Add probe_dns_flag_ad metric

Zash · Zash · commit 02124079d193 · 2024-03-23T18:12:17.000+01:00
This adds reporting of the Authenticated Data flag, indicating whether the resolver thinks the resource is properly signed with DNSSEC. Ref #551
diff --git a/prober/dns.go b/prober/dns.go
@@ -142,6 +142,10 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 		Name: "probe_dns_additional_rrs",
 		Help: "Returns number of entries in the additional resource record list",
 	})
+	probeDNSFlagAd := prometheus.NewGauge(prometheus.GaugeOpts{
+		Name: "probe_dns_flag_ad",
+		Help: "Returns whether or not the query had the DNSSEC AD flag set",
+	})
 	probeDNSQuerySucceeded := prometheus.NewGauge(prometheus.GaugeOpts{
 		Name: "probe_dns_query_succeeded",
 		Help: "Displays whether or not the query was executed successfully",
@@ -155,6 +159,7 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 	registry.MustRegister(probeDNSAnswerRRSGauge)
 	registry.MustRegister(probeDNSAuthorityRRSGauge)
 	registry.MustRegister(probeDNSAdditionalRRSGauge)
+	registry.MustRegister(probeDNSFlagAd)
 	registry.MustRegister(probeDNSQuerySucceeded)
 
 	qc := uint16(dns.ClassINET)
@@ -256,6 +261,7 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 	msg := new(dns.Msg)
 	msg.Id = dns.Id()
 	msg.RecursionDesired = module.DNS.Recursion
+	msg.AuthenticatedData = true
 	msg.Question = make([]dns.Question, 1)
 	msg.Question[0] = dns.Question{dns.Fqdn(module.DNS.QueryName), qt, qc}
 
@@ -281,6 +287,12 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 	probeDNSAdditionalRRSGauge.Set(float64(len(response.Extra)))
 	probeDNSQuerySucceeded.Set(1)
 
+	if response.AuthenticatedData {
+		probeDNSFlagAd.Set(1)
+	} else {
+		probeDNSFlagAd.Set(0)
+	}
+
 	if qt == dns.TypeSOA {
 		probeDNSSOAGauge = prometheus.NewGauge(prometheus.GaugeOpts{
 			Name: "probe_dns_serial",
