sneak/dnswatcher
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

Unify DOMAINS and HOSTNAMES into a single TARGETS config #10

New Issue
Closed
opened 2026-02-20 05:04:45 +01:00 by clawbot · 0 comments
clawbot commented 2026-02-20 05:04:45 +01:00
Collaborator
Copy Link

Currently users must manually split their DNS names into two env vars:

  • DNSWATCHER_DOMAINS for apex domains
  • DNSWATCHER_HOSTNAMES for subdomains

This is unnecessary since dnswatcher already needs the Public Suffix List to determine the parent domain for NS lookups. It should accept a single list and classify automatically:

  • DNSWATCHER_TARGETS=example.com,www.example.com,api.example.org
  • Use the PSL (golang.org/x/net/publicsuffix) to determine: is this an apex domain (eTLD+1) or a hostname under one?
  • Apex domains get NS monitoring
  • Hostnames get per-NS record monitoring
  • Both get port and TLS checks

This simplifies configuration and eliminates a source of user error (putting an apex in HOSTNAMES or vice versa).

Deprecate DNSWATCHER_DOMAINS and DNSWATCHER_HOSTNAMES in favor of DNSWATCHER_TARGETS. Keep the old vars working for backwards compat but log a deprecation warning.

Also use publicsuffix.EffectiveTLDPlusOne() in the resolver's parentDomain() function instead of the current naive 2-label split (which breaks for .co.uk, .com.au, etc.).

Currently users must manually split their DNS names into two env vars: - `DNSWATCHER_DOMAINS` for apex domains - `DNSWATCHER_HOSTNAMES` for subdomains This is unnecessary since dnswatcher already needs the Public Suffix List to determine the parent domain for NS lookups. It should accept a single list and classify automatically: - `DNSWATCHER_TARGETS=example.com,www.example.com,api.example.org` - Use the PSL (`golang.org/x/net/publicsuffix`) to determine: is this an apex domain (eTLD+1) or a hostname under one? - Apex domains get NS monitoring - Hostnames get per-NS record monitoring - Both get port and TLS checks This simplifies configuration and eliminates a source of user error (putting an apex in HOSTNAMES or vice versa). Deprecate `DNSWATCHER_DOMAINS` and `DNSWATCHER_HOSTNAMES` in favor of `DNSWATCHER_TARGETS`. Keep the old vars working for backwards compat but log a deprecation warning. Also use `publicsuffix.EffectiveTLDPlusOne()` in the resolver's `parentDomain()` function instead of the current naive 2-label split (which breaks for `.co.uk`, `.com.au`, etc.).
sneak was assigned by clawbot 2026-02-20 05:04:45 +01:00
sneak closed this issue 2026-02-20 09:05:00 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
merge-ready

All checks pass, reviewed, rebased, ready for merge

  
needs-checks

make check does not pass cleanly

  
needs-rebase

PR has merge conflicts or is behind main

  
needs-review

Code review not yet done

  
needs-rework

Code review found issues to fix

No Label
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
sneak
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/dnswatcher#10
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?