From 63e286ac553f87ee8116e88be6623e38b0cbda7e Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Fri, 19 Jul 2024 10:28:52 +1000
Subject: [PATCH] test/system: Simplify testing for nameserver connectivity

In both the "Basic nameserver lookup" and "Local forwarder, IPv4" pasta
tests, we check whether DNS resolution is working by running "nslookup
127.0.0.1" in the container and checking if 1.0.0.127.in-addr.arpa is in
the output.

1.0.0.127.in-addr.arpa isn't the expected result of the resolution though,
it's just the DNS name that nslookup will tranlated 127.0.0.1 into.  The
test mostly works, because nslookup echoes that on successful lookups.
However, it could also echo it in certain sorts of failure, so it's not a
very reliable test.

Furthermore, resolving 127.0.0.1 from a nameserver is a rather strange
thing to do.  It's done that way because RFC1912[0] suggests it should
always resolve, even for nameservers on a disconnected network.  But, this
doesn't really appear to be true in practice: a number of resolvers return
NXDOMAIN.  That works by accident because nslookup seems to echo the
name above as part of the error message.

Change to instead looking up one of the root servers by name.  This does
now rely on access to the global DNS during tests, but other podman tests
attempt to resolve google.com, so that should be ok.  One of the root
servers is about as close to universal resolvability as it's possible to
get

[0] https://datatracker.ietf.org/doc/html/rfc1912#section-4.1

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 test/system/505-networking-pasta.bats | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/test/system/505-networking-pasta.bats b/test/system/505-networking-pasta.bats
index 1f46feadd3..78e4bd59f0 100644
--- a/test/system/505-networking-pasta.bats
+++ b/test/system/505-networking-pasta.bats
@@ -435,10 +435,7 @@ function pasta_test_do() {
 ### DNS ########################################################################
 
 @test "Basic nameserver lookup" {
-    run_podman '?' run --rm --net=pasta $IMAGE nslookup 127.0.0.1
-
-    assert "$output" =~ "1.0.0.127.in-addr.arpa" \
-           "127.0.0.1 not resolved"
+    run_podman run --rm --net=pasta $IMAGE nslookup l.root-servers.net
 }
 
 @test "Default nameserver forwarding" {
@@ -453,8 +450,7 @@ function pasta_test_do() {
     skip_if_no_ipv4 "IPv4 not routable on the host"
 
     run_podman run --rm --net=pasta:--dns-forward,198.51.100.1 \
-        $IMAGE nslookup 127.0.0.1 || :
-    assert "$output" =~ "1.0.0.127.in-addr.arpa" "No answer from resolver"
+        $IMAGE nslookup l.root-servers.net
 }
 
 @test "Local forwarder, IPv6" {