---
config:
layout: dagre
---
flowchart TD
Root["FQDN"] --> RootDA["Probe FQDN's apex availability"]
RootDA -- DNS A query --> BaseQuery{"StatusCode"}
BaseQuery -- NOERROR --> NE1["Exclude private A records"]
NE1 --> NE2["DNS NS Query"]
NE2 --> NE3{"Record matching template?"}
NE3 -- Yes --> NE4["HTTP GET http://{FQDN}"]
NE4 --> NE5{"Text matching template?"}
NE5 -- No --> NE6{"Any non-informational template?"}
NE6 -- Yes --> NEFTKO["FUTURE_TAKEOVER"]
NE5 -- Yes --> NETS["template.Status"]
BaseQuery -- NXDOMAIN --> NX1["DNS CNAME Query"]
NX1 --> NX2{"Has CNAME?"}
NX2 -- Yes --> NX5["Get the last CNAME"]
NX5 --> NX6{"CNAME matching template?"}
NX6 -- No --> NX7{"CNAME's apex available?"}
NX7 -- No --> NX8["POTENTIAL_TAKEOVER"]
NX7 -- Yes --> NX9["CONFIRMED_TAKEOVER"]
NX6 -- Yes --> NXTS["template.Status"]
BaseQuery -- SERVFAIL, REFUSED --> NSR1["DNS NS Trace Query"]
NSR1 --> NSR2["Get records for the last trace level"]
NSR2 --> NSR3{"Record matching template?"}
NSR3 -- Yes --> NSR["template.Status"]
NSR2 --> NSR4["Loop through NS"]
NSR4 --> NSR5{"apex(NS) != apex(FQDN)?"}
NSR5 -- Yes --> NSR6["NS's apex available?"]
NSR6 -- Yes --> NSR7["CONFIRMED_TAKEOVER"]
- database: cache, registrar info, storing records, etc.
- api?
- web interface?
- browser extension?
as the number of scenarios grow up, it's important to have tests. i have broken some features a few times and took a while to find out
it would be cool to query MX records, and i think it should be an optional feature: somewhat expensive and quite rare
there's a corner case that scopetrack currently doesn't catch:
- DNS A query to the base FQDN has status = NOERROR or NXDOMAIN
- the base FQDN has multiple NS records, and some of them are takeoverable