fcd0342e42
* core: allow all CIDR ranges in zone specifications Allow (e.g.) a v4 reverse on a /17. If a zone is specified in such a way a FilterFunc is set in the config. This filter is checked against incoming queries. For all other queries this adds a 'x != nil' check which will not impact performace too much. Benchmark function is added as well to check for this as wel. Add multiple tests in tests/server_reverse_test.go. Benchmark shows in the non-reverse case this hardly impact the speed: ~~~ classless: pkg: github.com/coredns/coredns/core/dnsserver BenchmarkCoreServeDNS-4 1000000 1431 ns/op 16 B/op 1 allocs/op pkg: github.com/coredns/coredns/core/dnsserver BenchmarkCoreServeDNS-4 1000000 1429 ns/op 16 B/op 1 allocs/op master: pkg: github.com/coredns/coredns/core/dnsserver BenchmarkCoreServeDNS-4 1000000 1412 ns/op 16 B/op 1 allocs/op pkg: github.com/coredns/coredns/core/dnsserver BenchmarkCoreServeDNS-4 1000000 1429 ns/op 16 B/op 1 allocs/op ~~~ * README.md updates
139 lines
3.9 KiB
Go
139 lines
3.9 KiB
Go
package plugin
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
// See core/dnsserver/address.go - we should unify these two impls.
|
|
|
|
// Zones respresents a lists of zone names.
|
|
type Zones []string
|
|
|
|
// Matches checks is qname is a subdomain of any of the zones in z. The match
|
|
// will return the most specific zones that matches other. The empty string
|
|
// signals a not found condition.
|
|
func (z Zones) Matches(qname string) string {
|
|
zone := ""
|
|
for _, zname := range z {
|
|
if dns.IsSubDomain(zname, qname) {
|
|
// We want the *longest* matching zone, otherwise we may end up in a parent
|
|
if len(zname) > len(zone) {
|
|
zone = zname
|
|
}
|
|
}
|
|
}
|
|
return zone
|
|
}
|
|
|
|
// Normalize fully qualifies all zones in z. The zones in Z must be domain names, without
|
|
// a port or protocol prefix.
|
|
func (z Zones) Normalize() {
|
|
for i := range z {
|
|
z[i] = Name(z[i]).Normalize()
|
|
}
|
|
}
|
|
|
|
// Name represents a domain name.
|
|
type Name string
|
|
|
|
// Matches checks to see if other is a subdomain (or the same domain) of n.
|
|
// This method assures that names can be easily and consistently matched.
|
|
func (n Name) Matches(child string) bool {
|
|
if dns.Name(n) == dns.Name(child) {
|
|
return true
|
|
}
|
|
return dns.IsSubDomain(string(n), child)
|
|
}
|
|
|
|
// Normalize lowercases and makes n fully qualified.
|
|
func (n Name) Normalize() string { return strings.ToLower(dns.Fqdn(string(n))) }
|
|
|
|
type (
|
|
// Host represents a host from the Corefile, may contain port.
|
|
Host string
|
|
)
|
|
|
|
// Normalize will return the host portion of host, stripping
|
|
// of any port or transport. The host will also be fully qualified and lowercased.
|
|
func (h Host) Normalize() string {
|
|
|
|
s := string(h)
|
|
|
|
switch {
|
|
case strings.HasPrefix(s, TransportTLS+"://"):
|
|
s = s[len(TransportTLS+"://"):]
|
|
case strings.HasPrefix(s, TransportDNS+"://"):
|
|
s = s[len(TransportDNS+"://"):]
|
|
case strings.HasPrefix(s, TransportGRPC+"://"):
|
|
s = s[len(TransportGRPC+"://"):]
|
|
}
|
|
|
|
// The error can be ignore here, because this function is called after the corefile
|
|
// has already been vetted.
|
|
host, _, _, _ := SplitHostPort(s)
|
|
return Name(host).Normalize()
|
|
}
|
|
|
|
// SplitHostPort splits s up in a host and port portion, taking reverse address notation into account.
|
|
// String the string s should *not* be prefixed with any protocols, i.e. dns://. The returned ipnet is the
|
|
// *net.IPNet that is used when the zone is a reverse and a netmask is given.
|
|
func SplitHostPort(s string) (host, port string, ipnet *net.IPNet, err error) {
|
|
// If there is: :[0-9]+ on the end we assume this is the port. This works for (ascii) domain
|
|
// names and our reverse syntax, which always needs a /mask *before* the port.
|
|
// So from the back, find first colon, and then check if its a number.
|
|
host = s
|
|
|
|
colon := strings.LastIndex(s, ":")
|
|
if colon == len(s)-1 {
|
|
return "", "", nil, fmt.Errorf("expecting data after last colon: %q", s)
|
|
}
|
|
if colon != -1 {
|
|
if p, err := strconv.Atoi(s[colon+1:]); err == nil {
|
|
port = strconv.Itoa(p)
|
|
host = s[:colon]
|
|
}
|
|
}
|
|
|
|
// TODO(miek): this should take escaping into account.
|
|
if len(host) > 255 {
|
|
return "", "", nil, fmt.Errorf("specified zone is too long: %d > 255", len(host))
|
|
}
|
|
|
|
_, d := dns.IsDomainName(host)
|
|
if !d {
|
|
return "", "", nil, fmt.Errorf("zone is not a valid domain name: %s", host)
|
|
}
|
|
|
|
// Check if it parses as a reverse zone, if so we use that. Must be fully specified IP and mask.
|
|
ip, n, err := net.ParseCIDR(host)
|
|
ones, bits := 0, 0
|
|
if err == nil {
|
|
if rev, e := dns.ReverseAddr(ip.String()); e == nil {
|
|
ones, bits = n.Mask.Size()
|
|
// Get the first lower octet boundary to see what encompassing zone we should be authoritative for.
|
|
mod := (bits - ones) % 8
|
|
nearest := (bits - ones) + mod
|
|
offset, end := 0, false
|
|
for i := 0; i < nearest/8; i++ {
|
|
offset, end = dns.NextLabel(rev, offset)
|
|
if end {
|
|
break
|
|
}
|
|
}
|
|
host = rev[offset:]
|
|
}
|
|
}
|
|
return host, port, n, nil
|
|
}
|
|
|
|
// Duplicated from core/dnsserver/address.go !
|
|
const (
|
|
TransportDNS = "dns"
|
|
TransportTLS = "tls"
|
|
TransportGRPC = "grpc"
|
|
)
|