From d45d38d2111f2a569cb284cfc11e467a2865bbc4 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Tue, 27 Jan 2026 18:29:43 -0500
Subject: [PATCH] Add NXDOMAIN detection to skip non-resolving domains

- Add domain_resolves() function to validate domains have DNS records
- Skip NXDOMAIN domains entirely (don't mark as Cloudflare)
- Show separate NXDOMAIN section in results
- Help users identify old/deleted domains that need cleanup
- Prevent false positives from non-existent subdomains
---
 modules/website/cloudflare-detector.sh | 52 ++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/modules/website/cloudflare-detector.sh b/modules/website/cloudflare-detector.sh
index 1c42ee9..8c10737 100755
--- a/modules/website/cloudflare-detector.sh
+++ b/modules/website/cloudflare-detector.sh
@@ -263,9 +263,30 @@ get_cloudflare_location() {
     return 1
 }
 
+domain_resolves() {
+    local domain="$1"
+
+    # Check if domain has any A records
+    local ip=$(dig +short A "$domain" 2>/dev/null | head -1)
+
+    # Also check AAAA for IPv6-only domains
+    if [ -z "$ip" ]; then
+        ip=$(dig +short AAAA "$domain" 2>/dev/null | head -1)
+    fi
+
+    # Return 0 if domain resolves, 1 if it doesn't
+    [ -n "$ip" ]
+}
+
 detect_cloudflare() {
     local domain="$1"
 
+    # Skip domains that don't resolve at all
+    if ! domain_resolves "$domain"; then
+        echo "NXDOMAIN"
+        return 3
+    fi
+
     local ns_result=$(check_nameservers "$domain")
     local ip_result=$(check_ip_address "$domain")
     local http_result=$(check_http_headers "$domain")
@@ -324,6 +345,7 @@ scan_all_domains() {
     local -a cloudflare_locations=()
     local -a direct_domains=()
     local -a unknown_domains=()
+    local -a nxdomain_domains=()
 
     # Progress tracking
     local current=0
@@ -347,6 +369,9 @@ scan_all_domains() {
             "DIRECT")
                 direct_domains+=("$domain")
                 ;;
+            "NXDOMAIN")
+                nxdomain_domains+=("$domain")
+                ;;
             *)
                 unknown_domains+=("$domain")
                 ;;
@@ -394,6 +419,19 @@ scan_all_domains() {
         echo ""
     fi
 
+    # NXDOMAIN domains (don't resolve)
+    if [ ${#nxdomain_domains[@]} -gt 0 ]; then
+        print_warning "⚠ Domains that don't resolve (NXDOMAIN): ${#nxdomain_domains[@]}"
+        echo ""
+        for domain in "${nxdomain_domains[@]}"; do
+            echo "  ✗ $domain"
+        done
+        echo ""
+        echo "  💡 Tip: These domains are configured in cPanel but don't have DNS records."
+        echo "     Consider removing them or checking your DNS configuration."
+        echo ""
+    fi
+
     # Unknown domains
     if [ ${#unknown_domains[@]} -gt 0 ]; then
         print_warning "❓ Uncertain (DNS/connectivity issues): ${#unknown_domains[@]}"
@@ -410,6 +448,9 @@ scan_all_domains() {
     echo "  Total domains: $domain_count"
     echo "  Cloudflare:    ${#cloudflare_domains[@]}"
     echo "  Direct:        ${#direct_domains[@]}"
+    if [ ${#nxdomain_domains[@]} -gt 0 ]; then
+        echo "  NXDOMAIN:      ${#nxdomain_domains[@]} (don't resolve)"
+    fi
     echo "  Unknown:       ${#unknown_domains[@]}"
     echo ""
 
@@ -433,6 +474,17 @@ check_single_domain() {
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo ""
 
+    # Check if domain resolves
+    if ! domain_resolves "$domain"; then
+        print_error "✗ Domain does not resolve (NXDOMAIN)"
+        echo ""
+        echo "This domain has no DNS A or AAAA records."
+        echo "It may be misconfigured, deleted, or not yet propagated."
+        echo ""
+        press_enter
+        return 1
+    fi
+
     # Check nameservers
     print_info "1. Nameserver Check:"
     local ns_result=$(check_nameservers "$domain")