fix: look up A/AAAA records for apex domains to enable port/TLS checks (closes #19)

collectIPs only reads HostnameState, but checkDomain only stored DomainState (nameservers). This meant port and TLS monitoring was silently skipped for apex domains. Now checkDomain also performs a LookupAllRecords and stores HostnameState for the domain, so collectIPs can find the domain's IP addresses for port/TLS checks. Added TestDomainPortAndTLSChecks to verify the fix.
2026-02-21 00:53:42 -08:00
parent 622acdb494
commit f8d0dc4166
2 changed files with 111 additions and 2 deletions
--- a/internal/watcher/watcher.go
+++ b/internal/watcher/watcher.go
@@ -206,6 +206,28 @@ func (w *Watcher) checkDomain(
 		Nameservers: nameservers,
 		LastChecked: now,
 	})
+
+	// Also look up A/AAAA records for the apex domain so that
+	// port and TLS checks (which read HostnameState) can find
+	// the domain's IP addresses.
+	records, err := w.resolver.LookupAllRecords(ctx, domain)
+	if err != nil {
+		w.log.Error(
+			"failed to lookup records for domain",
+			"domain", domain,
+			"error", err,
+		)
+
+		return
+	}
+
+	prevHS, hasPrevHS := w.state.GetHostnameState(domain)
+	if hasPrevHS && !w.firstRun {
+		w.detectHostnameChanges(ctx, domain, prevHS, records)
+	}
+
+	newState := buildHostnameState(records, now)
+	w.state.SetHostnameState(domain, newState)
 }

 func (w *Watcher) detectNSChanges(