verify-serv

verify-serv is a small service made for guardian that allows guardian servers to check if the address is reachable.

The check is similar to letsencrypt http-01, but it also

• allows the client to specify the token, to re-use it more easily
• checks IPv4 and IPv6 seperatly with results for each of them
• allows checking multiple hosts in parallel with a single request

API

POST /check

{"token":"<random 32chars>","hostnames": ["hostname1.domain.com", "hostname2.domain.com"]}

{"results":{
  "hostname1.domain.com": [0, 20], // v4 = success, v6 = error - no record
  "hostname2.domain.com": [11, 20] // v4 = error - token not found, v6 = error - no record
}}

Errors

0  = Success
10 = Token mismatch / Wrong server
11 = Token not found / Wrong Server
20 = Record doesn't resolve
21 = LAN/Private Address
29 = Other DNS
30 = Connection refused
31 = Connection timeout
39 = Other connection error
40 = Other error

Note: If one family (v4/v6) succeeds and the other one is 20 no record it should also be treated as a successful result

How the check works

The client generates a token (32 characters, alphanumeric)

The verification server connects via v4 and v6 if available with Host: verify.internal, requests /token/<token> and expects the response to <token> with status code 200

If any error occurs, the appropriate code will be sent back