handle forward lookup condition with next plugin responding success, and more tests
This commit is contained in:
parent
205a7331b1
commit
b7eab281fb
119
synthetic.go
119
synthetic.go
@ -26,61 +26,27 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
|
|||||||
|
|
||||||
// Create a new state for this request. This is used to store state and allows us to pass this
|
// Create a new state for this request. This is used to store state and allows us to pass this
|
||||||
state := request.Request{W: w, Req: r}
|
state := request.Request{W: w, Req: r}
|
||||||
log.Debug("Received request for ", state.QName(), " of type ", state.QType())
|
log.Info("Received request for ", state.QName(), " of type ", state.QType())
|
||||||
|
|
||||||
// Continue to the next plugin in the chain, and record the response.
|
|
||||||
rec := dnstest.NewRecorder(&test.ResponseWriter{})
|
|
||||||
rc, err := plugin.NextOrFailure(s.Name(), s.Next, ctx, rec, r)
|
|
||||||
|
|
||||||
log.Debug("Next plugin in chain responded with rcode ",
|
|
||||||
rc,
|
|
||||||
" and ",
|
|
||||||
len(r.Answer),
|
|
||||||
" answer(s) for ",
|
|
||||||
state.QName(),
|
|
||||||
)
|
|
||||||
|
|
||||||
// If the next plugin in the chain's recorded response is success, we go with that.
|
|
||||||
if rc == dns.RcodeSuccess && len(rec.Msg.Answer) > 0 {
|
|
||||||
log.Info("Next Plugin's answers are acceptable")
|
|
||||||
w.WriteMsg(rec.Msg)
|
|
||||||
return rc, err
|
|
||||||
}
|
|
||||||
log.Debug("Injecting Synthetic response")
|
|
||||||
|
|
||||||
switch state.QType() {
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// Handle AAAA and A requests (Forward Lookup)
|
// FOR FORWARD LOOKUPS
|
||||||
// Note: on the forward lookup, we're guaranteed to have a match on the domain name
|
// we always respond directly (no need to continue the plugin chain)
|
||||||
|
// need valid networks to check against
|
||||||
//
|
//
|
||||||
case dns.TypeA, dns.TypeAAAA:
|
if state.QType() == dns.TypeA || state.QType() == dns.TypeAAAA {
|
||||||
|
if strings.HasPrefix(state.Name(), s.Config.prefix) {
|
||||||
|
log.Info("Possible synthetic response for:", state.QName())
|
||||||
|
|
||||||
// only continue if the first label starts with the prefix (fall back to recorded response)
|
// pull out the ip address
|
||||||
if !strings.HasPrefix(state.Name(), s.Config.prefix) {
|
ipStr := strings.TrimPrefix(strings.Split(state.Name(), ".")[0], s.Config.prefix)
|
||||||
w.WriteMsg(rec.Msg)
|
|
||||||
return rc, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// parse first dns label (now we have: "<prefix><ip>")
|
|
||||||
firstLabel := strings.Split(state.Name(), ".")[0]
|
|
||||||
|
|
||||||
// trim the prefix (now we have: "<ip>")
|
|
||||||
ipStr := strings.TrimPrefix(firstLabel, s.Config.prefix)
|
|
||||||
|
|
||||||
// attempt to parse as IPv6 or IPv4
|
|
||||||
ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", "."))
|
ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", "."))
