From 5b5a6ac6ad94e9ef1e23bd76a2cd1f3987cbe8df Mon Sep 17 00:00:00 2001 From: Dan Wilson Date: Mon, 19 Jun 2023 05:42:17 -0700 Subject: [PATCH] plugin/kubernetes: filter ExternalName services from matching double subdomain wildcard (#6162) remove double subdomain reference from review feedback not subdoman Signed-off-by: emaildanwilson Co-authored-by: emaildanwilson --- plugin/kubernetes/handler_test.go | 8 ++++++++ plugin/kubernetes/kubernetes.go | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/plugin/kubernetes/handler_test.go b/plugin/kubernetes/handler_test.go index 55a8b8c32..405dc73d9 100644 --- a/plugin/kubernetes/handler_test.go +++ b/plugin/kubernetes/handler_test.go @@ -408,6 +408,14 @@ var dnsTestCases = []kubeTestCase{ test.SOA("cluster.local. 5 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"), }, }}, + // A query for a subdomain of a subdomain of an external service should not resolve to the external service + {Case: test.Case{ + Qname: "subdomain.subdomain.external.testns.svc.cluster.local.", Qtype: dns.TypeCNAME, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 5 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"), + }, + }}, } func TestServeDNS(t *testing.T) { diff --git a/plugin/kubernetes/kubernetes.go b/plugin/kubernetes/kubernetes.go index 14ea031a0..cea23d860 100644 --- a/plugin/kubernetes/kubernetes.go +++ b/plugin/kubernetes/kubernetes.go @@ -445,8 +445,8 @@ func (k *Kubernetes) findServices(r recordRequest, zone string) (services []msg. // External service if svc.Type == api.ServiceTypeExternalName { - //External services cannot have endpoints, so skip this service if an endpoint is present in the request - if r.endpoint != "" { + // External services do not have endpoints, nor can we accept port/protocol pseudo subdomains in an SRV query, so skip this service if endpoint, port, or protocol is non-empty in the request + if r.endpoint != "" || r.port != "" || r.protocol != "" { continue } s := msg.Service{Key: strings.Join([]string{zonePath, Svc, svc.Namespace, svc.Name}, "/"), Host: svc.ExternalName, TTL: k.ttl}