TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

plugin/forward: Document and warn for unsupported FROM CIDR notations (#4639)

Browse source 
* trap unsupported FROM cidr notations

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>

* make is a warning

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
This commit is contained in:
Chris O'Haver 2021-05-20 03:24:36 -04:00 committed by GitHub
parent 5d80a6e21e
commit 0348b019be
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugin/forward/README.md
View file

@ -29,7 +29,8 @@ In its most basic form, a simple forwarder uses this syntax:
forward FROM TO... forward FROM TO...
~~~ ~~~
* **FROM** is the base domain to match for the request to be forwarded. * **FROM** is the base domain to match for the request to be forwarded. Domains using CIDR notation
that expand to multiple reverse zones are not fully supported; only the first expanded zone is used.
* **TO...** are the destination endpoints to forward to. The **TO** syntax allows you to specify * **TO...** are the destination endpoints to forward to. The **TO** syntax allows you to specify
a protocol, `tls://9.9.9.9` or `dns://` (or no protocol) for plain DNS. The number of upstreams is a protocol, `tls://9.9.9.9` or `dns://` (or no protocol) for plain DNS. The number of upstreams is
limited to 15. limited to 15.

5
plugin/forward/setup.go
View file

@ -92,8 +92,13 @@ func parseStanza(c *caddy.Controller) (*Forward, error) {
if !c.Args(&f.from) { if !c.Args(&f.from) {
return f, c.ArgErr() return f, c.ArgErr()
} }
origFrom := f.from
f.from = plugin.Host(f.from).Normalize()[0] // there can only be one here, won't work with non-octet reverse f.from = plugin.Host(f.from).Normalize()[0] // there can only be one here, won't work with non-octet reverse
if len(f.from) > 1 {
log.Warningf("Unsupported CIDR notation: '%s' expands to multiple zones. Using only '%s'.", origFrom, f.from)
}
to := c.RemainingArgs() to := c.RemainingArgs()
if len(to) == 0 { if len(to) == 0 {
return f, c.ArgErr() return f, c.ArgErr()

3
plugin/forward/setup_test.go
View file

@ -32,6 +32,7 @@ func TestSetup(t *testing.T) {
{"forward . [::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . [::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""},
{"forward . [2003::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . [2003::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""},
{"forward . 127.0.0.1 \n", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . 127.0.0.1 \n", false, ".", nil, 2, options{hcRecursionDesired: true}, ""},
{"forward 10.9.3.0/18 127.0.0.1", false, "0.9.10.in-addr.arpa.", nil, 2, options{hcRecursionDesired: true}, ""},
// negative // negative
{"forward . a27.0.0.1", true, "", nil, 0, options{hcRecursionDesired: true}, "not an IP"}, {"forward . a27.0.0.1", true, "", nil, 0, options{hcRecursionDesired: true}, "not an IP"},
{"forward . 127.0.0.1 {\nblaatl\n}\n", true, "", nil, 0, options{hcRecursionDesired: true}, "unknown property"}, {"forward . 127.0.0.1 {\nblaatl\n}\n", true, "", nil, 0, options{hcRecursionDesired: true}, "unknown property"},
@ -50,7 +51,7 @@ func TestSetup(t *testing.T) {
if err != nil { if err != nil {
if !test.shouldErr { if !test.shouldErr {
t.Errorf("Test %d: expected no error but found one for input %s, got: %v", i, test.input, err) t.Fatalf("Test %d: expected no error but found one for input %s, got: %v", i, test.input, err)
} }
if !strings.Contains(err.Error(), test.expectedErr) { if !strings.Contains(err.Error(), test.expectedErr) {