diff --git a/synthetic.go b/synthetic.go index 169c681..5e919b8 100644 --- a/synthetic.go +++ b/synthetic.go @@ -26,146 +26,113 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms // Create a new state for this request. This is used to store state and allows us to pass this state := request.Request{W: w, Req: r} - log.Debug("Received request for ", state.QName(), " of type ", state.QType()) + log.Info("Received request for ", state.QName(), " of type ", state.QType()) + + // + // FOR FORWARD LOOKUPS + // we always respond directly (no need to continue the plugin chain) + // need valid networks to check against + // + if state.QType() == dns.TypeA || state.QType() == dns.TypeAAAA { + if strings.HasPrefix(state.Name(), s.Config.prefix) { + log.Info("Possible synthetic response for:", state.QName()) + + // pull out the ip address + ipStr := strings.TrimPrefix(strings.Split(state.Name(), ".")[0], s.Config.prefix) + ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", ".")) + if ip == nil { + ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":")) + } + + // respond according to the IP type and the request type + if ip != nil { + log.Info("Valid IP from hostname:", ip) + + // check if ip is within the synthetic network + var found bool + for _, n := range s.Config.net { + if n.Contains(ip) { + found = true + break + } + } + // don't continue if the IP is not in the synthetic network (fall back to recorded response) + if found { + log.Info("IP ", ip, " is in synthetic network") + + if ip.To4() == nil && state.QType() == dns.TypeAAAA { + log.Info("Responding to AAAA request for ", state.QName()) + m := new(dns.Msg) + m.SetReply(r) + hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl} + m.Answer = append(m.Answer, &dns.AAAA{Hdr: hdr, AAAA: ip.To16()}) + w.WriteMsg(m) + return dns.RcodeSuccess, nil + } + if ip.To4() != nil && state.QType() == dns.TypeA { + log.Info("Responding to A request for ", state.QName()) + m := new(dns.Msg) + m.SetReply(r) + hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl} + m.Answer = append(m.Answer, &dns.A{Hdr: hdr, A: ip.To4()}) + w.WriteMsg(m) + return dns.RcodeSuccess, nil + } + if ip.To4() == nil && state.QType() == dns.TypeA { + log.Info("Responding to A request for ", state.QName(), " with empty answer") + m := new(dns.Msg) + m.SetReply(r) + w.WriteMsg(m) + return dns.RcodeSuccess, nil + } + if ip.To4() != nil && state.QType() == dns.TypeAAAA { + log.Info("Responding to AAAA request for ", state.QName(), " with empty answer") + m := new(dns.Msg) + m.SetReply(r) + w.WriteMsg(m) + return dns.RcodeSuccess, nil + } + log.Info("Unexpected code path for: ", state.QName()) + } + log.Info("IP not in a valid network: ", ip) + } + log.Info("Invalid IP from hostname: ", state.QName()) + } + } + + // + // FOR REVERSE LOOKUPS + // must check next plugin in chain to see if it's a success (static reverse lookups override synthetic) + // no need to check valid networks (guaranteed to be in the synthetic network based on the coredns config) + // // Continue to the next plugin in the chain, and record the response. rec := dnstest.NewRecorder(&test.ResponseWriter{}) rc, err := plugin.NextOrFailure(s.Name(), s.Next, ctx, rec, r) - log.Debug("Next plugin in chain responded with rcode ", - rc, - " and ", - len(r.Answer), - " answer(s) for ", - state.QName(), - ) - // If the next plugin in the chain's recorded response is success, we go with that. if rc == dns.RcodeSuccess && len(rec.Msg.Answer) > 0 { - log.Info("Next Plugin's answers are acceptable") + log.Info("Next Plugin's answers are acceptable. no synthetic response") w.WriteMsg(rec.Msg) return rc, err } - log.Debug("Injecting Synthetic response") - switch state.QType() { + if state.QType() == dns.TypePTR { + log.Info("Attempting to inject synthetic response for reverse lookup: ", state.QName()) - // - // Handle AAAA and A requests (Forward Lookup) - // Note: on the forward lookup, we're guaranteed to have a match on the domain name - // - case dns.TypeA, dns.TypeAAAA: - - // only continue if the first label starts with the prefix (fall back to recorded response) - if !strings.HasPrefix(state.Name(), s.Config.prefix) { - w.WriteMsg(rec.Msg) - return rc, err - } - - // parse first dns label (now we have: "") - firstLabel := strings.Split(state.Name(), ".")