TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 4 Projects Releases Packages Wiki Activity Actions

plugin/file: Fix response for qtype=DS (#1300)

Browse source 
DS is peculiar and needs some special cases to do the right things.
For a direct query return the DS, but if we're hitting below the
delegation return the NS+DS in a delegation response.
This commit is contained in:
Miek Gieben 2017-12-11 14:17:41 +00:00 committed by GitHub
parent 6cd0050c09
commit 27da0eba04
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
plugin/file/delegation_test.go
View file

@ -121,7 +121,7 @@ var secureDelegationTestCases = []test.Case{
}, },
}, },
{ {
Qname: "foo.delegated.example.org.", Qtype: dns.TypeTXT, Qname: "foo.delegated.example.org.", Qtype: dns.TypeDS,
Do: true, Do: true,
Ns: []dns.RR{ Ns: []dns.RR{
test.DS("delegated.example.org. 1800 IN DS 10056 5 1 EE72CABD1927759CDDA92A10DBF431504B9E1F13"), test.DS("delegated.example.org. 1800 IN DS 10056 5 1 EE72CABD1927759CDDA92A10DBF431504B9E1F13"),
@ -136,6 +136,23 @@ var secureDelegationTestCases = []test.Case{
test.AAAA("a.delegated.example.org. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"), test.AAAA("a.delegated.example.org. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
}, },
}, },
{
Qname: "delegated.example.org.", Qtype: dns.TypeDS,
Do: true,
Answer: []dns.RR{
test.DS("delegated.example.org. 1800 IN DS 10056 5 1 EE72CABD1927759CDDA92A10DBF431504B9E1F13"),
test.DS("delegated.example.org. 1800 IN DS 10056 5 2 E4B05F87725FA86D9A64F1E53C3D0E6250946599DFE639C45955B0ED416CDDFA"),
test.RRSIG("delegated.example.org. 1800 IN RRSIG DS 13 3 1800 20161129153240 20161030153240 49035 example.org. rlNNzcUmtbjLSl02ZzQGUbWX75yCUx0Mug1jHtKVqRq1hpPE2S3863tIWSlz+W9wz4o19OI4jbznKKqk+DGKog=="),
},
Ns: []dns.RR{
test.NS("example.org. 1800 IN NS a.iana-servers.net."),
test.NS("example.org. 1800 IN NS b.iana-servers.net."),
test.RRSIG("example.org. 1800 IN RRSIG NS 13 2 1800 20161129153240 20161030153240 49035 example.org. llrHoIuw="),
},
Extra: []dns.RR{
test.OPT(4096, true),
},
},
} }
var miekAuth = []dns.RR{ var miekAuth = []dns.RR{

9
plugin/file/lookup.go
View file

@ -127,6 +127,15 @@ func (z *Zone) Lookup(state request.Request, qname string) ([]dns.RR, []dns.RR,
// If we see NS records, it means the name as been delegated, and we should return the delegation. // If we see NS records, it means the name as been delegated, and we should return the delegation.
if nsrrs := elem.Types(dns.TypeNS); nsrrs != nil { if nsrrs := elem.Types(dns.TypeNS); nsrrs != nil {
// If the query is specifically for DS and the qname matches the delegated name, we should
// return the DS in the answer section and leave the rest empty, i.e. just continue the loop
// and continue searching.
if qtype == dns.TypeDS && elem.Name() == qname {
i++
continue
}
glue := z.Glue(nsrrs, do) glue := z.Glue(nsrrs, do)
if do { if do {
dss := z.typeFromElem(elem, dns.TypeDS, do) dss := z.typeFromElem(elem, dns.TypeDS, do)