From d6d8a9974bc45855a7d8a89e9e452cc9b6301d0e Mon Sep 17 00:00:00 2001
From: Chris O'Haver <cohaver@infoblox.com>
Date: Tue, 4 May 2021 05:05:08 -0400
Subject: [PATCH] plugin/kubernetes: fix SOA response for non-apex queries
 (#4592)

* fix SOA response for non-apex queries

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>

* handle mixed case

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>

* do full string compare

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
---
 plugin/kubernetes/handler.go           | 5 +++--
 plugin/kubernetes/handler_case_test.go | 7 +++++++
 plugin/kubernetes/handler_test.go      | 7 +++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/plugin/kubernetes/handler.go b/plugin/kubernetes/handler.go
index 0bf4b12af..336fd08db 100644
--- a/plugin/kubernetes/handler.go
+++ b/plugin/kubernetes/handler.go
@@ -43,7 +43,9 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M
 	case dns.TypeSRV:
 		records, extra, err = plugin.SRV(ctx, &k, zone, state, plugin.Options{})
 	case dns.TypeSOA:
-		records, err = plugin.SOA(ctx, &k, zone, state, plugin.Options{})
+		if qname == zone {
+			records, err = plugin.SOA(ctx, &k, zone, state, plugin.Options{})
+		}
 	case dns.TypeAXFR, dns.TypeIXFR:
 		return dns.RcodeRefused, nil
 	case dns.TypeNS:
@@ -82,7 +84,6 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M
 	m.Authoritative = true
 	m.Answer = append(m.Answer, records...)
 	m.Extra = append(m.Extra, extra...)
-
 	w.WriteMsg(m)
 	return dns.RcodeSuccess, nil
 }
diff --git a/plugin/kubernetes/handler_case_test.go b/plugin/kubernetes/handler_case_test.go
index 2a19a7aac..c3f90f1eb 100644
--- a/plugin/kubernetes/handler_case_test.go
+++ b/plugin/kubernetes/handler_case_test.go
@@ -38,6 +38,13 @@ var dnsPreserveCaseCases = []test.Case{
 			test.A("svc1.testns.svc.cLuStEr.LoCaL.	5	IN	A	10.0.0.1"),
 		},
 	},
+	{
+		Qname: "Cluster.local.", Qtype: dns.TypeSOA,
+		Rcode: dns.RcodeSuccess,
+		Answer: []dns.RR{
+			test.SOA("Cluster.local.	5	IN	SOA	ns.dns.Cluster.local. hostmaster.Cluster.local. 1499347823 7200 1800 86400 5"),
+		},
+	},
 }
 
 func TestPreserveCase(t *testing.T) {
diff --git a/plugin/kubernetes/handler_test.go b/plugin/kubernetes/handler_test.go
index 71609a6de..7904e67a6 100644
--- a/plugin/kubernetes/handler_test.go
+++ b/plugin/kubernetes/handler_test.go
@@ -396,6 +396,13 @@ var dnsTestCases = []test.Case{
 			test.AAAA("svc-dual-stack.testns.svc.cluster.local.  5       IN      AAAA       10::3"),
 		},
 	},
+	{
+		Qname: "svc1.testns.svc.cluster.local.", Qtype: dns.TypeSOA,
+		Rcode: dns.RcodeSuccess,
+		Ns: []dns.RR{
+			test.SOA("cluster.local.	5	IN	SOA	ns.dns.cluster.local. hostmaster.cluster.local. 1499347823 7200 1800 86400 5"),
+		},
+	},
 }
 
 func TestServeDNS(t *testing.T) {