[0] - - // trim the prefix (now we have: "") - ipStr := strings.TrimPrefix(firstLabel, s.Config.prefix) - - // attempt to parse as IPv6 or IPv4 - ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", ".")) - if ip == nil { - ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":")) - } - log.Debug(state.Name(), " parsed to ", ip) - - // don't continue if we couldn't parse the IP (fall back to recorded responses) - if ip == nil { - log.Debug("Failed to parse IP from: ", state.QName()) - w.WriteMsg(rec.Msg) - return rc, err - } - - // check if ip is within the synthetic network - var found bool - for _, n := range s.Config.net { - if n.Contains(ip) { - found = true - break - } - } - // don't continue if the IP is not in the synthetic network (fall back to recorded response) - if !found { - log.Debug("IP ", ip, " not found in synthetic network") - w.WriteMsg(rec.Msg) - return rc, err - } - - // handle AAAA requests with IPv6 address - if ip.To4() == nil && state.QType() == dns.TypeAAAA { - log.Debug("Responding to AAAA request for ", state.QName()) - m := new(dns.Msg) - m.SetReply(r) - hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl} - m.Answer = append(m.Answer, &dns.AAAA{Hdr: hdr, AAAA: ip.To16()}) - w.WriteMsg(m) - return dns.RcodeSuccess, nil - } - - // handle A requests with IPv4 address - if ip.To4() != nil && state.QType() == dns.TypeA { - log.Debug("Responding to A request for ", state.QName()) - m := new(dns.Msg) - m.SetReply(r) - hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl} - m.Answer = append(m.Answer, &dns.A{Hdr: hdr, A: ip.To4()}) - w.WriteMsg(m) - return dns.RcodeSuccess, nil - } - - // handle A requests with IPv6 address (respond with empty answer and NOERROR) - if ip.To4() == nil && state.QType() == dns.TypeA { - log.Debug("Responding to A request for ", state.QName(), " with empty answer") - m := new(dns.Msg) - m.SetReply(r) - w.WriteMsg(m) - return dns.RcodeSuccess, nil - } - - // handle AAAA requests with IPv4 address (respond with empty answer and NOERROR) - if ip.To4() != nil && state.QType() == dns.TypeAAAA { - log.Debug("Responding to AAAA request for ", state.QName(), " with empty answer") - m := new(dns.Msg) - m.SetReply(r) - w.WriteMsg(m) - return dns.RcodeSuccess, nil - } - - // if we got here, we couldn't handle the request (fall back to recorded response) - log.Debug("Failed to handle request for ", state.QName()) - w.WriteMsg(rec.Msg) - return rc, err - - // - // Handle PTR requests (Reverse Lookup) - // Note: on the reverse lookup, we're guaranteed to have a match on the network based on the zone file - // - case dns.TypePTR: ip := inArpaToIp(state.QName()) - log.Debug("Received PTR request. Parsed ", state.QName(), " to ", ip) + log.Info("Parsed IP: ", ip) - // don't continue if we couldn't parse the IP (fall back to recorded response) - if ip == nil { - w.WriteMsg(rec.Msg) - return rc, err + if ip != nil { + forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward) + log.Debug("Responding to PTR request for ", state.QName(), " with ", forward) + m := new(dns.Msg) + m.SetReply(r) + hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl} + m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward}) + w.WriteMsg(m) + return dns.RcodeSuccess, nil } - - // successful reverse lookup - forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward) - log.Debug("Responding to PTR request for ", state.QName(), " with ", forward) - m := new(dns.Msg) - m.SetReply(r) - hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl} - m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward}) - w.WriteMsg(m) - return dns.RcodeSuccess, nil - } // if we got here, we couldn't handle the request (fall back to recorded response) diff --git a/synthetic_test.go b/synthetic_test.go index 2764065..470ee1e 100644 --- a/synthetic_test.go +++ b/synthetic_test.go @@ -7,11 +7,10 @@ import ( "github.com/coredns/coredns/plugin/test" "github.com/miekg/dns" "net" + "testing" ) -// todo: -// 1. A lookup for v6 address func TestServeDNSv4(t *testing.T) { ip, ipNet, err := net.ParseCIDR("192.0.2.0/24") if err != nil { @@ -121,8 +120,6 @@ func TestServeDNSv4(t *testing.T) { } } -// todo: -// 2. AAAA lookup for v4 address func TestServeDNSv6(t *testing.T) { ip, ipNet, err := net.ParseCIDR("2001:db8:abcd::/48") if err != nil { @@ -229,3 +226,154 @@ func TestServeDNSv6(t *testing.T) { } } } + +// MockSuccessPlugin is a mock plugin that always responds with a successful DNS response. +type MockSuccessPlugin struct{} + +// Name returns the plugin name. +func (m MockSuccessPlugin) Name() string { return "mock" } + +// ServeDNS simulates a successful DNS response. +func (m MockSuccessPlugin) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { + m1 := new(dns.Msg) + m1.SetReply(r) + hdr := dns.RR_Header{Name: r.Question[0].Name, Rrtype: r.Question[0].Qtype, Class: r.Question[0].Qclass, Ttl: 0} + switch r.Question[0].Qtype { + case dns.TypeA: + m1.Answer = append(m1.Answer, &dns.A{Hdr: hdr, A: net.ParseIP("192.0.2.100")}) + case dns.TypeAAAA: + m1.Answer = append(m1.Answer, &dns.AAAA{Hdr: hdr, AAAA: net.ParseIP("2001:db8::100")}) + } + w.WriteMsg(m1) + return dns.RcodeSuccess, nil +} + +func TestServeDNSNextPluginRespondsSuccess(t *testing.T) { + ip, ipNet, err := net.ParseCIDR("192.0.2.0/24") + if err != nil { + log.Fatal(err) + } + ip6, ipNet6, err := net.ParseCIDR("2001:db8:abcd::/48") + if err != nil { + log.Fatal(err) + } + + s := synthetic{ + Next: MockSuccessPlugin{}, + Config: syntheticConfig{ + net: []*net.IPNet{{IP: ip, Mask: ipNet.Mask}, {IP: ip6, Mask: ipNet6.Mask}}, + forward: "example.com", + prefix: "ip-", + }, + } + + testCases := []struct { + qname string + qtype uint16 + wantrcode int + wantAnswer []string + wantTTL uint32 + }{ + { + qname: "ip-192-0-2-1.example.com", + qtype: dns.TypeA, + wantrcode: dns.RcodeSuccess, + wantAnswer: []string{"192.0.2.1"}, + wantTTL: 0, + }, + { + qname: "foobar.example.com", + qtype: dns.TypeA, + wantrcode: dns.RcodeSuccess, + wantAnswer: []string{"192.0.2.100"}, + wantTTL: 0, + }, + { + qname: "ip-2001-db8-abcd--1.example.com", + qtype: dns.TypeAAAA, + wantrcode: dns.RcodeSuccess, + wantAnswer: []string{"2001:db8:abcd::1"}, + wantTTL: 0, + }, + { + qname: "foobar.example.com", + qtype: dns.TypeAAAA, + wantrcode: dns.RcodeSuccess, + wantAnswer: []string{"2001:db8:abcd::100"}, + wantTTL: 0, + }, + { + qname: "ip-2001-db8-abcd--1.example.com", + qtype: dns.TypeA, + wantrcode: dns.RcodeSuccess, + wantAnswer: nil, + wantTTL: 0, + }, + { + qname: "ip-192-0-2-1.example.com", + qtype: dns.TypeAAAA, + wantrcode: dns.RcodeSuccess, + wantAnswer: nil, + wantTTL: 0, + }, + { + qname: "3.2.1.f.e.d.c.b.a.0.9.8.7.6.5.4.4.3.2.1.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa.", + qtype: dns.TypePTR, + wantrcode: dns.RcodeSuccess, + wantAnswer: []string{"ip6-2001-db8-abcd-1234-4567-890a-bcde-f123.example.com."}, + wantTTL: 0, + }, + { + qname: "123.2.0.192.in-addr.arpa.", + qtype: dns.TypePTR, + wantrcode: dns.RcodeSuccess, + wantAnswer: []string{"ip-192-0-2-123.example.com."}, + wantTTL: 0, + }, + } + + for i, tc := range testCases { + errorMsgPrefix := fmt.Sprintf("Test case %v for '%v' failed. Expected", i, tc.qname) + ctx := context.TODO() + w := dnstest.NewRecorder(&test.ResponseWriter{}) + r := new(dns.Msg) + r.SetQuestion(tc.qname, tc.qtype) + + rc, err := s.ServeDNS(ctx, w, r) + + if err != nil { + t.Errorf("%v no error, but got %v", errorMsgPrefix, err) + } + if rc != tc.wantrcode { + t.Errorf("%v rcode %v, but got %v", errorMsgPrefix, tc.wantrcode, rc) + } + if len(w.Msg.Answer) == 0 && tc.wantAnswer != nil { + t.Errorf("%v an answer, but got none", errorMsgPrefix) + continue + } + if tc.wantAnswer == nil { + if len(w.Msg.Answer) > 0 { + t.Errorf("%v no answer, but got %v", errorMsgPrefix, w.Msg.Answer[0]) + } + continue + } + if w.Msg.Answer[0].Header().Ttl != 0 { + t.Errorf("%v TTL to be 0, but got %v", errorMsgPrefix, w.Msg.Answer[0].Header().Ttl) + } + if w.Msg.Answer[0].Header().Name != tc.qname { + t.Errorf("%v Name to be %s, but got %s", errorMsgPrefix, tc.qname, w.Msg.Answer[0].Header().Name) + } + if w.Msg.Answer[0].Header().Rrtype != tc.qtype { + t.Errorf("%v Type to be %d, but got %d", errorMsgPrefix, tc.qtype, w.Msg.Answer[0].Header().Rrtype) + } + if w.Msg.Answer[0].Header().Ttl != tc.wantTTL { + t.Errorf("%v TTL to be %d, but got %d", errorMsgPrefix, tc.wantTTL, w.Msg.Answer[0].Header().Ttl) + } + switch tc.qtype { + case dns.TypeA: + if w.Msg.Answer[0].(*dns.A).A.String() != tc.wantAnswer[0] { + t.Errorf("%v answer %s, but got %s", errorMsgPrefix, tc.wantAnswer[0], w.Msg.Answer[0].(*dns.A).A.String()) + } + } + } +}