|
||||||
if ip == nil {
|
if ip == nil {
|
||||||
ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":"))
|
ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":"))
|
||||||
}
|
}
|
||||||
log.Debug(state.Name(), " parsed to ", ip)
|
|
||||||
|
|
||||||
// don't continue if we couldn't parse the IP (fall back to recorded responses)
|
// respond according to the IP type and the request type
|
||||||
if ip == nil {
|
if ip != nil {
|
||||||
log.Debug("Failed to parse IP from: ", state.QName())
|
log.Info("Valid IP from hostname:", ip)
|
||||||
w.WriteMsg(rec.Msg)
|
|
||||||
return rc, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if ip is within the synthetic network
|
// check if ip is within the synthetic network
|
||||||
var found bool
|
var found bool
|
||||||
@ -91,15 +57,11 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// don't continue if the IP is not in the synthetic network (fall back to recorded response)
|
// don't continue if the IP is not in the synthetic network (fall back to recorded response)
|
||||||
if !found {
|
if found {
|
||||||
log.Debug("IP ", ip, " not found in synthetic network")
|
log.Info("IP ", ip, " is in synthetic network")
|
||||||
w.WriteMsg(rec.Msg)
|
|
||||||
return rc, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// handle AAAA requests with IPv6 address
|
|
||||||
if ip.To4() == nil && state.QType() == dns.TypeAAAA {
|
if ip.To4() == nil && state.QType() == dns.TypeAAAA {
|
||||||
log.Debug("Responding to AAAA request for ", state.QName())
|
log.Info("Responding to AAAA request for ", state.QName())
|
||||||
m := new(dns.Msg)
|
m := new(dns.Msg)
|
||||||
m.SetReply(r)
|
m.SetReply(r)
|
||||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||||
@ -107,10 +69,8 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
|
|||||||
w.WriteMsg(m)
|
w.WriteMsg(m)
|
||||||
return dns.RcodeSuccess, nil
|
return dns.RcodeSuccess, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// handle A requests with IPv4 address
|
|
||||||
if ip.To4() != nil && state.QType() == dns.TypeA {
|
if ip.To4() != nil && state.QType() == dns.TypeA {
|
||||||
log.Debug("Responding to A request for ", state.QName())
|
log.Info("Responding to A request for ", state.QName())
|
||||||
m := new(dns.Msg)
|
m := new(dns.Msg)
|
||||||
m.SetReply(r)
|
m.SetReply(r)
|
||||||
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
|
||||||
@ -118,45 +78,52 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
|
|||||||
w.WriteMsg(m)
|
w.WriteMsg(m)
|
||||||
return dns.RcodeSuccess, nil
|
return dns.RcodeSuccess, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// handle A requests with IPv6 address (respond with empty answer and NOERROR)
|
|
||||||
if ip.To4() == nil && state.QType() == dns.TypeA {
|
if ip.To4() == nil && state.QType() == dns.TypeA {
|
||||||
log.Debug("Responding to A request for ", state.QName(), " with empty answer")
|
log.Info("Responding to A request for ", state.QName(), " with empty answer")
|
||||||
m := new(dns.Msg)
|
m := new(dns.Msg)
|
||||||
m.SetReply(r)
|
m.SetReply(r)
|
||||||
w.WriteMsg(m)
|
w.WriteMsg(m)
|
||||||
return dns.RcodeSuccess, nil
|
return dns.RcodeSuccess, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// handle AAAA requests with IPv4 address (respond with empty answer and NOERROR)
|
|
||||||
if ip.To4() != nil && state.QType() == dns.TypeAAAA {
|
if ip.To4() != nil && state.QType() == dns.TypeAAAA {
|
||||||
log.Debug("Responding to AAAA request for ", state.QName(), " with empty answer")
|
log.Info("Responding to AAAA request for ", state.QName(), " with empty answer")
|
||||||
m := new(dns.Msg)
|
m := new(dns.Msg)
|
||||||
m.SetReply(r)
|
m.SetReply(r)
|
||||||
w.WriteMsg(m)
|
w.WriteMsg(m)
|
||||||
return dns.RcodeSuccess, nil
|
return dns.RcodeSuccess, nil
|
||||||
}
|
}
|
||||||
|
log.Info("Unexpected code path for: ", state.QName())
|
||||||
// if we got here, we couldn't handle the request (fall back to recorded response)
|
}
|
||||||
log.Debug("Failed to handle request for ", state.QName())
|
log.Info("IP not in a valid network: ", ip)
|
||||||
w.WriteMsg(rec.Msg)
|
}
|
||||||
return rc, err
|
log.Info("Invalid IP from hostname: ", state.QName())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Handle PTR requests (Reverse Lookup)
|
// FOR REVERSE LOOKUPS
|
||||||
// Note: on the reverse lookup, we're guaranteed to have a match on the network based on the zone file
|
// must check next plugin in chain to see if it's a success (static reverse lookups override synthetic)
|
||||||
|
// no need to check valid networks (guaranteed to be in the synthetic network based on the coredns config)
|
||||||
//
|
//
|
||||||
case dns.TypePTR:
|
|
||||||
ip := inArpaToIp(state.QName())
|
|
||||||
log.Debug("Received PTR request. Parsed ", state.QName(), " to ", ip)
|
|
||||||
|
|
||||||
// don't continue if we couldn't parse the IP (fall back to recorded response)
|
// Continue to the next plugin in the chain, and record the response.
|
||||||
if ip == nil {
|
rec := dnstest.NewRecorder(&test.ResponseWriter{})
|
||||||
|
rc, err := plugin.NextOrFailure(s.Name(), s.Next, ctx, rec, r)
|
||||||
|
|
||||||
|
// If the next plugin in the chain's recorded response is success, we go with that.
