diff --git a/plugin/forward/README.md b/plugin/forward/README.md index 7daecf428..8bc0e2c8b 100644 --- a/plugin/forward/README.md +++ b/plugin/forward/README.md @@ -29,7 +29,8 @@ In its most basic form, a simple forwarder uses this syntax: forward FROM TO... ~~~ -* **FROM** is the base domain to match for the request to be forwarded. +* **FROM** is the base domain to match for the request to be forwarded. Domains using CIDR notation + that expand to multiple reverse zones are not fully supported; only the first expanded zone is used. * **TO...** are the destination endpoints to forward to. The **TO** syntax allows you to specify a protocol, `tls://9.9.9.9` or `dns://` (or no protocol) for plain DNS. The number of upstreams is limited to 15. diff --git a/plugin/forward/setup.go b/plugin/forward/setup.go index b183044a8..657d5afd4 100644 --- a/plugin/forward/setup.go +++ b/plugin/forward/setup.go @@ -92,8 +92,13 @@ func parseStanza(c *caddy.Controller) (*Forward, error) { if !c.Args(&f.from) { return f, c.ArgErr() } + origFrom := f.from f.from = plugin.Host(f.from).Normalize()[0] // there can only be one here, won't work with non-octet reverse + if len(f.from) > 1 { + log.Warningf("Unsupported CIDR notation: '%s' expands to multiple zones. Using only '%s'.", origFrom, f.from) + } + to := c.RemainingArgs() if len(to) == 0 { return f, c.ArgErr() diff --git a/plugin/forward/setup_test.go b/plugin/forward/setup_test.go index ac62f2fa8..6e1b6c06a 100644 --- a/plugin/forward/setup_test.go +++ b/plugin/forward/setup_test.go @@ -32,6 +32,7 @@ func TestSetup(t *testing.T) { {"forward . [::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . [2003::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . 127.0.0.1 \n", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, + {"forward 10.9.3.0/18 127.0.0.1", false, "0.9.10.in-addr.arpa.", nil, 2, options{hcRecursionDesired: true}, ""}, // negative {"forward . a27.0.0.1", true, "", nil, 0, options{hcRecursionDesired: true}, "not an IP"}, {"forward . 127.0.0.1 {\nblaatl\n}\n", true, "", nil, 0, options{hcRecursionDesired: true}, "unknown property"}, @@ -50,7 +51,7 @@ func TestSetup(t *testing.T) { if err != nil { if !test.shouldErr { - t.Errorf("Test %d: expected no error but found one for input %s, got: %v", i, test.input, err) + t.Fatalf("Test %d: expected no error but found one for input %s, got: %v", i, test.input, err) } if !strings.Contains(err.Error(), test.expectedErr) {