checker: rework target_resolvable to check existence (NOERROR) instead of A/AAAA

checker/rules_test.go

@@ -290,24 +290,25 @@ func TestCnameDnssecRule(t *testing.T) {
 }
 
 func TestTargetResolvableRule(t *testing.T) {
-	t.Run("ok", func(t *testing.T) {
+	t.Run("ok when NOERROR with A record", func(t *testing.T) {
 		d := apexKnownData()
 		d.ChainTerminated.Reason = TermOK
 		d.FinalTarget = "target."
 		d.FinalA = []string{"1.2.3.4"}
 		assertSingle(t, run(targetResolvableRule{}, d, nil), sdk.StatusOK)
 	})
-	t.Run("crit by default", func(t *testing.T) {
+	t.Run("ok when NOERROR with no A/AAAA (e.g. service label)", func(t *testing.T) {
 		d := apexKnownData()
 		d.ChainTerminated.Reason = TermOK
-		d.FinalTarget = "target."
-		assertSingle(t, run(targetResolvableRule{}, d, nil), sdk.StatusCrit)
+		d.FinalTarget = "_2772._tcp.znc.example."
+		assertSingle(t, run(targetResolvableRule{}, d, nil), sdk.StatusOK)
 	})
-	t.Run("warn when requireResolvableTarget=false", func(t *testing.T) {
+	t.Run("crit when NXDOMAIN", func(t *testing.T) {
 		d := apexKnownData()
 		d.ChainTerminated.Reason = TermOK
 		d.FinalTarget = "target."
-		assertSingle(t, run(targetResolvableRule{}, d, sdk.CheckerOptions{"requireResolvableTarget": false}), sdk.StatusWarn)
+		d.FinalRcode = "NXDOMAIN"
+		assertSingle(t, run(targetResolvableRule{}, d, nil), sdk.StatusCrit)
 	})
 	t.Run("skip when chain did not terminate normally", func(t *testing.T) {
 		d := apexKnownData()