Initial commit
Generic SRV records checker for happyDomain.
For each SRV record attached to an svcs.UnknownSRV service, the checker
resolves every target and probes reachability:
- DNS resolution (A/AAAA), CNAME detection (RFC 2782 violation),
null-target detection (RFC 2782 "service explicitly unavailable")
- TCP connect to target:port for _tcp SRVs
- UDP probe for _udp SRVs, using ICMP port-unreachable detection
The checker also publishes TLS endpoints (host, port, SNI) for every
SRV target hitting a well-known direct-TLS port (443, 465, 636, 853,
993, 995, 5061, 5223, …) via the EndpointDiscoverer SDK interface, so
a downstream TLS checker can pick them up.
The HTML report groups records as cards and surfaces the most common
failure scenarios (DNS failure, CNAME target, TCP unreachable,
null-target) at the top with remediation guidance.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
commit
9f7b585517
14 changed files with 1348 additions and 0 deletions
72
checker/provider.go
Normal file
72
checker/provider.go
Normal file
|
|
@ -0,0 +1,72 @@
|
|||
package checker
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
sdk "git.happydns.org/checker-sdk-go/checker"
|
||||
)
|
||||
|
||||
func Provider() sdk.ObservationProvider {
|
||||
return &srvProvider{}
|
||||
}
|
||||
|
||||
type srvProvider struct{}
|
||||
|
||||
func (p *srvProvider) Key() sdk.ObservationKey {
|
||||
return ObservationKeySRV
|
||||
}
|
||||
|
||||
func (p *srvProvider) Definition() *sdk.CheckerDefinition {
|
||||
return Definition()
|
||||
}
|
||||
|
||||
// directTLSPorts lists TCP ports where clients speak TLS immediately upon
|
||||
// connection (as opposed to STARTTLS upgrades). A dedicated TLS checker
|
||||
// consumes these endpoints to validate certificates.
|
||||
var directTLSPorts = map[uint16]bool{
|
||||
443: true, // HTTPS
|
||||
465: true, // SMTPS
|
||||
563: true, // NNTPS
|
||||
636: true, // LDAPS
|
||||
853: true, // DoT
|
||||
989: true, // FTPS data
|
||||
990: true, // FTPS control
|
||||
992: true, // Telnet/TLS
|
||||
993: true, // IMAPS
|
||||
995: true, // POP3S
|
||||
5061: true, // SIPS
|
||||
5223: true, // XMPP client TLS
|
||||
5349: true, // STUN/TURN/TLS
|
||||
6697: true, // IRCS
|
||||
8443: true, // HTTPS alt
|
||||
}
|
||||
|
||||
// DiscoverEndpoints is invoked by the host right after Collect. It declares
|
||||
// (host, port) pairs worth testing by other checkers — here: TLS endpoints
|
||||
// whose SRV target points at a well-known direct-TLS port.
|
||||
//
|
||||
// STARTTLS SRVs (e.g. _xmpp-server._tcp on 5269, _sips._tcp notwithstanding)
|
||||
// are intentionally not emitted yet: a dedicated "smtp-starttls" / "xmpp-starttls"
|
||||
// endpoint type will be defined when the TLS checker grows that capability.
|
||||
func (p *srvProvider) DiscoverEndpoints(data any) ([]sdk.DiscoveredEndpoint, error) {
|
||||
d, ok := data.(*SRVData)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unexpected data type %T", data)
|
||||
}
|
||||
var out []sdk.DiscoveredEndpoint
|
||||
for _, r := range d.Records {
|
||||
if r.IsNullTarget || r.Target == "" {
|
||||
continue
|
||||
}
|
||||
if !directTLSPorts[r.Port] {
|
||||
continue
|
||||
}
|
||||
out = append(out, sdk.DiscoveredEndpoint{
|
||||
Type: "tls",
|
||||
Host: r.Target,
|
||||
Port: r.Port,
|
||||
SNI: r.Target,
|
||||
})
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue