checker: report transient mid-chain and final rcodes as Unknown, not Crit/Warn
SERVFAIL/REFUSED from every auth server means the record could not be observed, not that the zone published a negative answer. Mark such rcodes transient on TermRcode terminations and final A/AAAA lookups so chainRcodeRule reports Unknown instead of flapping the check into Crit/Warn; definitive NXDOMAIN answers still drive Crit (mid-chain) and Warn (final).
This commit is contained in:
parent
da6def100c
commit
65687ce375
4 changed files with 65 additions and 16 deletions
|
|
@ -162,14 +162,32 @@ func TestChainRcodeRule(t *testing.T) {
|
|||
d.ChainTerminated = ChainTermination{Reason: TermRcode, Subject: "gone.example.com.", Rcode: "NXDOMAIN"}
|
||||
assertSingle(t, run(chainRcodeRule{}, d, nil), sdk.StatusCrit)
|
||||
})
|
||||
t.Run("final rcode", func(t *testing.T) {
|
||||
t.Run("mid-chain transient SERVFAIL", func(t *testing.T) {
|
||||
// SERVFAIL from every auth server could not be observed: Unknown, not Crit.
|
||||
d := apexKnownData()
|
||||
d.ChainTerminated = ChainTermination{Reason: TermRcode, Subject: "flaky.example.com.", Rcode: "SERVFAIL", Transient: true}
|
||||
assertSingle(t, run(chainRcodeRule{}, d, nil), sdk.StatusUnknown)
|
||||
})
|
||||
t.Run("final definitive rcode", func(t *testing.T) {
|
||||
d := apexKnownData()
|
||||
d.ChainTerminated.Reason = TermOK
|
||||
d.FinalTarget = "target.example."
|
||||
d.FinalRcode = "NXDOMAIN"
|
||||
states := run(chainRcodeRule{}, d, nil)
|
||||
if len(states) != 1 || states[0].Status != sdk.StatusWarn {
|
||||
t.Fatalf("want single WARN, got %+v", states)
|
||||
}
|
||||
})
|
||||
t.Run("final transient rcode", func(t *testing.T) {
|
||||
// SERVFAIL on the final lookup could not be observed: Unknown, not Warn.
|
||||
d := apexKnownData()
|
||||
d.ChainTerminated.Reason = TermOK
|
||||
d.FinalTarget = "target.example."
|
||||
d.FinalRcode = "SERVFAIL"
|
||||
d.FinalRcodeTransient = true
|
||||
states := run(chainRcodeRule{}, d, nil)
|
||||
if len(states) != 1 || states[0].Status != sdk.StatusWarn {
|
||||
t.Fatalf("want single WARN, got %+v", states)
|
||||
if len(states) != 1 || states[0].Status != sdk.StatusUnknown {
|
||||
t.Fatalf("want single UNKNOWN, got %+v", states)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue