData, proto string) (total, ok int, failed []string) {
for _, r := range d.Records {
if r.IsNullTarget || r.Proto != proto {
continue
}
for _, pr := range r.Probes {
total++
if pr.Connected {
ok++
} else {
failed = append(failed, fmt.Sprintf("%s: %s", pr.Address, pr.Error))
}
}
}
return
}

59
checker/rules_cname.go Normal file
View file

@ -0,0 +1,59 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type ruleTargetNotCNAME struct{}
func RuleTargetNotCNAME() sdk.CheckRule { return &ruleTargetNotCNAME{} }
func (ruleTargetNotCNAME) Name() string { return "srv_target_not_cname" }
func (ruleTargetNotCNAME) Description() string {
return "RFC 2782: SRV targets must resolve directly to A/AAAA, not through a CNAME."
}
func (ruleTargetNotCNAME) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
var bad []string
for _, r := range d.Records {
if r.IsNullTarget {
continue
}
if r.IsCNAME {
bad = append(bad, r.Target)
}
}
if len(bad) == 0 {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_targets_not_cname",
Message: "All SRV targets resolve directly (no CNAME)."}}
}
return []sdk.CheckState{{Status: sdk.StatusWarn, Code: "srv_targets_are_cname",
Message: fmt.Sprintf("RFC 2782 violation, SRV target(s) are CNAMEs: %s", strings.Join(bad, ", "))}}
}

60
checker/rules_null_target.go Normal file
View file

@ -0,0 +1,60 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type ruleNullTarget struct{}
func RuleNullTarget() sdk.CheckRule { return &ruleNullTarget{} }
func (ruleNullTarget) Name() string { return "srv_null_target" }
func (ruleNullTarget) Description() string {
return "Detects SRV records with target \".\", which signals the service is intentionally not available."
}
func (ruleNullTarget) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
var nulls []string
for _, r := range d.Records {
if r.IsNullTarget {
nulls = append(nulls, r.Owner)
}
}
if len(nulls) == 0 {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_no_null",
Message: "No null-target SRV records."}}
}
if len(nulls) == len(d.Records) {
return []sdk.CheckState{{Status: sdk.StatusWarn, Code: "srv_all_null",
Message: fmt.Sprintf("All %d SRV records use null target (\".\"): service explicitly disabled.", len(nulls))}}
}
return []sdk.CheckState{{Status: sdk.StatusInfo, Code: "srv_some_null",
Message: fmt.Sprintf("%d record(s) have null target: %s", len(nulls), strings.Join(nulls, ", "))}}
}

67
checker/rules_port.go Normal file
View file

@ -0,0 +1,67 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
// Port 0 is valid on the wire but no client can connect to it; null targets are exempt since their port is irrelevant.
type rulePortValid struct{}
func RulePortValid() sdk.CheckRule { return &rulePortValid{} }
func (rulePortValid) Name() string { return "srv_port_valid" }
func (rulePortValid) Description() string {
return "SRV records advertise a non-zero port that clients can actually connect to."
}
func (rulePortValid) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
var bad []string
var checked int
for _, r := range d.Records {
if r.IsNullTarget {
continue
}
checked++
if r.Port == 0 {
bad = append(bad, fmt.Sprintf("%s (port %d)", r.Owner, r.Port))
}
}
if checked == 0 {
return []sdk.CheckState{{Status: sdk.StatusInfo, Code: "srv_port_na",
Message: "No active SRV targets to check ports on."}}
}
if len(bad) == 0 {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_port_ok",
Message: fmt.Sprintf("All %d SRV record(s) advertise a non-zero port.", checked)}}
}
return []sdk.CheckState{{Status: sdk.StatusCrit, Code: "srv_port_zero",
Message: fmt.Sprintf("SRV record(s) advertise port 0: %s", strings.Join(bad, ", "))}}
}

49
checker/rules_present.go Normal file
View file

@ -0,0 +1,49 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type rulePresent struct{}
func RulePresent() sdk.CheckRule { return &rulePresent{} }
func (rulePresent) Name() string { return "srv_records_present" }
func (rulePresent) Description() string {
return "At least one SRV record is published for this service."
}
func (rulePresent) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
if len(d.Records) == 0 {
return []sdk.CheckState{{Status: sdk.StatusCrit, Code: "srv_missing",
Message: "No SRV records published."}}
}
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_present",
Message: fmt.Sprintf("%d SRV record(s) published.", len(d.Records))}}
}

