From 3a59c833a09eafd8e67f6ac1686b30193b6220c0 Mon Sep 17 00:00:00 2001 From: Chris O'Haver Date: Fri, 9 Aug 2019 17:14:48 -0400 Subject: [PATCH] plugin/kubernetes: Don't do a zone transfer for NS requests (#3098) * fix switch order * remove fallthough * add test * fix test * distingush nxdomain/nodata for at least first subdomain of zone * restore fallthough; reorder switch cases --- plugin/kubernetes/handler.go | 4 ++-- plugin/kubernetes/handler_test.go | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/plugin/kubernetes/handler.go b/plugin/kubernetes/handler.go index 324e08da6..a7df99d90 100644 --- a/plugin/kubernetes/handler.go +++ b/plugin/kubernetes/handler.go @@ -28,6 +28,8 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M ) switch state.QType() { + case dns.TypeAXFR, dns.TypeIXFR: + k.Transfer(ctx, state) case dns.TypeA: records, err = plugin.A(ctx, &k, zone, state, nil, plugin.Options{}) case dns.TypeAAAA: @@ -50,8 +52,6 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M break } fallthrough - case dns.TypeAXFR, dns.TypeIXFR: - k.Transfer(ctx, state) default: // Do a fake A lookup, so we can distinguish between NODATA and NXDOMAIN _, err = plugin.A(ctx, &k, zone, state, nil, plugin.Options{}) diff --git a/plugin/kubernetes/handler_test.go b/plugin/kubernetes/handler_test.go index 0efd03c07..a517e8b89 100644 --- a/plugin/kubernetes/handler_test.go +++ b/plugin/kubernetes/handler_test.go @@ -341,6 +341,14 @@ var dnsTestCases = []test.Case{ test.SOA("cluster.local. 5 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"), }, }, + // NS query for qname != zone (existing domain) + { + Qname: "svc.cluster.local.", Qtype: dns.TypeNS, + Rcode: dns.RcodeSuccess, + Ns: []dns.RR{ + test.SOA("cluster.local. 5 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"), + }, + }, } func TestServeDNS(t *testing.T) {