Compare commits

..

2 commits

Author SHA1 Message Date
b33c8497a2 Bump git.happydns.org/checker-tls to v0.7.0
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
2026-05-18 11:20:50 +08:00
0a41c706aa Use ctx.States() for alert cards in HTML report
Build alert cards from rule states when available; fall back to
raw-data analysis (resolve failures, CNAME violations, unreachable
targets) when states are absent.
2026-05-18 11:19:13 +08:00
3 changed files with 75 additions and 48 deletions

View file

@ -256,52 +256,79 @@ func (p *srvProvider) GetHTMLReport(ctx sdk.ReportContext) (string, error) {
rd.Records = append(rd.Records, rec)
}
if len(resolveFails) > 0 {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "crit",
Title: fmt.Sprintf("DNS resolution failed for %d SRV target(s)", len(resolveFails)),
Body: template.HTML(fmt.Sprintf(
"%s<br>Clients will not be able to reach the service. Fix: either publish A/AAAA records for the target(s), or remove the broken SRV record.",
strings.Join(resolveFails, "<br>"))),
})
}
if len(cnames) > 0 {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "warn",
Title: "SRV target is a CNAME (RFC 2782 violation)",
Body: template.HTML(fmt.Sprintf(
"Target(s): %s<br>RFC 2782 requires SRV targets to resolve directly to A/AAAA. "+
"Some clients will refuse to follow the CNAME. Fix: point the SRV record to a hostname with A/AAAA records, "+
"or replace the CNAME with an ALIAS/ANAME at the DNS provider.",
"<code>"+strings.Join(cnames, "</code>, <code>")+"</code>")),
})
}
if len(tcpDown) > 0 {
var items []string
for _, f := range tcpDown {
items = append(items, fmt.Sprintf("<code>%s</code> (%s): %s",
template.HTMLEscapeString(f.address),
template.HTMLEscapeString(f.owner),
template.HTMLEscapeString(f.err)))
// Build alerts from rule states when available; fall back to raw-data
// analysis when the host hasn't threaded rule output through yet.
states := ctx.States()
if len(states) > 0 {
for _, st := range states {
sev := ""
switch st.Status {
case sdk.StatusCrit, sdk.StatusError:
sev = "crit"
case sdk.StatusWarn:
sev = "warn"
case sdk.StatusInfo:
sev = "info"
default:
continue
}
alert := reportAlert{
Severity: sev,
Title: st.Message,
}
if fix, ok := st.Meta["fix"].(string); ok && fix != "" {
alert.Body = template.HTML(template.HTMLEscapeString(fix))
}
rd.Alerts = append(rd.Alerts, alert)
}
} else {
if len(resolveFails) > 0 {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "crit",
Title: fmt.Sprintf("DNS resolution failed for %d SRV target(s)", len(resolveFails)),
Body: template.HTML(fmt.Sprintf(
"%s<br>Clients will not be able to reach the service. Fix: either publish A/AAAA records for the target(s), or remove the broken SRV record.",
strings.Join(resolveFails, "<br>"))),
})
}
if len(cnames) > 0 {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "warn",
Title: "SRV target is a CNAME (RFC 2782 violation)",
Body: template.HTML(fmt.Sprintf(
"Target(s): %s<br>RFC 2782 requires SRV targets to resolve directly to A/AAAA. "+
"Some clients will refuse to follow the CNAME. Fix: point the SRV record to a hostname with A/AAAA records, "+
"or replace the CNAME with an ALIAS/ANAME at the DNS provider.",
"<code>"+strings.Join(cnames, "</code>, <code>")+"</code>")),
})
}
if len(tcpDown) > 0 {
var items []string
for _, f := range tcpDown {
items = append(items, fmt.Sprintf("<code>%s</code> (%s): %s",
template.HTMLEscapeString(f.address),
template.HTMLEscapeString(f.owner),
template.HTMLEscapeString(f.err)))
}
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "crit",
Title: fmt.Sprintf("%d target(s) unreachable on their advertised TCP port", len(tcpDown)),
Body: template.HTML(strings.Join(items, "<br>") +
"<br>Check: (1) the server is running and bound to the right port; " +
"(2) firewall/security-group allows inbound TCP to that port; " +
"(3) the SRV record is not pointing at an old IP."),
})
}
if len(nulls) > 0 && len(nulls) == len(d.Records) {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "warn",
Title: "All SRV records use the null target (\".\"): service is explicitly disabled",
Body: template.HTML(
"RFC 2782 defines a single SRV record with target <code>\".\"</code> to signal that the service is " +
"intentionally not available. If this is what you want, the configuration is correct. " +
"If you expected clients to reach this service, replace the null target with a real hostname."),
})
}
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "crit",
Title: fmt.Sprintf("%d target(s) unreachable on their advertised TCP port", len(tcpDown)),
Body: template.HTML(strings.Join(items, "<br>") +
"<br>Check: (1) the server is running and bound to the right port; " +
"(2) firewall/security-group allows inbound TCP to that port; " +
"(3) the SRV record is not pointing at an old IP."),
})
}
if len(nulls) > 0 && len(nulls) == len(d.Records) {
rd.Alerts = append(rd.Alerts, reportAlert{
Severity: "warn",
Title: "All SRV records use the null target (\".\"): service is explicitly disabled",
Body: template.HTML(
"RFC 2782 defines a single SRV record with target <code>\".\"</code> to signal that the service is " +
"intentionally not available. If this is what you want, the configuration is correct. " +
"If you expected clients to reach this service, replace the null target with a real hostname."),
})
}
var buf strings.Builder

2
go.mod
View file

@ -4,7 +4,7 @@ go 1.25.0
require (
git.happydns.org/checker-sdk-go v1.7.0
git.happydns.org/checker-tls v0.6.2
git.happydns.org/checker-tls v0.7.0
git.happydns.org/happyDomain v0.7.0
)

4
go.sum
View file

@ -1,7 +1,7 @@
git.happydns.org/checker-sdk-go v1.7.0 h1:dSgo2js5mfXluLc6x0WWZ0MQULd9XV2GI9z0Usk+Qgw=
git.happydns.org/checker-sdk-go v1.7.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
git.happydns.org/checker-tls v0.6.2 h1:8oKia1XlD+tklyqrwzmUgFH1Kw8VLSLLF9suZ7Qr14E=
git.happydns.org/checker-tls v0.6.2/go.mod h1:9tpnxg0iOwS+7If64DRG1jqYonUAgxOBuxwfF5mVkL4=
git.happydns.org/checker-tls v0.7.0 h1:mfNHYbHMGS40y+N2rudC2svT/xLK7KCiSa7V8/RhcTM=
git.happydns.org/checker-tls v0.7.0/go.mod h1:wlY4UI3owvqMAtOcXLmskpTpZ7xPjuiV6M42+rFZDQo=
git.happydns.org/happyDomain v0.7.0 h1:NV82/NbcSeRm0+IUZqaK3Vu9Ovl5+vv4AigUJZMdwws=
git.happydns.org/happyDomain v0.7.0/go.mod h1:5tgkmqFE65kK359rY49V++49wgZ0gco+Gh9X6tbL+bY=
github.com/bytedance/gopkg v0.1.4 h1:oZnQwnX82KAIWb7033bEwtxvTqXcYMxDBaQxo5JJHWM=