request.Match check Response bit as well (#1775)

* request.Match check Response bit as well We should check this bit and reject them as invalid. * Fix test
2018-05-09 12:35:42 +01:00 · 2018-05-09 12:35:42 +01:00 · 0e5e59c327
commit 0e5e59c327
parent 68b45f5377
4 changed files with 24 additions and 4 deletions
--- a/plugin/cache/spoof_test.go
+++ b/plugin/cache/spoof_test.go
@ -14,7 +14,7 @@ import (
 func TestSpoof(t *testing.T) {
 	// Send query for example.org, get reply for example.net; should not be cached.
 	c := New()
-	c.Next = spoofHandler()
+	c.Next = spoofHandler(true)

 	req := new(dns.Msg)
 	req.SetQuestion("example.org.", dns.TypeA)
@ -39,13 +39,29 @@ func TestSpoof(t *testing.T) {
 	}
 }

+func TestResponse(t *testing.T) {
+	// Send query for example.org, get reply for example.net; should not be cached.
+	c := New()
+	c.Next = spoofHandler(false)
+
+	req := new(dns.Msg)
+	req.SetQuestion("example.net.", dns.TypeA)
+	rec := dnstest.NewRecorder(&test.ResponseWriter{})
+
+	c.ServeDNS(context.TODO(), rec, req)
+
+	if c.pcache.Len() != 0 {
+		t.Errorf("cached %s, while reply had response set to %t", "example.net.", rec.Msg.Response)
+	}
+}
+
 // spoofHandler is a fake plugin implementation which returns a single A records for example.org. The qname in the
 // question section is set to example.NET (i.e. they *don't* match).
-func spoofHandler() plugin.Handler {
+func spoofHandler(response bool) plugin.Handler {
 	return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
 		m := new(dns.Msg)
 		m.SetQuestion("example.net.", dns.TypeA)
-		m.Response = true
+		m.Response = response
 		m.Answer = []dns.RR{test.A("example.org. IN A 127.0.0.53")}
 		w.WriteMsg(m)
 		return dns.RcodeSuccess, nil