From 7a8d943bccc7ec0d21e13374c836cf9197996e10 Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Wed, 27 Apr 2016 10:48:22 +0000 Subject: [PATCH] Bail out on failure when starting up Don't silently hide failures, barf on startup. Also add more integration tests that should catch some of these things. --- core/setup/dnssec.go | 15 ++++--- core/setup/file.go | 5 ++- middleware/dnssec/dnssec.go | 2 +- test/middleware_dnssec_test.go | 78 ++++++++++++++++++++++++++++++++++ 4 files changed, 91 insertions(+), 9 deletions(-) create mode 100644 test/middleware_dnssec_test.go diff --git a/core/setup/dnssec.go b/core/setup/dnssec.go index 523f6e659..39f34b66f 100644 --- a/core/setup/dnssec.go +++ b/core/setup/dnssec.go @@ -1,7 +1,7 @@ package setup import ( - "path" + "strings" "github.com/miekg/coredns/middleware" "github.com/miekg/coredns/middleware/dnssec" @@ -35,8 +35,7 @@ func dnssecParse(c *Controller) ([]string, []*dnssec.DNSKEY, error) { for c.NextBlock() { k, e := keyParse(c) if e != nil { - // TODO(miek): Log and drop or something? stop startup? - continue + return nil, nil, e } keys = append(keys, k...) } @@ -61,11 +60,13 @@ func keyParse(c *Controller) ([]*dnssec.DNSKEY, error) { if value == "file" { ks := c.RemainingArgs() for _, k := range ks { - // Kmiek.nl.+013+26205.key, handle .private or without extension: Kmiek.nl.+013+26205 - ext := path.Ext(k) // TODO(miek): test things like .key base := k - if len(ext) > 0 { - base = k[:len(k)-len(ext)] + // Kmiek.nl.+013+26205.key, handle .private or without extension: Kmiek.nl.+013+26205 + if strings.HasSuffix(k, ".key") { + base = k[:len(k)-4] + } + if strings.HasSuffix(k, ".private") { + base = k[:len(k)-8] } k, err := dnssec.ParseKeyFile(base+".key", base+".private") if err != nil { diff --git a/core/setup/file.go b/core/setup/file.go index b535332a7..a0b90c3ca 100644 --- a/core/setup/file.go +++ b/core/setup/file.go @@ -54,7 +54,8 @@ func fileParse(c *Controller) (file.Zones, error) { reader, err := os.Open(fileName) if err != nil { - continue + // bail out + return file.Zones{}, err } for i, _ := range origins { @@ -62,6 +63,8 @@ func fileParse(c *Controller) (file.Zones, error) { zone, err := file.Parse(reader, origins[i], fileName) if err == nil { z[origins[i]] = zone + } else { + return file.Zones{}, err } names = append(names, origins[i]) } diff --git a/middleware/dnssec/dnssec.go b/middleware/dnssec/dnssec.go index b0a328bee..64359d8c9 100644 --- a/middleware/dnssec/dnssec.go +++ b/middleware/dnssec/dnssec.go @@ -74,7 +74,7 @@ func (d Dnssec) Sign(state middleware.State, zone string, now time.Time) *dns.Ms for _, r := range rrSets(req.Extra) { ttl := r[0].Header().Ttl if sigs, err := d.sign(r, zone, ttl, incep, expir); err == nil { - req.Extra = append(req.Extra, sigs...) + req.Extra = append(sigs, req.Extra...) // prepend to leave OPT alone } } return req diff --git a/test/middleware_dnssec_test.go b/test/middleware_dnssec_test.go new file mode 100644 index 000000000..434e7ad56 --- /dev/null +++ b/test/middleware_dnssec_test.go @@ -0,0 +1,78 @@ +package test + +import ( + "io/ioutil" + "log" + "os" + "testing" + + "github.com/miekg/coredns/middleware/test" + + "github.com/miekg/dns" +) + +func TestLookupBalanceRewriteCacheDnssec(t *testing.T) { + name, rm, err := test.TempFile(t, ".", exampleOrg) + if err != nil { + t.Fatalf("failed to created zone: %s", err) + } + defer rm() + rm1 := createKeyFile(t) + defer rm1() + + corefile := `example.org:0 { + file ` + name + ` + rewrite ANY HINFO + dnssec { + key file ` + base + ` + } + loadbalance +} +` + ex, _, udp, err := Server(t, corefile) + if err != nil { + t.Errorf("Could get server to start: %s", err) + return + } + defer ex.Stop() + + log.SetOutput(ioutil.Discard) + c := new(dns.Client) + m := new(dns.Msg) + m.SetQuestion("example.org.", dns.TypeA) + m.SetEdns0(4096, true) + res, _, err := c.Exchange(m, udp) + if err != nil { + t.Fatalf("Could not send query: %s", err) + } + sig := 0 + for _, a := range res.Answer { + if a.Header().Rrtype == dns.TypeRRSIG { + sig++ + } + } + if sig == 0 { + t.Errorf("expected RRSIGs, got none") + t.Logf("%v\n", res) + } +} + +func createKeyFile(t *testing.T) func() { + ioutil.WriteFile(base+".key", + []byte(`example.org. IN DNSKEY 256 3 13 tDyI0uEIDO4SjhTJh1AVTFBLpKhY3He5BdAlKztewiZ7GecWj94DOodg ovpN73+oJs+UfZ+p9zOSN5usGAlHrw==`), + 0644) + ioutil.WriteFile(base+".private", + []byte(`Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: HPmldSNfrkj/aDdUMFwuk/lgzaC5KIsVEG3uoYvF4pQ= +Created: 20160426083115 +Publish: 20160426083115 +Activate: 20160426083115`), + 0644) + return func() { + os.Remove(base + ".key") + os.Remove(base + ".private") + } +} + +const base = "Kexample.org.+013+44563"