dns/synthetic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eabac20beb
synthetic/synthetic.go
Donavan Fritz eabac20beb updates
2024-02-21 15:47:00 -08:00

202 lines
6.0 KiB
Go
Raw Blame History

package synthetic
import (
"context"
"encoding/hex"
"github.com/coredns/coredns/plugin"
"github.com/coredns/coredns/plugin/pkg/dnstest"
clog "github.com/coredns/coredns/plugin/pkg/log"
"github.com/coredns/coredns/plugin/test"
"github.com/coredns/coredns/request"
"github.com/miekg/dns"
"net"
"strings"
)
var log = clog.NewWithPlugin("synthetic")
func (s synthetic) Name() string { return "synthetic" }
type synthetic struct {
Next plugin.Handler
Config syntheticConfig
}
func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
// Create a new state for this request. This is used to store state and allows us to pass this
state := request.Request{W: w, Req: r}
log.Debug("Received request for ", state.QName(), " of type ", state.QType())
//
// FOR FORWARD LOOKUPS
// we always respond directly (no need to continue the plugin chain)
// need valid networks to check against
//
if state.QType() == dns.TypeA || state.QType() == dns.TypeAAAA {
if strings.HasPrefix(state.Name(), s.Config.prefix) {
log.Debug("Possible synthetic response for:", state.QName())
// pull out the ip address
ipStr := strings.TrimPrefix(strings.Split(state.Name(), ".")[0], s.Config.prefix)
ip := net.ParseIP(strings.ReplaceAll(ipStr, "-", "."))
if ip == nil {
ip = net.ParseIP(strings.ReplaceAll(ipStr, "-", ":"))
}
// respond according to the IP type and the request type
if ip != nil {
log.Debug("Valid IP from hostname:", ip)
// check if ip is within the synthetic network
var found bool
for _, n := range s.Config.net {
if n.Contains(ip) {
found = true
break
}
}
// don't continue if the IP is not in the synthetic network (fall back to recorded response)
if found {
log.Debug("IP ", ip, " is in synthetic network")
if ip.To4() == nil && state.QType() == dns.TypeAAAA {
log.Debug("Responding to AAAA request for ", state.QName())
m := new(dns.Msg)
m.SetReply(r)
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
m.Answer = append(m.Answer, &dns.AAAA{Hdr: hdr, AAAA: ip.To16()})
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
if ip.To4() != nil && state.QType() == dns.TypeA {
log.Debug("Responding to A request for ", state.QName())
m := new(dns.Msg)
m.SetReply(r)
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
m.Answer = append(m.Answer, &dns.A{Hdr: hdr, A: ip.To4()})
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
if ip.To4() == nil && state.QType() == dns.TypeA {
log.Debug("Responding to A request for ", state.QName(), " with empty answer")
m := new(dns.Msg)
m.SetReply(r)
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
if ip.To4() != nil && state.QType() == dns.TypeAAAA {
log.Debug("Responding to AAAA request for ", state.QName(), " with empty answer")
m := new(dns.Msg)
m.SetReply(r)
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
log.Debug("Unexpected code path for: ", state.QName())
}
log.Debug("IP not in a valid network: ", ip)
}
log.Debug("Invalid IP from hostname: ", state.QName())
}
}
//
// FOR REVERSE LOOKUPS
// must check next plugin in chain to see if it's a success (static reverse lookups override synthetic)
// no need to check valid networks (guaranteed to be in the synthetic network based on the coredns config)
//
// Continue to the next plugin in the chain, and record the response.
rec := dnstest.NewRecorder(&test.ResponseWriter{})
rc, err := plugin.NextOrFailure(s.Name(), s.Next, ctx, rec, r)
// If the next plugin in the chain's recorded response is success, we go with that.
if rc == dns.RcodeSuccess && len(rec.Msg.Answer) > 0 {
log.Debug("Next Plugin's answers are acceptable. no synthetic response")
w.WriteMsg(rec.Msg)
return rc, err
}
if state.QType() == dns.TypePTR {
log.Debug("Attempting to inject synthetic response for reverse lookup: ", state.QName())
ip := inArpaToIp(state.QName())
log.Debug("Parsed IP: ", ip)
if ip != nil {
forward := ipToDomainName(s.Config.prefix, ip, s.Config.forward)
log.Debug("Responding to PTR request for ", state.QName(), " with ", forward)
m := new(dns.Msg)
m.SetReply(r)
hdr := dns.RR_Header{Name: state.QName(), Rrtype: state.QType(), Class: state.QClass(), Ttl: s.Config.ttl}
m.Answer = append(m.Answer, &dns.PTR{Hdr: hdr, Ptr: forward})
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
}
// if we got here, we couldn't handle the request (fall back to recorded response)
log.Debug("synthetic plugin not needed for ", state.QName(), " of type ", state.QType())
w.WriteMsg(rec.Msg)
return rc, err
}
func inArpaToIp(name string) net.IP {
ipv4Suffix := ".in-addr.arpa."
ipv6Suffix := ".ip6.arpa."
if idx := strings.Index(name, ipv4Suffix); idx > 6 {
name = name[:idx]
parts := strings.Split(name, ".")
if len(parts) != 4 {
return nil
}
name = parts[3] + "." + parts[2] + "." + parts[1] + "." + parts[0]
return net.ParseIP(name)
}
if len(name) == 73 && name[63:] == ipv6Suffix {
// we can rely on the fact that v6 reverse hostnames have a fixed length
// read the characters from the hostname into a buffer in reverse
v6chars := make([]byte, 32)
for i, j := 62, 0; i >= 0; i -= 2 {
v6chars[j] = name[i]
j++
}
// decode the characters in the buffer into 16 bytes and return it
v6bytes := make([]byte, 16)
if _, err := hex.Decode(v6bytes, v6chars); err != nil {
return nil
}
return v6bytes
}
return nil
}
func ipToDomainName(prefix string, ip net.IP, zone string) string {
if ip == nil {
return ""
}
if !strings.HasPrefix(zone, ".") {
zone = "." + zone
}
if !strings.HasSuffix(zone, ".") {
zone = zone + "."
}
sep := ":"
if ip.To4() != nil {
sep = "."
}
response := strings.Join(strings.Split(ip.String(), sep), "-")
return prefix + response + zone
}
Reference in New Issue View Git Blame Copy Permalink