handle forward lookup condition with next plugin responding success, and more tests
This commit is contained in:
Donavan Fritz
+92
-125
@@ -26,146 +26,113 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
|
||||
|
||||
// Create a new state for this request. This is used to store state and allows us to pass this
|
||||
state := request.Request{W: w, Req: r}
|
||||
log.Debug("Received request for ", state.QName(), " of type ", state.QType())
|
||||
log.Info("Received request for ", state.QName(), " of type ", state.QType())
|
||||
|
||||
//
|
||||
// FOR FORWARD LOOKUPS
|
||||
// we always respond directly (no need to continue the plugin chain)
|
||||
// need valid networks to check against
|
||||
//
|
||||
if state.QType() == dns.TypeA || state.QType() == dns.TypeAAAA {
|
||||
if strings.HasPrefix(state.Name(), s.Config.prefix) {
|
||||
log.Info("Possible synthetic response for:", state.QName())
|
||||
|
||||
// pull out the ip address
|
||||
ipStr := strings.TrimPrefix(strings.Split(state.Name(), ".")[0], s.Config.prefix)
|
||||
ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", "."))
|
||||
if ip == nil {
|
||||
ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":"))
|
||||
}
|
||||
|
||||
// respond according to the IP type and the request type
|
||||
if ip != nil {
|
||||
log.Info("Valid IP from hostname:", ip)
|
||||
|
||||
// check if ip is within the synthetic network
|
||||
var found bool
|
||||
for _, n := range s.Config.net {
|
||||
if n.Contains(ip) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
// don't continue if the IP is not in the synthetic network (fall back to recorded response)
|
||||
if found {
|
||||
log.Info("IP ", ip, " is in synthetic network")
|
||||
|
||||
if ip.To4() == nil && state.QType() == dns.TypeAAAA {
|
||||
log.Info("Responding to AAAA request for ", state.QName())
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||
m.Answer = append(m.Answer, &dns.AAAA{Hdr: hdr, AAAA: ip.To16()})
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
if ip.To4() != nil && state.QType() == dns.TypeA {
|
||||
log.Info("Responding to A request for ", state.QName())
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||
m.Answer = append(m.Answer, &dns.A{Hdr: hdr, A: ip.To4()})
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
if ip.To4() == nil && state.QType() == dns.TypeA {
|
||||
log.Info("Responding to A request for ", state.QName(), " with empty answer")
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
if ip.To4() != nil && state.QType() == dns.TypeAAAA {
|
||||
log.Info("Responding to AAAA request for ", state.QName(), " with empty answer")
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
log.Info("Unexpected code path for: ", state.QName())
|
||||
}
|
||||
log.Info("IP not in a valid network: ", ip)
|
||||
}
|
||||
log.Info("Invalid IP from hostname: ", state.QName())
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// FOR REVERSE LOOKUPS
|
||||
// must check next plugin in chain to see if it's a success (static reverse lookups override synthetic)
|
||||
// no need to check valid networks (guaranteed to be in the synthetic network based on the coredns config)
|
||||
//
|
||||
|
||||
// Continue to the next plugin in the chain, and record the response.
|
||||
rec := dnstest.NewRecorder(&test.ResponseWriter{})
|
||||
rc, err := plugin.NextOrFailure(s.Name(), s.Next, ctx, rec, r)
|
||||
|
||||
log.Debug("Next plugin in chain responded with rcode ",
|
||||
rc,
|
||||
" and ",
|
||||
len(r.Answer),
|
||||
" answer(s) for ",
|
||||
state.QName(),
|
||||
)
|
||||
|
||||
// If the next plugin in the chain's recorded response is success, we go with that.
