From 1523b549d2e9af3515bce20b593300a08cef3442 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Fri, 27 Mar 2026 03:40:24 +0700
Subject: [PATCH] fix: propagate UseRR errors consistently across all service
 analyzers

Several service analyzers were silently discarding errors returned by
a.UseRR(), unlike txt.go and others that properly checked them. This
could mask issues like double-claimed records during zone analysis.
---
 services/abstract/acme.go                     |  6 ++++--
 services/abstract/delegation.go               | 12 ++++++++----
 services/abstract/github-site-verification.go |  6 ++++--
 services/abstract/gitlab-page-verification.go |  6 ++++--
 services/abstract/google-site-verification.go |  6 ++++--
 services/abstract/keybase.go                  |  6 ++++--
 services/abstract/matrix.go                   |  6 ++++--
 services/abstract/origin.go                   | 18 ++++++++++++------
 services/abstract/rfc6186.go                  |  6 ++++--
 services/abstract/scaleway-challenge.go       |  6 ++++--
 services/abstract/server.go                   |  4 +++-
 services/abstract/xmpp.go                     | 18 +++++++++++++-----
 services/cname.go                             | 12 ++++++++----
 services/ptr.go                               |  4 +++-
 services/srv.go                               |  6 ++++--
 services/sshfp.go                             |  4 +++-
 16 files changed, 86 insertions(+), 40 deletions(-)

diff --git a/services/abstract/acme.go b/services/abstract/acme.go
index 3c7e4747..ffb8bafb 100644
--- a/services/abstract/acme.go
+++ b/services/abstract/acme.go
@@ -51,9 +51,11 @@ func acmechallenge_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeTXT, Prefix: "_acme-challenge"}) {
 		domain := strings.TrimPrefix(record.Header().Name, "_acme-challenge.")
 		if record.Header().Rrtype == dns.TypeTXT {
-			a.UseRR(record, domain, &ACMEChallenge{
+			if err := a.UseRR(record, domain, &ACMEChallenge{
 				Record: helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*happydns.TXT),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/abstract/delegation.go b/services/abstract/delegation.go
index 64a562c1..19fdfde1 100644
--- a/services/abstract/delegation.go
+++ b/services/abstract/delegation.go
@@ -76,11 +76,13 @@ func delegation_analyze(a *svc.Analyzer) error {
 
 			delegations[dn].NameServers = append(delegations[dn].NameServers, helpers.RRRelativeSubdomain(ns, a.GetOrigin(), dn).(*dns.NS))
 
-			a.UseRR(
+			if err := a.UseRR(
 				record,
 				dn,
 				delegations[dn],
-			)
+			); err != nil {
+				return err
+			}
 		}
 	}
 
@@ -89,11 +91,13 @@ func delegation_analyze(a *svc.Analyzer) error {
 			if _, ok := record.(*dns.DS); ok {
 				delegations[subdomain].DS = append(delegations[subdomain].DS, helpers.RRRelativeSubdomain(record, a.GetOrigin(), subdomain).(*dns.DS))
 
-				a.UseRR(
+				if err := a.UseRR(
 					record,
 					subdomain,
 					delegations[subdomain],
-				)
+				); err != nil {
+					return err
+				}
 			}
 		}
 	}
diff --git a/services/abstract/github-site-verification.go b/services/abstract/github-site-verification.go
index 3d4f7504..c7853349 100644
--- a/services/abstract/github-site-verification.go
+++ b/services/abstract/github-site-verification.go
@@ -58,9 +58,11 @@ func githubverification_analyze(a *svc.Analyzer) error {
 			domain := strings.Join(dnparts[1:], ".")
 
