plugin/kubernetes: Don't do a zone transfer for NS requests (#3098)

* fix switch order * remove fallthough * add test * fix test * distingush nxdomain/nodata for at least first subdomain of zone * restore fallthough; reorder switch cases
2019-08-09 17:14:48 -04:00 · 2019-08-09 17:14:48 -04:00 · 3a59c833a0
commit 3a59c833a0
parent 6a6e9a9b33
2 changed files with 10 additions and 2 deletions
--- a/plugin/kubernetes/handler.go
+++ b/plugin/kubernetes/handler.go
@ -28,6 +28,8 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M
 	)

 	switch state.QType() {
+	case dns.TypeAXFR, dns.TypeIXFR:
+		k.Transfer(ctx, state)
 	case dns.TypeA:
 		records, err = plugin.A(ctx, &k, zone, state, nil, plugin.Options{})
 	case dns.TypeAAAA:
@ -50,8 +52,6 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M
 			break
 		}
 		fallthrough
-	case dns.TypeAXFR, dns.TypeIXFR:
-		k.Transfer(ctx, state)
 	default:
 		// Do a fake A lookup, so we can distinguish between NODATA and NXDOMAIN
 		_, err = plugin.A(ctx, &k, zone, state, nil, plugin.Options{})
--- a/plugin/kubernetes/handler_test.go
+++ b/plugin/kubernetes/handler_test.go
@ -341,6 +341,14 @@ var dnsTestCases = []test.Case{
 			test.SOA("cluster.local.	5	IN	SOA	ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"),
 		},
 	},
+	// NS query for qname != zone (existing domain)
+	{
+		Qname: "svc.cluster.local.", Qtype: dns.TypeNS,
+		Rcode: dns.RcodeSuccess,
+		Ns: []dns.RR{
+			test.SOA("cluster.local.	5	IN	SOA	ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"),
+		},
+	},
 }

 func TestServeDNS(t *testing.T) {