checker: rework target_resolvable to check existence (NOERROR) instead of A/AAAA

2026-05-15 17:30:15 +08:00 · 2026-05-15 17:30:15 +08:00 · 52a3e56c4f
commit 52a3e56c4f
parent 56db4cc59d
3 changed files with 17 additions and 39 deletions
--- a/checker/rules_chain.go
+++ b/checker/rules_chain.go
@ -189,24 +189,10 @@ type targetResolvableRule struct{}

 func (targetResolvableRule) Name() string { return "target_resolvable" }
 func (targetResolvableRule) Description() string {
-	return "Verifies that the final target of the alias chain publishes at least one A or AAAA record."
+	return "Verifies that the final target of the alias chain exists in DNS (returns NOERROR, not NXDOMAIN)."
 }

-func (targetResolvableRule) Options() sdk.CheckerOptionsDocumentation {
-	return sdk.CheckerOptionsDocumentation{
-		UserOpts: []sdk.CheckerOptionDocumentation{
-			{
-				Id:          "requireResolvableTarget",
-				Type:        "bool",
-				Label:       "Require resolvable target",
-				Description: "When enabled, a chain whose final target returns no A/AAAA is reported as critical (otherwise a warning).",
-				Default:     defaultRequireResolvableTarget,
-			},
-		},
-	}
-}
-
-func (targetResolvableRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts sdk.CheckerOptions) []sdk.CheckState {
+func (targetResolvableRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
 	data, errState := loadAlias(ctx, obs)
 	if errState != nil {
 		return errState
@ -217,22 +203,14 @@ func (targetResolvableRule) Evaluate(ctx context.Context, obs sdk.ObservationGet
 	if data.ChainTerminated.Reason != TermOK {
 		return skipped("chain did not terminate normally")
 	}
-	if len(data.FinalA) > 0 || len(data.FinalAAAA) > 0 {
-		return okState(data.FinalTarget, fmt.Sprintf("target %s resolves to %d address(es)", data.FinalTarget, len(data.FinalA)+len(data.FinalAAAA)))
-	}
-	status := sdk.StatusWarn
-	if sdk.GetBoolOption(opts, "requireResolvableTarget", defaultRequireResolvableTarget) {
-		status = sdk.StatusCrit
-	}
-	rcode := data.FinalRcode
-	if rcode == "" {
-		rcode = "no A/AAAA"
+	if data.FinalRcode != "NXDOMAIN" {
+		return okState(data.FinalTarget, fmt.Sprintf("target %s exists in DNS", data.FinalTarget))
 	}
 	return []sdk.CheckState{withHint(sdk.CheckState{
-		Status:  status,
+		Status:  sdk.StatusCrit,
 		Subject: data.FinalTarget,
-		Message: fmt.Sprintf("final target %s does not resolve to an address (%s)", data.FinalTarget, rcode),
-	}, "Point the alias at a name that publishes at least one A or AAAA record, or fix the upstream zone.")}
+		Message: fmt.Sprintf("final target %s does not exist (NXDOMAIN)", data.FinalTarget),
+	}, "The alias points at a name that does not exist; create the missing record or update the alias target.")}
 }

 type multipleRecordsRule struct{}