README
verify-serv
verify-serv is a small service made for guardian that allows guardian servers to check if the address is reachable.
The check is similar to letsencrypt http-01, but it also
- allows the client to specify the token, to re-use it more easily
- checks IPv4 and IPv6 seperatly with results for each of them
- allows checking multiple hosts in parallel with a single request
API
POST /check
{"token":"<random 32chars>","hostnames": ["hostname1.domain.com", "hostname2.domain.com"]}
{"results":{
"hostname1.domain.com": [0, 20], // v4 = success, v6 = error - no record
"hostname2.domain.com": [11, 20] // v4 = error - token not found, v6 = error - no record
}}
Errors
0 = Success
10 = Token mismatch / Wrong server
11 = Token not found / Wrong Server
20 = Record doesn't resolve
21 = LAN/Private Address
29 = Other DNS
30 = Connection refused
31 = Connection timeout
39 = Other connection error
40 = Other error
Note: If one family (v4/v6) succeeds and the other one is 20 no record it should also be treated as a successful result
How the check works
The client generates a token (32 characters, alphanumeric)
The verification server connects via v4 and v6 if available with Host: verify.internal
, requests /token/<token>
and expects the response to <token>
with status code 200
If any error occurs, the appropriate code will be sent back