107
checker/rules_priority_weight.go Normal file
View file

@ -0,0 +1,107 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
// Single-priority with multiple targets is Info (not Warn) because it is legal; all-zero-weight within a group is Warn because it almost always indicates a misconfiguration.
type rulePriorityWeightSanity struct{}
func RulePriorityWeightSanity() sdk.CheckRule { return &rulePriorityWeightSanity{} }
func (rulePriorityWeightSanity) Name() string { return "srv_priority_weight_sanity" }
func (rulePriorityWeightSanity) Description() string {
return "Priority/weight values follow RFC 2782 conventions (failover present, weights meaningful)."
}
func (rulePriorityWeightSanity) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
type groupKey struct{ owner string }
type group struct {
priorities map[uint16]int
zeroWeight map[uint16]int
}
groups := map[groupKey]*group{}
for _, r := range d.Records {
if r.IsNullTarget {
continue
}
k := groupKey{owner: r.Owner}
g := groups[k]
if g == nil {
g = &group{priorities: map[uint16]int{}, zeroWeight: map[uint16]int{}}
groups[k] = g
}
g.priorities[r.Priority]++
if r.Weight == 0 {
g.zeroWeight[r.Priority]++
}
}
if len(groups) == 0 {
return []sdk.CheckState{{Status: sdk.StatusInfo, Code: "srv_prio_weight_na",
Message: "No active SRV records to analyse."}}
}
var noFailover []string
var zeroWeightGroups []string
for k, g := range groups {
if len(g.priorities) < 2 {
total := 0
for _, c := range g.priorities {
total += c
}
if total > 1 {
noFailover = append(noFailover, k.owner)
}
}
for prio, zc := range g.zeroWeight {
if zc > 1 && zc == g.priorities[prio] {
zeroWeightGroups = append(zeroWeightGroups, fmt.Sprintf("%s@prio=%d", k.owner, prio))
}
}
}
var out []sdk.CheckState
if len(zeroWeightGroups) > 0 {
out = append(out, sdk.CheckState{Status: sdk.StatusWarn, Code: "srv_weight_all_zero",
Message: fmt.Sprintf("Priority group(s) with multiple targets all weighted 0: %s", strings.Join(zeroWeightGroups, ", "))})
}
if len(noFailover) > 0 {
out = append(out, sdk.CheckState{Status: sdk.StatusInfo, Code: "srv_single_priority",
Message: fmt.Sprintf("Service(s) with multiple records but a single priority tier (no failover): %s", strings.Join(noFailover, ", "))})
}
if len(out) == 0 {
out = append(out, sdk.CheckState{Status: sdk.StatusOK, Code: "srv_prio_weight_ok",
Message: "Priority and weight values are consistent with RFC 2782 conventions."})
}
return out
}

84
checker/rules_reachable.go Normal file
View file

@ -0,0 +1,84 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type ruleTCPReachable struct{}
func RuleTCPReachable() sdk.CheckRule { return &ruleTCPReachable{} }
func (ruleTCPReachable) Name() string { return "srv_tcp_reachable" }
func (ruleTCPReachable) Description() string {
return "Every TCP SRV target:port accepts a TCP connection."
}
func (ruleTCPReachable) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
total, ok, failed := countProbeResults(d, protoTCP)
if total == 0 {
return []sdk.CheckState{{Status: sdk.StatusUnknown, Code: "srv_tcp_na",
Message: "No TCP targets to test."}}
}
if ok == total {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_tcp_ok",
Message: fmt.Sprintf("All %d TCP target(s) reachable.", total)}}
}
if ok == 0 {
return []sdk.CheckState{{Status: sdk.StatusCrit, Code: "srv_tcp_all_down",
Message: fmt.Sprintf("All %d TCP target(s) unreachable: %s", total, strings.Join(failed, "; "))}}
}
return []sdk.CheckState{{Status: sdk.StatusWarn, Code: "srv_tcp_partial",
Message: fmt.Sprintf("%d/%d TCP target(s) unreachable: %s", total-ok, total, strings.Join(failed, "; "))}}
}
type ruleUDPReachable struct{}
func RuleUDPReachable() sdk.CheckRule { return &ruleUDPReachable{} }
func (ruleUDPReachable) Name() string { return "srv_udp_reachable" }
func (ruleUDPReachable) Description() string {
return "UDP SRV targets do not return ICMP port-unreachable."
}
func (ruleUDPReachable) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
total, ok, failed := countProbeResults(d, protoUDP)
if total == 0 {
return []sdk.CheckState{{Status: sdk.StatusUnknown, Code: "srv_udp_na",
Message: "No UDP targets to test."}}
}
if ok == total {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_udp_ok",
Message: fmt.Sprintf("All %d UDP target(s) reachable.", total)}}
}
return []sdk.CheckState{{Status: sdk.StatusWarn, Code: "srv_udp_issue",
Message: fmt.Sprintf("%d/%d UDP target(s) reported port unreachable: %s", total-ok, total, strings.Join(failed, "; "))}}
}

