Pierre-Olivier Mercier
90f1b4943f
Generic SRV records checker for happyDomain.
For each SRV record attached to an svcs.UnknownSRV service, the checker
resolves every target and probes reachability:
- DNS resolution (A/AAAA), CNAME detection (RFC 2782 violation),
null-target detection (RFC 2782 "service explicitly unavailable")
- TCP connect to target:port for _tcp SRVs
- UDP probe for _udp SRVs, using ICMP port-unreachable detection
The checker also publishes TLS endpoints (host, port, SNI) for every
SRV target hitting a well-known direct-TLS port (443, 465, 636, 853,
993, 995, 5061, 5223, …) via the EndpointDiscoverer SDK interface, so
a downstream TLS checker can pick them up.
The HTML report groups records as cards and surfaces the most common
failure scenarios (DNS failure, CNAME target, TCP unreachable,
null-target) at the top with remediation guidance.
312 lines
10 KiB
Go
312 lines
10 KiB
Go
// This file is part of the happyDomain (R) project.
|
|
// Copyright (c) 2020-2026 happyDomain
|
|
// Authors: Pierre-Olivier Mercier, et al.
|
|
//
|
|
// This program is offered under a commercial and under the AGPL license.
|
|
// For commercial licensing, contact us at <contact@happydomain.org>.
|
|
//
|
|
// For AGPL licensing:
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package checker
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"html/template"
|
|
"strings"
|
|
|
|
sdk "git.happydns.org/checker-sdk-go/checker"
|
|
)
|
|
|
|
type reportData struct {
|
|
ServiceDomain string
|
|
Records []reportRecord
|
|
Alerts []reportAlert
|
|
Totals reportTotals
|
|
}
|
|
|
|
type reportRecord struct {
|
|
Owner string
|
|
Service string
|
|
Proto string
|
|
Target string
|
|
Port uint16
|
|
Priority uint16
|
|
Weight uint16
|
|
IsNullTarget bool
|
|
IsCNAME bool
|
|
CNAMEChain string
|
|
Addresses []string
|
|
ResolveError string
|
|
Probes []reportProbe
|
|
}
|
|
|
|
type reportProbe struct {
|
|
Address string
|
|
Proto string
|
|
Connected bool
|
|
LatencyMs float64
|
|
Error string
|
|
StatusClass string
|
|
StatusLabel string
|
|
}
|
|
|
|
type reportAlert struct {
|
|
Severity string // "crit", "warn", "info"
|
|
Title string
|
|
Body template.HTML
|
|
}
|
|
|
|
type reportTotals struct {
|
|
Records int
|
|
OKProbes int
|
|
BadProbes int
|
|
}
|
|
|
|
var htmlTpl = template.Must(template.New("srv").Parse(`<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>SRV Records Report</title>
|
|
<style>
|
|
*,*::before,*::after{box-sizing:border-box}
|
|
:root{font-family:system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;font-size:14px;line-height:1.5;color:#1f2937;background:#f3f4f6}
|
|
body{margin:0;padding:1rem}
|
|
code{font-family:ui-monospace,monospace;font-size:.9em}
|
|
h1{margin:0 0 .4rem;font-size:1.15rem}
|
|
h2{font-size:1rem;margin:0 0 .6rem}
|
|
h3{font-size:.9rem;font-weight:600;margin:0 0 .4rem}
|
|
.hd,.section{background:#fff;border-radius:10px;padding:1rem 1.25rem;margin-bottom:.75rem;box-shadow:0 1px 3px rgba(0,0,0,.08)}
|
|
.section{border-radius:8px;padding:.85rem 1rem;margin-bottom:.6rem}
|
|
.badge{display:inline-flex;align-items:center;padding:.2em .65em;border-radius:9999px;font-size:.78rem;font-weight:700}
|
|
.ok{background:#d1fae5;color:#065f46}
|
|
.warn{background:#fef3c7;color:#92400e}
|
|
.crit{background:#fee2e2;color:#991b1b}
|
|
.info{background:#dbeafe;color:#1e40af}
|
|
.alert{border-left:4px solid #d1d5db;padding:.6rem .85rem;margin-bottom:.55rem;background:#fff;border-radius:6px;box-shadow:0 1px 3px rgba(0,0,0,.05)}
|
|
.alert.crit{border-left-color:#dc2626}
|
|
.alert.warn{border-left-color:#d97706}
|
|
.alert.info{border-left-color:#2563eb}
|
|
.alert .title{font-weight:600;margin-bottom:.2rem}
|
|