|
||||
if rc == dns.RcodeSuccess && len(rec.Msg.Answer) > 0 {
|
||||
log.Info("Next Plugin's answers are acceptable")
|
||||
log.Info("Next Plugin's answers are acceptable. no synthetic response")
|
||||
w.WriteMsg(rec.Msg)
|
||||
return rc, err
|
||||
}
|
||||
log.Debug("Injecting Synthetic response")
|
||||
|
||||
switch state.QType() {
|
||||
if state.QType() == dns.TypePTR {
|
||||
log.Info("Attempting to inject synthetic response for reverse lookup: ", state.QName())
|
||||
|
||||
//
|
||||
// Handle AAAA and A requests (Forward Lookup)
|
||||
// Note: on the forward lookup, we're guaranteed to have a match on the domain name
|
||||
//
|
||||
case dns.TypeA, dns.TypeAAAA:
|
||||
|
||||
// only continue if the first label starts with the prefix (fall back to recorded response)
|
||||
if !strings.HasPrefix(state.Name(), s.Config.prefix) {
|
||||
w.WriteMsg(rec.Msg)
|
||||
return rc, err
|
||||
}
|
||||
|
||||
// parse first dns label (now we have: "<prefix><ip>")
|
||||
firstLabel := strings.Split(state.Name(), ".")[0]
|
||||
|
||||
// trim the prefix (now we have: "<ip>")
|
||||
ipStr := strings.TrimPrefix(firstLabel, s.Config.prefix)
|
||||
|
||||
// attempt to parse as IPv6 or IPv4
|
||||
ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", "."))
|
||||
if ip == nil {
|
||||
ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":"))
|
||||
}
|
||||
log.Debug(state.Name(), " parsed to ", ip)
|
||||
|
||||
// don't continue if we couldn't parse the IP (fall back to recorded responses)
|
||||
if ip == nil {
|
||||
log.Debug("Failed to parse IP from: ", state.QName())
|
||||
w.WriteMsg(rec.Msg)
|
||||
return rc, err
|
||||
}
|
||||
|
||||
// check if ip is within the synthetic network
|
||||
var found bool
|
||||
for _, n := range s.Config.net {
|
||||
if n.Contains(ip) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
// don't continue if the IP is not in the synthetic network (fall back to recorded response)
|
||||
if !found {
|
||||
log.Debug("IP ", ip, " not found in synthetic network")
|
||||
w.WriteMsg(rec.Msg)
|
||||
return rc, err
|
||||
}
|
||||
|
||||
// handle AAAA requests with IPv6 address
|
||||
if ip.To4() == nil && state.QType() == dns.TypeAAAA {
|
||||
log.Debug("Responding to AAAA request for ", state.QName())
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||
m.Answer = append(m.Answer, &dns.AAAA{Hdr: hdr, AAAA: ip.To16()})
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
|
||||
// handle A requests with IPv4 address
|
||||
if ip.To4() != nil && state.QType() == dns.TypeA {
|
||||
log.Debug("Responding to A request for ", state.QName())
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||
m.Answer = append(m.Answer, &dns.A{Hdr: hdr, A: ip.To4()})
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
|
||||
// handle A requests with IPv6 address (respond with empty answer and NOERROR)
|
||||
if ip.To4() == nil && state.QType() == dns.TypeA {
|
||||
log.Debug("Responding to A request for ", state.QName(), " with empty answer")
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
|
||||
// handle AAAA requests with IPv4 address (respond with empty answer and NOERROR)
|
||||
if ip.To4() != nil && state.QType() == dns.TypeAAAA {
|
||||
log.Debug("Responding to AAAA request for ", state.QName(), " with empty answer")
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
|
||||
// if we got here, we couldn't handle the request (fall back to recorded response)
|
||||
log.Debug("Failed to handle request for ", state.QName())
|
||||
w.WriteMsg(rec.Msg)
|
||||
return rc, err
|
||||
|
||||
//
|
||||
// Handle PTR requests (Reverse Lookup)
|
||||
// Note: on the reverse lookup, we're guaranteed to have a match on the network based on the zone file
|
||||
//
|
||||
case dns.TypePTR:
|
||||
ip := inArpaToIp(state.QName())
|
||||
log.Debug("Received PTR request. Parsed ", state.QName(), " to ", ip)
|
||||
log.Info("Parsed IP: ", ip)
|
||||
|
||||
// don't continue if we couldn't parse the IP (fall back to recorded response)
|
||||
if ip == nil {
|
||||
w.WriteMsg(rec.Msg)
|
||||
return rc, err
|
||||
if ip != nil {
|
||||
forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward)
|
||||
log.Debug("Responding to PTR request for ", state.QName(), " with ", forward)
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||
m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward})
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
}
|
||||
|
||||
// successful reverse lookup
|
||||
forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward)
|
||||
log.Debug("Responding to PTR request for ", state.QName(), " with ", forward)
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||
m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward})
|
||||
w.WriteMsg(m)
|
||||
return dns.RcodeSuccess, nil
|
||||
|
||||
}
|
||||
|
||||
// if we got here, we couldn't handle the request (fall back to recorded response)
|
||||
|
||||
Reference in New Issue
Block a user