Detect non-websites (e.g. mailservers) in website test

[bwbroersma]

Not all A/AAAA records are web servers. Currently other servers (e.g. MS server like mx1.smtp.goog) without HTTP(S) can be tested in the website test. These will have low scores (maximum 48%) if there is no working HTTP(S) on the IP addresses (https://internet.nl/site/mx1.smtp.goog/3029149/), because of "IPv6 reachability of web server" and "Secure connection (HTTPS)".

The IPv6 reachability and HTTPS assume a webserver. One could indicate in the DNS there is no HTTP(S), with:
RFC 2782 - A DNS RR for specifying the location of services (DNS SRV) and
RFC 9460 - Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records) - § 2.5.1. AliasMode:

_http._tcp.mail.example.org. IN SRV 0 0 0 .
mail.example.org. IN HTTPS 0 .

Next to this a connection to port 80 and 443 should (for all IPs the same) be unreachable (timeout) or be refused with a TCP RST (RFC 9293 - Transmission Control Protocol (TCP) - § 3.5.2. Reset Generation). Or for virtual hosts return a HTTP 404 for the hostname on port 80 and a TLS Alert unrecognized_name (112) (RFC 6066 - Transport Layer Security (TLS) Extensions: Extension Definitions - § 10.2. Reference for TLS Alerts, TLS HandshakeTypes, and ExtensionTypes, e.g. done with ssl_reject_handshake) on port 443.

If both are the case the score should be able to be 100%, with some note 'not a website'. I'm unsure if DROP (timeout) vs REJECT (RST) is to be preferred as best practice. If it seems a non web server but the SRV or HTTPS DNS records are missing, these can be hinted with an ℹ️ informational. Unsure what the score should be without these explicit 'service is not available' records, of course a web server that is unreachable due to other issues would preferable not get 100% (then again: internet.nl is not an uptime monitor tool), so REJECT is safer, but I think DROP is more often used.