Skip to content

Add Domain.maybe_wildcard? to detect possible wilcard DNS records #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 5, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion github-pages-health-check.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Gem::Specification.new do |s|
s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
s.require_paths = ["lib"]

s.add_dependency("addressable", "~> 2.3")
s.add_dependency("addressable", "~> 2.8.7")
s.add_dependency("dnsruby", "~> 1.60")
s.add_dependency("octokit", ">= 4", "< 10")
s.add_dependency("public_suffix", ">= 3.0", "< 7.0")
Expand Down
36 changes: 36 additions & 0 deletions lib/github-pages-health-check/domain.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# frozen_string_literal: true

require "securerandom"

module GitHubPages
module HealthCheck
class Domain < Checkable
Expand Down Expand Up @@ -442,6 +444,40 @@ def served_by_pages?
end
end

def parent_domain
parsed = PublicSuffix.parse(host)
parent = host.split(".", 2).last
if parent == parsed.tld
return nil
end

parent
rescue PublicSuffix::DomainNotAllowed
nil
end

def maybe_wildcard?
return @maybe_wildcard if defined? @maybe_wildcard
return false unless dns_resolves?
return false unless parent_domain

sibling_domain = SecureRandom.alphanumeric(20) + "." + parent_domain

@maybe_wildcard = begin
wildcard_resolver = GitHubPages::HealthCheck::Resolver.new(sibling_domain, :nameservers => nameservers)

[Dnsruby::Types::A, Dnsruby::Types::AAAA].any? do |record_type|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we also want to check for CNAME and MX? Or is that something we don't worry about because it's a Pages domain?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this purpose, all that matters is whether the IP points to github, so just A and AAAA are sufficient.

wildcard_resolver.query(record_type).any? do |record|
record.respond_to?(:address) && github_pages_ip?(record.address)
end
end
end
end

def wildcard_warning
Errors::WildcardRecordError.new :domain => self, :parent_domain => parent_domain if maybe_wildcard?
end

def uri(overrides = {})
options = { :host => host, :scheme => scheme, :path => "/" }
options = options.merge(overrides)
Expand Down
26 changes: 26 additions & 0 deletions lib/github-pages-health-check/errors/wildcard_record_error.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# frozen_string_literal: true

module GitHubPages
module HealthCheck
module Errors
class WildcardRecordError < GitHubPages::HealthCheck::Error
DOCUMENTATION_PATH = "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages/"

attr_reader :parent_domain

def initialize(repository: nil, domain: nil, parent_domain: nil)
super(:repository => repository, :domain => domain)
@parent_domain = parent_domain
end

def message
<<-MSG
The DNS record for your domain appears to be *.#{parent_domain}, a wildcard record.
Your GitHub Pages site will still work, but unless you verify ownership of #{parent_domain},
any GitHub Pages user can serve their content from an arbitrary subdomain of it.
MSG
end
end
end
end
end
2 changes: 1 addition & 1 deletion spec/github_pages_health_check/errors_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@

RSpec.describe(GitHubPages::HealthCheck::Errors) do
it "returns the errors" do
expect(GitHubPages::HealthCheck::Errors.all.count).to eql(10)
expect(GitHubPages::HealthCheck::Errors.all.count).to eql(11)
end
end