|
||||||
|
if rc == dns.RcodeSuccess && len(rec.Msg.Answer) > 0 {
|
||||||
|
log.Info("Next Plugin's answers are acceptable. no synthetic response")
|
||||||
w.WriteMsg(rec.Msg)
|
w.WriteMsg(rec.Msg)
|
||||||
return rc, err
|
return rc, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// successful reverse lookup
|
if state.QType() == dns.TypePTR {
|
||||||
|
log.Info("Attempting to inject synthetic response for reverse lookup: ", state.QName())
|
||||||
|
|
||||||
|
ip := inArpaToIp(state.QName())
|
||||||
|
log.Info("Parsed IP: ", ip)
|
||||||
|
|
||||||
|
if ip != nil {
|
||||||
forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward)
|
forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward)
|
||||||
log.Debug("Responding to PTR request for ", state.QName(), " with ", forward)
|
log.Debug("Responding to PTR request for ", state.QName(), " with ", forward)
|
||||||
m := new(dns.Msg)
|
m := new(dns.Msg)
|
||||||
@ -165,7 +132,7 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
|
|||||||
m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward})
|
m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward})
|
||||||
w.WriteMsg(m)
|
w.WriteMsg(m)
|
||||||
return dns.RcodeSuccess, nil
|
return dns.RcodeSuccess, nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// if we got here, we couldn't handle the request (fall back to recorded response)
|
// if we got here, we couldn't handle the request (fall back to recorded response)
|
||||||
|
@ -7,11 +7,10 @@ import (
|
|||||||
"github.com/coredns/coredns/plugin/test"
|
"github.com/coredns/coredns/plugin/test"
|
||||||
"github.com/miekg/dns"
|
"github.com/miekg/dns"
|
||||||
"net"
|
"net"
|
||||||
|
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
// todo:
|
|
||||||
// 1. A lookup for v6 address
|
|
||||||
func TestServeDNSv4(t *testing.T) {
|
func TestServeDNSv4(t *testing.T) {
|
||||||
ip, ipNet, err := net.ParseCIDR("192.0.2.0/24")
|
ip, ipNet, err := net.ParseCIDR("192.0.2.0/24")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -121,8 +120,6 @@ func TestServeDNSv4(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// todo:
|
|
||||||
// 2. AAAA lookup for v4 address
|
|
||||||
func TestServeDNSv6(t *testing.T) {
|
func TestServeDNSv6(t *testing.T) {
|
||||||
ip, ipNet, err := net.ParseCIDR("2001:db8:abcd::/48")
|
ip, ipNet, err := net.ParseCIDR("2001:db8:abcd::/48")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -229,3 +226,154 @@ func TestServeDNSv6(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// MockSuccessPlugin is a mock plugin that always responds with a successful DNS response.
|
||||||
|
type MockSuccessPlugin struct{}
|
||||||
|
|
||||||
|
// Name returns the plugin name.
|
||||||
|
func (m MockSuccessPlugin) Name() string { return "mock" }
|
||||||
|
|
||||||
|
// ServeDNS simulates a successful DNS response.
|
||||||
|
func (m MockSuccessPlugin) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
|
||||||
|
m1 := new(dns.Msg)
|
||||||
|
m1.SetReply(r)
|
||||||
|
hdr := dns.RR_Header{Name: r.Question[0].Name, Rrtype: r.Question[0].Qtype, Class: r.Question[0].Qclass, Ttl: 0}
|
||||||
|
switch r.Question[0].Qtype {
|
||||||
|
case dns.TypeA:
|
||||||
|
m1.Answer = append(m1.Answer, &dns.A{Hdr: hdr, A: net.ParseIP("192.0.2.100")})
|
||||||
|
case dns.TypeAAAA:
|
||||||
|
m1.Answer = append(m1.Answer, &dns.AAAA{Hdr: hdr, AAAA: net.ParseIP("2001:db8::100")})
|
||||||
|
}
|
||||||
|
w.WriteMsg(m1)
|
||||||
|
return dns.RcodeSuccess, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServeDNSNextPluginRespondsSuccess(t *testing.T) {
|
||||||
|
ip, ipNet, err := net.ParseCIDR("192.0.2.0/24")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
ip6, ipNet6, err := net.ParseCIDR("2001:db8:abcd::/48")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
s := synthetic{
|
||||||
|
Next: MockSuccessPlugin{},
|
||||||
|
Config: syntheticConfig{
|
||||||
|