 			if record.Header().Rrtype == dns.TypeTXT {
-				a.UseRR(record, domain, &GithubOrgVerif{
+				if err := a.UseRR(record, domain, &GithubOrgVerif{
 					Record: helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*happydns.TXT),
-				})
+				}); err != nil {
+					return err
+				}
 			}
 		}
 	}
diff --git a/services/abstract/gitlab-page-verification.go b/services/abstract/gitlab-page-verification.go
index 285823da..68f5867e 100644
--- a/services/abstract/gitlab-page-verification.go
+++ b/services/abstract/gitlab-page-verification.go
@@ -51,9 +51,11 @@ func gitlabverification_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeTXT, Prefix: "_gitlab-pages-verification-code"}) {
 		domain := strings.TrimPrefix(record.Header().Name, "_gitlab-pages-verification-code.")
 		if txt, ok := record.(*dns.TXT); ok && strings.HasPrefix(strings.Join(txt.Txt, ""), "gitlab-pages-verification-code=") {
-			a.UseRR(record, domain, &GitlabPageVerif{
+			if err := a.UseRR(record, domain, &GitlabPageVerif{
 				Record: helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*happydns.TXT),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/abstract/google-site-verification.go b/services/abstract/google-site-verification.go
index 130c9423..c0cdf0ab 100644
--- a/services/abstract/google-site-verification.go
+++ b/services/abstract/google-site-verification.go
@@ -51,9 +51,11 @@ func googleverification_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeTXT}) {
 		domain := record.Header().Name
 		if txt, ok := record.(*happydns.TXT); ok && strings.HasPrefix(txt.Txt, "google-site-verification=") {
-			a.UseRR(record, domain, &GoogleVerif{
+			if err := a.UseRR(record, domain, &GoogleVerif{
 				Record: helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*happydns.TXT),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/abstract/keybase.go b/services/abstract/keybase.go
index 1fb8c99a..0e03ef15 100644
--- a/services/abstract/keybase.go
+++ b/services/abstract/keybase.go
@@ -51,9 +51,11 @@ func keybaseverification_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeTXT, Prefix: "_keybase"}) {
 		domain := strings.TrimPrefix(record.Header().Name, "_keybase.")
 		if record.Header().Rrtype == dns.TypeTXT {
-			a.UseRR(record, domain, &KeybaseVerif{
+			if err := a.UseRR(record, domain, &KeybaseVerif{
 				Record: helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*happydns.TXT),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/abstract/matrix.go b/services/abstract/matrix.go
index bac5bf43..e7e5860c 100644
--- a/services/abstract/matrix.go
+++ b/services/abstract/matrix.go
@@ -100,11 +100,13 @@ func matrix_analyze(a *svc.Analyzer) error {
 		if srv, ok := record.(*dns.SRV); ok {
 			matrixDomains[domain].Records = append(matrixDomains[domain].Records, helpers.RRRelativeSubdomain(srv, a.GetOrigin(), domain).(*dns.SRV))
 
-			a.UseRR(
+			if err := a.UseRR(
 				srv,
 				domain,
 				matrixDomains[domain],
-			)
+			); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/abstract/origin.go b/services/abstract/origin.go
index 96a70cc7..22f9742a 100644
--- a/services/abstract/origin.go
+++ b/services/abstract/origin.go
@@ -103,20 +103,24 @@ func origin_analyze(a *svc.Analyzer) error {
 				SOA: helpers.RRRelativeSubdomain(soa, a.GetOrigin(), domain).(*dns.SOA),
 			}
 
-			a.UseRR(
+			if err := a.UseRR(
 				record,
 				domain,
 				origin,
-			)
+			); err != nil {
+				return err
+			}
 
 			for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeNS, Domain: domain}) {
 				if ns, ok := record.(*dns.NS); ok {
 					origin.NameServers = append(origin.NameServers, helpers.RRRelativeSubdomain(ns, a.GetOrigin(), domain).(*dns.NS))
-					a.UseRR(
+					if err := a.UseRR(
 						record,
 						domain,
 						origin,
-					)
+					); err != nil {
+						return err
+					}
 				}
 			}
 		}
@@ -129,11 +133,13 @@ func origin_analyze(a *svc.Analyzer) error {
 			if ns, ok := record.(*dns.NS); ok {
 				domain := record.Header().Name
 				origin.NameServers = append(origin.NameServers, helpers.RRRelativeSubdomain(ns, a.GetOrigin(), domain).(*dns.NS))
-				a.UseRR(
+				if err := a.UseRR(
 					record,
 					domain,
 					origin,
-				)
+				); err != nil {
+					return err
+				}
 			}
 		}
 	}
diff --git a/services/abstract/rfc6186.go b/services/abstract/rfc6186.go
index 40bd71b1..d7e1315a 100644
--- a/services/abstract/rfc6186.go
+++ b/services/abstract/rfc6186.go
@@ -165,11 +165,13 @@ func rfc6186_analyze(a *svc.Analyzer) error {
 
 				emailDomains[domain].Records = append(emailDomains[domain].Records, helpers.RRRelativeSubdomain(srv, a.GetOrigin(), domain).(*dns.SRV))
 
-				a.UseRR(
+				if err := a.UseRR(
 					record,
 					domain,
 					emailDomains[domain],
-				)
+				); err != nil {
+					return err
+				}
 			}
 		}
 	}
diff --git a/services/abstract/scaleway-challenge.go b/services/abstract/scaleway-challenge.go
index 779884da..1cac99d5 100644
--- a/services/abstract/scaleway-challenge.go
+++ b/services/abstract/scaleway-challenge.go
@@ -51,9 +51,11 @@ func scalewaychallenge_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeTXT, Prefix: "_scaleway-challenge"}) {
 		domain := strings.TrimPrefix(record.Header().Name, "_scaleway-challenge.")
 		if record.Header().Rrtype == dns.TypeTXT {
-			a.UseRR(record, domain, &ScalewayChallenge{
+			if err := a.UseRR(record, domain, &ScalewayChallenge{
 				Record: helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*happydns.TXT),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/abstract/server.go b/services/abstract/server.go
index ac4fa226..4de53bfa 100644
--- a/services/abstract/server.go
+++ b/services/abstract/server.go
@@ -131,7 +131,9 @@ next_pool:
 				s.SSHFP[i] = helpers.RRRelativeSubdomain(s.SSHFP[i], a.GetOrigin(), dn).(*dns.SSHFP)
 			}
 