60
checker/rules_redundancy.go Normal file
View file

@ -0,0 +1,60 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type ruleRedundancy struct{}
func RuleRedundancy() sdk.CheckRule { return &ruleRedundancy{} }
func (ruleRedundancy) Name() string { return "srv_redundancy" }
func (ruleRedundancy) Description() string {
return "At least two distinct SRV targets exist (avoids single point of failure)."
}
func (ruleRedundancy) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
targets := map[string]bool{}
for _, r := range d.Records {
if r.IsNullTarget {
continue
}
targets[r.Target] = true
}
if len(targets) >= 2 {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_redundant",
Message: fmt.Sprintf("%d distinct targets.", len(targets))}}
}
if len(targets) == 1 {
return []sdk.CheckState{{Status: sdk.StatusInfo, Code: "srv_single_target",
Message: "Single SRV target: no redundancy at DNS level."}}
}
return []sdk.CheckState{{Status: sdk.StatusUnknown, Code: "srv_no_targets_redundancy",
Message: "No usable SRV targets."}}
}

65
checker/rules_resolve.go Normal file
View file

@ -0,0 +1,65 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package checker
import (
"context"
"fmt"
"strings"
sdk "git.happydns.org/checker-sdk-go/checker"
)
type ruleTargetsResolve struct{}
func RuleTargetsResolve() sdk.CheckRule { return &ruleTargetsResolve{} }
func (ruleTargetsResolve) Name() string { return "srv_targets_resolve" }
func (ruleTargetsResolve) Description() string {
return "Every SRV target resolves to at least one A/AAAA address."
}
func (ruleTargetsResolve) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
d, cs := getData(ctx, obs)
if cs != nil {
return []sdk.CheckState{*cs}
}
var failed []string
var checked int
for _, r := range d.Records {
if r.IsNullTarget {
continue
}
checked++
if len(r.Addresses) == 0 {
failed = append(failed, fmt.Sprintf("%s (%s)", r.Target, r.ResolveError))
}
}
if checked == 0 {
return []sdk.CheckState{{Status: sdk.StatusUnknown, Code: "srv_no_targets",
Message: "No resolvable targets to test."}}
}
if len(failed) == 0 {
return []sdk.CheckState{{Status: sdk.StatusOK, Code: "srv_all_resolve",
Message: fmt.Sprintf("All %d target(s) resolve.", checked)}}
}
return []sdk.CheckState{{Status: sdk.StatusCrit, Code: "srv_resolve_fail",
Message: fmt.Sprintf("Target(s) failed DNS resolution: %s", strings.Join(failed, "; "))}}
}

73
checker/types.go Normal file
View file

@ -0,0 +1,73 @@
// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.
//
// This program is offered under a commercial and under the AGPL license.
// For commercial licensing, contact us at <contact@happydomain.org>.
//
// For AGPL licensing:
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
// Package checker implements the generic SRV records checker for happyDomain.
//
// TLS/certificate testing is intentionally out of scope: it is handled by a
// dedicated TLS checker.
package checker
import (
sdk "git.happydns.org/checker-sdk-go/checker"
)
const ObservationKeySRV sdk.ObservationKey = "srv_records"
const (
protoTCP = "tcp"
protoUDP = "udp"
)
type SRVRecord struct {
Service string `json:"service"`
Proto string `json:"proto"`
Owner string `json:"owner"`
Target string `json:"target"`
Port uint16 `json:"port"`
Priority uint16 `json:"priority"`
Weight uint16 `json:"weight"`
IsNullTarget bool `json:"isNullTarget,omitempty"` // target == "." means "no service"
IsCNAME bool `json:"isCNAME,omitempty"` // RFC 2782: MUST NOT be CNAME
CNAMEChain []string `json:"cnameChain,omitempty"`
Addresses []string `json:"addresses,omitempty"`
ResolveError string `json:"resolveError,omitempty"`
Probes []ProbeResult `json:"probes,omitempty"`
}
type ProbeResult struct {
Address string `json:"address"`
Proto string `json:"proto"`
// Connected reports whether the probe should be treated as reachable.
// For TCP this is a true handshake. For UDP, where silent drops are
// indistinguishable from a working service, a timeout also sets
// Connected=true and populates Error with an explanatory note: the
// rule treats "no ICMP unreachable" as best-effort reachable.
Connected bool `json:"connected"`
LatencyMs float64 `json:"latencyMs,omitempty"`
Error string `json:"error,omitempty"`
}
type SRVData struct {
ServiceDomain string `json:"serviceDomain"`
Records []SRVRecord `json:"records"`
}