.alert .body{font-size:.88rem;color:#374151}
|
|
.alert .body code{background:#f3f4f6;padding:.05rem .3rem;border-radius:3px}
|
|
.rec{border:1px solid #e5e7eb;border-radius:8px;padding:.7rem .85rem;margin-bottom:.55rem;background:#fff}
|
|
.rec-hd{display:flex;flex-wrap:wrap;align-items:center;gap:.5rem;margin-bottom:.4rem}
|
|
.rec-hd .target{font-family:ui-monospace,monospace;font-weight:600}
|
|
.rec-hd .meta{color:#6b7280;font-size:.82rem}
|
|
table{border-collapse:collapse;width:100%;font-size:.85rem;margin-top:.25rem}
|
|
th,td{text-align:left;padding:.3rem .5rem;border-bottom:1px solid #f3f4f6}
|
|
th{font-weight:600;color:#6b7280;background:#f9fafb}
|
|
.errmsg{color:#b91c1c}
|
|
.note{color:#6b7280;font-size:.85rem}
|
|
.totals{display:flex;flex-wrap:wrap;gap:.5rem;margin-top:.25rem}
|
|
.tot{background:#f3f4f6;border-radius:6px;padding:.25rem .6rem;font-size:.8rem}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
|
|
<div class="hd">
|
|
<h1>SRV Records — {{if .ServiceDomain}}<code>{{.ServiceDomain}}</code>{{else}}service{{end}}</h1>
|
|
<div class="totals">
|
|
<span class="tot">{{.Totals.Records}} record(s)</span>
|
|
<span class="tot">{{.Totals.OKProbes}} reachable probe(s)</span>
|
|
{{if .Totals.BadProbes}}<span class="tot" style="background:#fee2e2;color:#991b1b">{{.Totals.BadProbes}} failed probe(s)</span>{{end}}
|
|
</div>
|
|
</div>
|
|
|
|
{{if .Alerts}}
|
|
<div class="section">
|
|
<h2>What needs attention</h2>
|
|
{{range .Alerts}}
|
|
<div class="alert {{.Severity}}">
|
|
<div class="title">{{.Title}}</div>
|
|
<div class="body">{{.Body}}</div>
|
|
</div>
|
|
{{end}}
|
|
</div>
|
|
{{end}}
|
|
|
|
<div class="section">
|
|
<h2>Records</h2>
|
|
{{range .Records}}
|
|
<div class="rec">
|
|
<div class="rec-hd">
|
|
<span class="target">{{if .IsNullTarget}}<em>(null target)</em>{{else}}{{.Target}}{{end}}:{{.Port}}</span>
|
|
<span class="meta">prio {{.Priority}} · weight {{.Weight}}</span>
|
|
{{if .Service}}<span class="meta">_{{.Service}}._{{.Proto}}</span>{{end}}
|
|
{{if .IsNullTarget}}<span class="badge warn">null target</span>{{end}}
|
|
{{if .IsCNAME}}<span class="badge warn">target is CNAME</span>{{end}}
|
|
{{if .ResolveError}}<span class="badge crit">DNS error</span>{{end}}
|
|
</div>
|
|
|
|
{{if .CNAMEChain}}
|
|
<p class="note">CNAME chain: <code>{{.CNAMEChain}}</code> — RFC 2782 forbids a CNAME as SRV target.</p>
|
|
{{end}}
|
|
|
|
{{if .ResolveError}}
|
|
<p class="errmsg">Resolution failed: {{.ResolveError}}</p>
|
|
{{end}}
|
|
|
|
{{if .Addresses}}
|
|
<p class="note">Resolves to: {{range .Addresses}}<code>{{.}}</code> {{end}}</p>
|
|
{{end}}
|
|
|
|
{{if .Probes}}
|
|
<table>
|
|
<tr>
|
|
<th>Address</th><th>Proto</th><th>Status</th><th>Latency</th><th>Details</th>
|
|
</tr>
|
|
{{range .Probes}}
|
|
<tr>
|
|
<td><code>{{.Address}}</code></td>
|
|
<td>{{.Proto}}</td>
|
|
<td><span class="badge {{.StatusClass}}">{{.StatusLabel}}</span></td>
|
|
<td>{{if .LatencyMs}}{{printf "%.1f ms" .LatencyMs}}{{end}}</td>
|
|
<td>{{if .Error}}<span class="errmsg">{{.Error}}</span>{{end}}</td>
|
|
</tr>
|
|
{{end}}
|
|
</table>
|
|
{{end}}
|
|
</div>
|
|
{{end}}
|
|
</div>
|
|
|
|
</body>
|
|
</html>`))
|
|
|
|
func (p *srvProvider) GetHTMLReport(ctx sdk.ReportContext) (string, error) {
|
|
var d SRVData
|
|
if err := json.Unmarshal(ctx.Data(), &d); err != nil {
|
|
return "", fmt.Errorf("failed to unmarshal SRV report: %w", err)
|
|
}
|
|
|
|
rd := reportData{ServiceDomain: d.ServiceDomain}
|
|
rd.Totals.Records = len(d.Records)
|
|
|
|
var resolveFails, cnames, nulls []string
|
|
type tcpFailure struct{ owner, address, err string }
|
|
var tcpDown []tcpFailure
|
|
|
|
for _, r := range d.Records {
|
|
rec := reportRecord{
|
|
Owner: r.Owner,
|
|