-			a.UseRR(rr, dn, s)
+			if err := a.UseRR(rr, dn, s); err != nil {
+				return err
+			}
 		}
 	}
 
diff --git a/services/abstract/xmpp.go b/services/abstract/xmpp.go
index 6f46b29c..0adbddb1 100644
--- a/services/abstract/xmpp.go
+++ b/services/abstract/xmpp.go
@@ -98,11 +98,13 @@ func xmpp_subanalyze(a *svc.Analyzer, prefix string, xmppDomains map[string]*XMP
 		if srv, ok := record.(*dns.SRV); ok {
 			xmppDomains[domain].Records = append(xmppDomains[domain].Records, helpers.RRRelativeSubdomain(srv, a.GetOrigin(), domain).(*dns.SRV))
 
-			a.UseRR(
+			if err := a.UseRR(
 				record,
 				domain,
 				xmppDomains[domain],
-			)
+			); err != nil {
+				return err
+			}
 		}
 	}
 
@@ -112,9 +114,15 @@ func xmpp_subanalyze(a *svc.Analyzer, prefix string, xmppDomains map[string]*XMP
 func xmpp_analyze(a *svc.Analyzer) error {
 	xmppDomains := map[string]*XMPP{}
 
-	xmpp_subanalyze(a, "_jabber._tcp.", xmppDomains)
-	xmpp_subanalyze(a, "_xmpp-client._tcp.", xmppDomains)
-	xmpp_subanalyze(a, "_xmpp-server._tcp.", xmppDomains)
+	if err := xmpp_subanalyze(a, "_jabber._tcp.", xmppDomains); err != nil {
+		return err
+	}
+	if err := xmpp_subanalyze(a, "_xmpp-client._tcp.", xmppDomains); err != nil {
+		return err
+	}
+	if err := xmpp_subanalyze(a, "_xmpp-server._tcp.", xmppDomains); err != nil {
+		return err
+	}
 
 	return nil
 }
diff --git a/services/cname.go b/services/cname.go
index d947564f..5d7722dd 100644
--- a/services/cname.go
+++ b/services/cname.go
@@ -66,9 +66,11 @@ func specialalias_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeCNAME, Prefix: "_"}) {
 		subdomains := SRV_DOMAIN.FindStringSubmatch(record.Header().Name)
 		if cname, ok := record.(*dns.CNAME); ok && len(subdomains) == 4 {
-			a.UseRR(record, subdomains[3], &SpecialCNAME{
+			if err := a.UseRR(record, subdomains[3], &SpecialCNAME{
 				Record: helpers.RRRelativeSubdomain(cname, a.GetOrigin(), subdomains[3]).(*dns.CNAME),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
@@ -78,9 +80,11 @@ func alias_analyze(a *svc.Analyzer) error {
 	for _, record := range a.SearchRR(svc.AnalyzerRecordFilter{Type: dns.TypeCNAME}) {
 		if cname, ok := record.(*dns.CNAME); ok {
 			domain := record.Header().Name
-			a.UseRR(record, domain, &CNAME{
+			if err := a.UseRR(record, domain, &CNAME{
 				Record: helpers.RRRelativeSubdomain(cname, a.GetOrigin(), domain).(*dns.CNAME),
-			})
+			}); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/ptr.go b/services/ptr.go
index 6cde29aa..4d4c327c 100644
--- a/services/ptr.go
+++ b/services/ptr.go
@@ -53,7 +53,9 @@ func pointer_analyze(a *svc.Analyzer) error {
 				Record: helpers.RRRelativeSubdomain(ptr, a.GetOrigin(), domain).(*dns.PTR),
 			}
 
-			a.UseRR(record, domain, newrr)
+			if err := a.UseRR(record, domain, newrr); err != nil {
+				return err
+			}
 		}
 	}
 	return nil
diff --git a/services/srv.go b/services/srv.go
index cdf6e4a5..e0bcbda5 100644
--- a/services/srv.go
+++ b/services/srv.go
@@ -83,11 +83,13 @@ func srv_analyze(a *svc.Analyzer) error {
 
 		srvDomains[domain][svc].Records = append(srvDomains[domain][svc].Records, helpers.RRRelativeSubdomain(record, a.GetOrigin(), domain).(*dns.SRV))
 
-		a.UseRR(
+		if err := a.UseRR(
 			record,
 			subdomains[3],
 			srvDomains[domain][svc],
-		)
+		); err != nil {
+			return err
+		}
 	}
 	return nil
 }
diff --git a/services/sshfp.go b/services/sshfp.go
index fe398e44..e091b65f 100644
--- a/services/sshfp.go
+++ b/services/sshfp.go
@@ -82,7 +82,9 @@ func sshfp_analyze(a *svc.Analyzer) error {
 					FingerPrint: sshfp.FingerPrint,
 				})
 
-				a.UseRR(rr, dn, s)
+				if err := a.UseRR(rr, dn, s); err != nil {
+					return err
+				}
 			}
 		}
 	}