acf9a0fa19
* cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
75 lines
2 KiB
Go
75 lines
2 KiB
Go
package cache
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/coredns/coredns/plugin"
|
|
"github.com/coredns/coredns/plugin/pkg/dnstest"
|
|
"github.com/coredns/coredns/plugin/test"
|
|
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
func TestDo(t *testing.T) {
|
|
// cache sets Do and requests that don't have them.
|
|
c := New()
|
|
c.Next = echoHandler()
|
|
req := new(dns.Msg)
|
|
req.SetQuestion("example.org.", dns.TypeA)
|
|
rec := dnstest.NewRecorder(&test.ResponseWriter{})
|
|
|
|
// No DO set.
|
|
c.ServeDNS(context.TODO(), rec, req)
|
|
reply := rec.Msg
|
|
opt := reply.Extra[len(reply.Extra)-1]
|
|
if x, ok := opt.(*dns.OPT); !ok {
|
|
t.Fatalf("Expected OPT RR, got %T", x)
|
|
}
|
|
if !opt.(*dns.OPT).Do() {
|
|
t.Errorf("Expected DO bit to be set, got false")
|
|
}
|
|
if x := opt.(*dns.OPT).UDPSize(); x != defaultUDPBufSize {
|
|
t.Errorf("Expected %d bufsize, got %d", defaultUDPBufSize, x)
|
|
}
|
|
|
|
// Do set - so left alone.
|
|
const mysize = defaultUDPBufSize * 2
|
|
setDo(req)
|
|
// set bufsize to something else than default to see cache doesn't touch it
|
|
req.Extra[len(req.Extra)-1].(*dns.OPT).SetUDPSize(mysize)
|
|
c.ServeDNS(context.TODO(), rec, req)
|
|
reply = rec.Msg
|
|
opt = reply.Extra[len(reply.Extra)-1]
|
|
if x, ok := opt.(*dns.OPT); !ok {
|
|
t.Fatalf("Expected OPT RR, got %T", x)
|
|
}
|
|
if !opt.(*dns.OPT).Do() {
|
|
t.Errorf("Expected DO bit to be set, got false")
|
|
}
|
|
if x := opt.(*dns.OPT).UDPSize(); x != mysize {
|
|
t.Errorf("Expected %d bufsize, got %d", mysize, x)
|
|
}
|
|
|
|
// edns0 set, but not DO, so _not_ left alone.
|
|
req.Extra[len(req.Extra)-1].(*dns.OPT).SetDo(false)
|
|
c.ServeDNS(context.TODO(), rec, req)
|
|
reply = rec.Msg
|
|
opt = reply.Extra[len(reply.Extra)-1]
|
|
if x, ok := opt.(*dns.OPT); !ok {
|
|
t.Fatalf("Expected OPT RR, got %T", x)
|
|
}
|
|
if !opt.(*dns.OPT).Do() {
|
|
t.Errorf("Expected DO bit to be set, got false")
|
|
}
|
|
if x := opt.(*dns.OPT).UDPSize(); x != defaultUDPBufSize {
|
|
t.Errorf("Expected %d bufsize, got %d", defaultUDPBufSize, x)
|
|
}
|
|
}
|
|
|
|
func echoHandler() plugin.Handler {
|
|
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
|
|
w.WriteMsg(r)
|
|
return dns.RcodeSuccess, nil
|
|
})
|
|
}
|