Service: r.Service,
|
|
Proto: r.Proto,
|
|
Target: r.Target,
|
|
Port: r.Port,
|
|
Priority: r.Priority,
|
|
Weight: r.Weight,
|
|
IsNullTarget: r.IsNullTarget,
|
|
IsCNAME: r.IsCNAME,
|
|
Addresses: r.Addresses,
|
|
ResolveError: r.ResolveError,
|
|
}
|
|
if len(r.CNAMEChain) > 0 {
|
|
rec.CNAMEChain = strings.Join(r.CNAMEChain, " → ")
|
|
}
|
|
|
|
if r.IsNullTarget {
|
|
nulls = append(nulls, r.Owner)
|
|
}
|
|
if r.IsCNAME {
|
|
cnames = append(cnames, template.HTMLEscapeString(r.Target))
|
|
}
|
|
if r.ResolveError != "" {
|
|
resolveFails = append(resolveFails, fmt.Sprintf("%s (%s)",
|
|
template.HTMLEscapeString(r.Target),
|
|
template.HTMLEscapeString(r.ResolveError)))
|
|
}
|
|
|
|
for _, pr := range r.Probes {
|
|
rp := reportProbe{
|
|
Address: pr.Address,
|
|
Proto: pr.Proto,
|
|
Connected: pr.Connected,
|
|
LatencyMs: pr.LatencyMs,
|
|
Error: pr.Error,
|
|
}
|
|
switch {
|
|
case pr.Connected:
|
|
rp.StatusClass = "ok"
|
|
rp.StatusLabel = "reachable"
|
|
rd.Totals.OKProbes++
|
|
default:
|
|
rp.StatusClass = "crit"
|
|
rp.StatusLabel = "unreachable"
|
|
rd.Totals.BadProbes++
|
|
if pr.Proto == "tcp" {
|
|
tcpDown = append(tcpDown, tcpFailure{r.Owner, pr.Address, pr.Error})
|
|
}
|
|
}
|
|
rec.Probes = append(rec.Probes, rp)
|
|
}
|
|
rd.Records = append(rd.Records, rec)
|
|
}
|
|
|
|
if len(resolveFails) > 0 {
|
|
rd.Alerts = append(rd.Alerts, reportAlert{
|
|
Severity: "crit",
|
|
Title: fmt.Sprintf("DNS resolution failed for %d SRV target(s)", len(resolveFails)),
|
|
Body: template.HTML(fmt.Sprintf(
|
|
"%s<br>Clients will not be able to reach the service. Fix: either publish A/AAAA records for the target(s), or remove the broken SRV record.",
|
|
strings.Join(resolveFails, "<br>"))),
|
|
})
|
|
}
|
|
if len(cnames) > 0 {
|
|
rd.Alerts = append(rd.Alerts, reportAlert{
|
|
Severity: "warn",
|
|
Title: "SRV target is a CNAME (RFC 2782 violation)",
|
|
Body: template.HTML(fmt.Sprintf(
|
|
"Target(s): %s<br>RFC 2782 requires SRV targets to resolve directly to A/AAAA. "+
|
|
"Some clients will refuse to follow the CNAME. Fix: point the SRV record to a hostname with A/AAAA records, "+
|
|
"or replace the CNAME with an ALIAS/ANAME at the DNS provider.",
|
|
"<code>"+strings.Join(cnames, "</code>, <code>")+"</code>")),
|
|
})
|
|
}
|
|
if len(tcpDown) > 0 {
|
|
var items []string
|
|
for _, f := range tcpDown {
|
|
items = append(items, fmt.Sprintf("<code>%s</code> (%s): %s",
|
|
template.HTMLEscapeString(f.address),
|
|
template.HTMLEscapeString(f.owner),
|
|
template.HTMLEscapeString(f.err)))
|
|
}
|
|
rd.Alerts = append(rd.Alerts, reportAlert{
|
|
Severity: "crit",
|
|
Title: fmt.Sprintf("%d target(s) unreachable on their advertised TCP port", len(tcpDown)),
|
|
Body: template.HTML(strings.Join(items, "<br>") +
|
|
"<br>Check: (1) the server is running and bound to the right port; " +
|
|
"(2) firewall/security-group allows inbound TCP to that port; " +
|
|
"(3) the SRV record is not pointing at an old IP."),
|
|
})
|
|
}
|
|
if len(nulls) > 0 && len(nulls) == len(d.Records) {
|
|
rd.Alerts = append(rd.Alerts, reportAlert{
|
|
Severity: "warn",
|
|
Title: "All SRV records use the null target (\".\"): service is explicitly disabled",
|
|
Body: template.HTML(
|
|
"RFC 2782 defines a single SRV record with target <code>\".\"</code> to signal that the service is " +
|
|
"intentionally not available. If this is what you want, the configuration is correct. " +
|
|
"If you expected clients to reach this service, replace the null target with a real hostname."),
|
|
})
|
|
}
|
|
|
|
var buf strings.Builder
|
|
if err := htmlTpl.Execute(&buf, rd); err != nil {
|
|
return "", fmt.Errorf("failed to render SRV HTML report: %w", err)
|
|
}
|
|
return buf.String(), nil
|
|
}
|