TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 4 Projects Releases Packages Wiki Activity Actions

fix and document zone-match regex-no-match case (#5180)

Browse source 
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
This commit is contained in:
Chris O'Haver 2022-05-13 23:23:28 -04:00 committed by GitHub
parent dbb8a12394
commit 4d1d9adb0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
plugin/template/README.md
View file

@ -17,23 +17,24 @@ template CLASS TYPE [ZONE...] {
additional RR
authority RR
rcode CODE
fallthrough [ZONE...]
fallthrough [FALLTHROUGH-ZONE...]
}
~~~
* **CLASS** the query class (usually IN or ANY).
* **TYPE** the query type (A, PTR, ... can be ANY to match all types).
* **ZONE** the zone scope(s) for this template. Defaults to the server zones.
* **REGEX** [Go regexp](https://golang.org/pkg/regexp/) that are matched against the incoming question name. Specifying no regex matches everything (default: `.*`). First matching regex wins.
* `match` **REGEX** [Go regexp](https://golang.org/pkg/regexp/) that are matched against the incoming question name.
Specifying no regex matches everything (default: `.*`). First matching regex wins.
* `answer|additional|authority` **RR** A [RFC 1035](https://tools.ietf.org/html/rfc1035#section-5) style resource record fragment
built by a [Go template](https://golang.org/pkg/text/template/) that contains the reply.
built by a [Go template](https://golang.org/pkg/text/template/) that contains the reply. Specifying no answer will result
in a response with an empty answer section.
* `rcode` **CODE** A response code (`NXDOMAIN, SERVFAIL, ...`). The default is `NOERROR`. Valid response code values are
per the `RcodeToString` map defined by the `miekg/dns` package in `msg.go`.
* `fallthrough` Continue with the next plugin if the zone matched but no regex matched.
If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then only queries for
those zones will be subject to fallthrough.
At least one `answer` or `rcode` directive is needed (e.g. `rcode NXDOMAIN`).
* `fallthrough` Continue with the next _template_ instance if the _template_'s **ZONE** matches a query name but no regex match.
If there is no next _template_, continue resolution with the next plugin. If **[FALLTHROUGH-ZONE...]** are listed (for example
`in-addr.arpa` and `ip6.arpa`), then only queries for those zones will be subject to fallthrough. Without
`fallthrough`, when the _template_'s **ZONE** matches a query but no regex match then a `SERVFAIL` response is returned.
[Also see](#also-see) contains an additional reading list.

2
plugin/template/template.go
View file

@ -81,7 +81,7 @@ func (h Handler) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
data, match, fthrough := template.match(ctx, state)
if !match {
if !fthrough {
return dns.RcodeNameError, nil
return dns.RcodeServerFailure, nil
}
continue
}

4
plugin/template/template_test.go
View file

@ -587,8 +587,8 @@ func TestMultiSection(t *testing.T) {
if code == rcodeFallthrough {
t.Fatalf("TestMultiSection expected no fall through resolving something.example. IN MX")
}
if code != dns.RcodeNameError {
t.Fatalf("TestMultiSection expected NXDOMAIN resolving something.example. IN MX, got %v, %v", code, dns.RcodeToString[code])
if code != dns.RcodeServerFailure {
t.Fatalf("TestMultiSection expected SERVFAIL resolving something.example. IN MX, got %v, %v", code, dns.RcodeToString[code])
}
}