docs: add checker reference pages and update homepage feature list

Add individual reference pages for all domain health checkers (EN/FR),
update the homepage feature descriptions in both languages to highlight
monitoring, notifications, and domain availability checks.

content/reference/checkers/dangling.en.md

@@ -0,0 +1,42 @@
+---
+date: 2026-06-11T09:00:00+02:00
+author: nemunaire
+title: Dangling records
+description: "Scans a zone for CNAME/MX/SRV/NS records whose targets resolve to NXDOMAIN or whose external domain has expired and could be re-registered."
+weight: 140
+---
+
+The **Dangling subdomains** checker scans a zone for pointer records (`CNAME`, `MX`, `SRV`, `NS`) whose targets have gone stale: they resolve to NXDOMAIN, or their external registrable domain has expired, is in `pendingDelete`, or was recently re-registered. This is the subdomain-takeover attack class popularised in 2017, where institutions ended up serving hostile content from CNAMEs pointing at decommissioned third-party services after attackers re-registered the lapsed targets.
+
+This is a **zone-level** checker: it needs the full zone content and runs a single pass over it, consolidating findings by owner rather than producing one result per record.
+
+## What it checks
+
+The checker walks every service in the working zone and extracts pointer records from `CNAME`, special CNAME, `MX`, unknown `SRV` and orphan (bare `NS`/`CNAME`/`MX`) bodies. For each `(owner, type, target)` triple it classifies the target as in-zone or external (relative to the zone's registrable domain), performs a single time-bounded DNS resolution to detect immediate breakage, and publishes a discovery entry so a companion `domain_expiry` checker can run RDAP/WHOIS on external targets.
+
+It emits one finding per impacted owner, ranked by descending severity:
+
+| Signal | Severity | Source |
+|--------|----------|--------|
+| Target NXDOMAIN | Critical | Local DNS resolution |
+| Target SERVFAIL | Warning | Local DNS resolution |
+| Target NOERROR with empty answer | Info | Local DNS resolution |
+| Registrable domain expired | Critical | `whois` related observation |
+| Registrable status `pendingDelete` / `redemptionPeriod` | Critical | `whois` related observation |
+| Registrable domain registered within the last 90 days | Warning | `whois` related observation |
+
+{{% notice style="info" title="WHOIS signals need a companion checker" %}}
+The DNS-resolution signals (NXDOMAIN, SERVFAIL, empty answer) work on their own. The WHOIS-driven signals (expired, `pendingDelete`, recently registered) only fire when the host's `domain_expiry` checker subscribes to this checker's external-target discovery entries and publishes a per-target `whois` observation. Without that wiring, the checker still works as a DNS-only dangling detector.
+{{% /notice %}}
+
+## Options
+
+| Option | Meaning | Default |
+|--------|---------|---------|
+| Skip live DNS resolution | When set, the checker only reports the static structure of pointer records (offline analysis), without resolving targets. | `false` |
+
+## In happyDomain
+
+Enable this checker on the domain from the {{< relref "/pages/checks" >}} view; the domain name and zone content are filled in automatically. Because it is zone-scoped, it runs over the whole zone in a single pass.
+
+Related checkers: {{< relref "/reference/checkers/alias" >}} validates the structure of individual alias chains, and {{< relref "/reference/checkers/domain-expiry" >}} watches your own domains' expiry — the same WHOIS machinery that powers this checker's external-target signals.