net: []*net.IPNet{{IP: ip, Mask: ipNet.Mask}, {IP: ip6, Mask: ipNet6.Mask}},
|
||||||
|
forward: "example.com",
|
||||||
|
prefix: "ip-",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
qname string
|
||||||
|
qtype uint16
|
||||||
|
wantrcode int
|
||||||
|
wantAnswer []string
|
||||||
|
wantTTL uint32
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
qname: "ip-192-0-2-1.example.com",
|
||||||
|
qtype: dns.TypeA,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: []string{"192.0.2.1"},
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "foobar.example.com",
|
||||||
|
qtype: dns.TypeA,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: []string{"192.0.2.100"},
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "ip-2001-db8-abcd--1.example.com",
|
||||||
|
qtype: dns.TypeAAAA,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: []string{"2001:db8:abcd::1"},
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "foobar.example.com",
|
||||||
|
qtype: dns.TypeAAAA,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: []string{"2001:db8:abcd::100"},
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "ip-2001-db8-abcd--1.example.com",
|
||||||
|
qtype: dns.TypeA,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: nil,
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "ip-192-0-2-1.example.com",
|
||||||
|
qtype: dns.TypeAAAA,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: nil,
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "3.2.1.f.e.d.c.b.a.0.9.8.7.6.5.4.4.3.2.1.d.c.b.a.8.b.d.0.1.0.0.2.ip6.arpa.",
|
||||||
|
qtype: dns.TypePTR,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: []string{"ip6-2001-db8-abcd-1234-4567-890a-bcde-f123.example.com."},
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
qname: "123.2.0.192.in-addr.arpa.",
|
||||||
|
qtype: dns.TypePTR,
|
||||||
|
wantrcode: dns.RcodeSuccess,
|
||||||
|
wantAnswer: []string{"ip-192-0-2-123.example.com."},
|
||||||
|
wantTTL: 0,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, tc := range testCases {
|
||||||
|
errorMsgPrefix := fmt.Sprintf("Test case %v for '%v' failed. Expected", i, tc.qname)
|
||||||
|
ctx := context.TODO()
|
||||||
|
w := dnstest.NewRecorder(&test.ResponseWriter{})
|
||||||
|
r := new(dns.Msg)
|
||||||
|
r.SetQuestion(tc.qname, tc.qtype)
|
||||||
|
|
||||||
|
rc, err := s.ServeDNS(ctx, w, r)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("%v no error, but got %v", errorMsgPrefix, err)
|
||||||
|
}
|
||||||
|
if rc != tc.wantrcode {
|
||||||
|
t.Errorf("%v rcode %v, but got %v", errorMsgPrefix, tc.wantrcode, rc)
|
||||||
|
}
|
||||||
|
if len(w.Msg.Answer) == 0 && tc.wantAnswer != nil {
|
||||||
|
t.Errorf("%v an answer, but got none", errorMsgPrefix)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if tc.wantAnswer == nil {
|
||||||
|
if len(w.Msg.Answer) > 0 {
|
||||||
|
t.Errorf("%v no answer, but got %v", errorMsgPrefix, w.Msg.Answer[0])
|
||||||
|
}
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if w.Msg.Answer[0].Header().Ttl != 0 {
|
||||||
|
t.Errorf("%v TTL to be 0, but got %v", errorMsgPrefix, w.Msg.Answer[0].Header().Ttl)
|
||||||
|
}
|
||||||
|
if w.Msg.Answer[0].Header().Name != tc.qname {
|
||||||
|
t.Errorf("%v Name to be %s, but got %s", errorMsgPrefix, tc.qname, w.Msg.Answer[0].Header().Name)
|
||||||
|
}
|
||||||
|
if w.Msg.Answer[0].Header().Rrtype != tc.qtype {
|
||||||
|
t.Errorf("%v Type to be %d, but got %d", errorMsgPrefix, tc.qtype, w.Msg.Answer[0].Header().Rrtype)
|
||||||
|
}
|
||||||
|
if w.Msg.Answer[0].Header().Ttl != tc.wantTTL {
|
||||||
|
t.Errorf("%v TTL to be %d, but got %d", errorMsgPrefix, tc.wantTTL, w.Msg.Answer[0].Header().Ttl)
|
||||||
|
}
|
||||||
|
switch tc.qtype {
|
||||||
|
case dns.TypeA:
|
||||||
|
if w.Msg.Answer[0].(*dns.A).A.String() != tc.wantAnswer[0] {
|
||||||
|
t.Errorf("%v answer %s, but got %s", errorMsgPrefix, tc.wantAnswer[0], w.Msg.Answer[0].(*dns.A).A.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user