Don't hold on to the *first* wildcard you'll find, but keep searching,
there may be one even deeper in the tree.
Also add multi level wildcard test
Fixes#776
* middleware/file: add DNSSEC support
Add tests for DNSSEC and check if everything is working.
* add signatures
* tweak
* Add DNSSEC signing tests for DNAME
* Just sign it all
When CoreDNS starts up and can't get a zone transfer going the Apex is
empty. This `nil` is then transformed into wireformat, which fails with
a nil pointer dereference in Go DNS.
In this case we should just return SERVFAIL, because we don't have any
info (yet). Note the lookup code returned NXDOMAIN, which is correct
from a lookup standpoint, but also invalidates every name in the future
loaded zone.
Anyway, look for an apex before doing the lookup and return SERVFAIL if
nothing is found.
Fixes#679
* Test DNAME handling
If the DNAME itself matches the QTYPE, and the owner name matches QNAME,
the relevant DNAME RR should be included in the answer section.
Other parts of RFC 6672 are not implemented yet and hence left untested.
* Implement the DNAME substitution
As specified in RFC 6672, a DNAME substitution is performed by replacing
the suffix labels of the name being sought matching the owner name of
the DNAME resource record with the string of labels in the RDATA field.
The matching labels end with the root label in all cases. Only whole
labels are replaced.
* Handle DNAME redirection
A CNAME RR is created on-the-fly for the DNAME redirection. Be aware
that we do not have all the edge cases covered yet.
* Test DNAME owner name matching the QNAME
A DNAME RR redirects DNS names subordinate to its owner name; the owner
name of a DNAME is NOT redirected itself.
* Ignore names next to and below a DNAME record
According to RFC 6672, resource records MUST NOT exist at any subdomain
of the owner of a DNAME RR. When loading a zone, those names below the
DNAME RR will be quietly ignored.
* Streamline DNAME processing
Instead of checking DNAMEs during lookup, we use a preloaded list of
DNAME RRs to streamline the process without any runtime performance
penalty:
* When loading the zone, keep a record of any DNAME RRs.
* If there aren't any DNAMEs in the zone, just do the lookup as usual.
* Only when the zone has one or more DNAME records, we look for the
matching DNAME and ignore confronting subdomain(s) in the process.
* Make it easier to trace back through test errors
* Make DNAME handling part of lookup routine
DNAME processing is invoked only if the zone has at least one DNAME RR.
* Put DNAME resolution inside the searching of a hit
We can drop some of the other ideas; we don't need to track if we
have DNAMEs in the zone it just follows naturally from the current
lookup code.
See also: #664
Up till now we would only chase 1 CNAME. Spec requires we will chase
all. This PR add support for this. Up to 8 CNAMEs are chased (this
could be longer, by just checking for cycles, but 8 seems enough for
now).
Also add RRSIG of the first CNAME for DNSSEC.
A NSEC record is need to deny any other name that might exist.
Also don't blindly perform the interface conversion when getting
glue for NS records as they now may include RRSIG - also add tests
for that.
Fix the delegation handling in the *file* and *dnssec* middleware.
Refactor tests a bit and show that they are failling.
Add a Tree printer, cleanups and tests.
Fix wildcard test - should get no answer from empty-non-terminal
When a file is moved into position we should also reload the zones'
content.
This also fixes deadlock bug in the locking, a reload would block any
further lookups.
* Fix linter errors
* More linting fixes
* More docs and making members private that dont need to be public
* Fix linter errors
* More linting fixes
* More docs and making members private that dont need to be public
* More lint fixes
This leaves:
~~~
middleware/kubernetes/nametemplate/nametemplate.go:64:6: exported type NameTemplate should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:71:1: exported method NameTemplate.SetTemplate should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:108:1: exported method NameTemplate.GetZoneFromSegmentArray should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:116:1: exported method NameTemplate.GetNamespaceFromSegmentArray should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:120:1: exported method NameTemplate.GetServiceFromSegmentArray should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:124:1: exported method NameTemplate.GetTypeFromSegmentArray should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:135:1: exported method NameTemplate.GetSymbolFromSegmentArray should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:167:1: exported method NameTemplate.IsValid should have comment or be unexported
middleware/kubernetes/nametemplate/nametemplate.go:182:6: exported type NameValues should have comment or be unexported
middleware/kubernetes/util/util.go:1:1: package comment should be of the form "Package util ..."
middleware/kubernetes/util/util.go:27:2: exported const WildcardStar should have comment (or a comment on this block) or be unexported
middleware/proxy/lookup.go:66:1: exported method Proxy.Forward should have comment or be unexported
middleware/proxy/proxy.go:24:6: exported type Client should have comment or be unexported
middleware/proxy/proxy.go:107:1: exported function Clients should have comment or be unexported
middleware/proxy/reverseproxy.go:10:6: exported type ReverseProxy should have comment or be unexported
middleware/proxy/reverseproxy.go:16:1: exported method ReverseProxy.ServeDNS should have comment or be unexported
middleware/proxy/upstream.go:42:6: exported type Options should have comment or be unexported
~~~
I plan on reworking the proxy anyway, so I'll leave that be.
Return a delegation when seeing one while traversing the tree in
search of an answer.
Put the SOA and NS record in the zone.Apex as these are to be handled
somewhat special.
Lowercase record on insert to make compares easier. This lowercases
all RR that have domain names in their rdata as well.
Drop the use of dns.RR when in fact the only thing we use is the name
and type of the RR. Cleans up a bunch of stuff and also stops the weird
making of dns.RRs just for a lookup. Should safe some memory as well.
Fixes: #66
When looking for a name in tree, return wether we got to a longer one -
if so we had an ent. Add tests + dnssec tests and refactor the tests as
well a bit.
Reply to queries when you have a wildcard in the zone. This works
for DNS and DNSSEC. Thing missing is NODATA responses for that specific
wildcard.
Add wildcard_test.go as well.
Full implementation, DNS (and in the future DNSSEC). Returns answer in a
hopefully standards compliant way.
Testing with my miek.nl zone are included as well.
This should correctly handle nodata, nxdomain and cnames.
