dnsforward: respond with nxdomain

heyxkhoa · Apr 8, 2021 · 4b2b914 · 4b2b914
1 parent 8146674
commit 4b2b914
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 13 deletions.
diff --git a/internal/dnsforward/dns.go b/internal/dnsforward/dns.go
@@ -256,15 +256,17 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
 
 	d := dctx.proxyCtx
 	if !dctx.isLocalClient {
-		log.Debug("dns: %q requests for internal host", d.Addr.String())
-		d.Res = s.makeResponse(req)
+		log.Debug("dns: %q requests for internal host", d.Addr)
+		d.Res = s.genNXDomain(req)
 
 		// Do not even put into query log.
 		return resultCodeFinish
 	}
 
 	ip, ok := s.hostToIP(host)
 	if !ok {
+		// TODO(e.burkov): Inspect special cases when user want to apply
+		// some rules handled by other processors to the hosts with TLD.
 		d.Res = s.genNXDomain(req)
 
 		return resultCodeFinish
@@ -285,8 +287,8 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
 	return resultCodeSuccess
 }
 
-// processRestrictLocal responds with empty answers to PTR requests for IP
-// addresses in locally-served network from external clients.
+// processRestrictLocal responds with NXDOMAIN to PTR requests for IP addresses
+// in locally-served network from external clients.
 func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {
 	d := ctx.proxyCtx
 	req := d.Req
@@ -310,7 +312,7 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {
 	if s.subnetDetector.IsLocallyServedNetwork(ip) {
 		if !ctx.isLocalClient {
 			log.Debug("dns: %q requests for internal ip", d.Addr.String())
-			d.Res = s.makeResponse(req)
+			d.Res = s.genNXDomain(req)
 
 			// Do not even put into query log.
 			return resultCodeFinish

diff --git a/internal/dnsforward/dns_test.go b/internal/dnsforward/dns_test.go
@@ -110,19 +110,22 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
 			dctx := &dnsContext{
 				proxyCtx: &proxy.DNSContext{
 					Req: req,
-					// Just to avoid SIGSEGV.
-					Addr: &net.TCPAddr{},
 				},
 				isLocalClient: tc.isLocalCli,
 			}
 
 			res := s.processInternalHosts(dctx)
-			assert.Equal(t, tc.wantRes, res)
+			require.Equal(t, tc.wantRes, res)
+			pctx := dctx.proxyCtx
 			if tc.wantRes == resultCodeFinish {
+				require.NotNil(t, pctx.Res)
+
+				assert.Equal(t, dns.RcodeNameError, pctx.Res.Rcode)
+				assert.Len(t, pctx.Res.Answer, 0)
+
 				return
 			}
 
-			pctx := dctx.proxyCtx
 			if tc.wantIP == nil {
 				assert.Nil(t, pctx.Res)
 			} else {
@@ -138,6 +141,11 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
 }
 
 func TestServer_ProcessInternalHosts(t *testing.T) {
+	const (
+		examplecom = "example.com"
+		examplelan = "example.lan"
+	)
+
 	knownIP := net.IP{1, 2, 3, 4}
 	testCases := []struct {
 		name    string
@@ -148,21 +156,21 @@ func TestServer_ProcessInternalHosts(t *testing.T) {
 		qtyp    uint16
 	}{{
 		name:    "success_external",
-		host:    "example.com",
+		host:    examplecom,
 		suffix:  defaultAutohostSuffix,
 		wantIP:  nil,
 		wantRes: resultCodeSuccess,
 		qtyp:    dns.TypeA,
 	}, {
 		name:    "success_external_non_a",
-		host:    "example.com",
+		host:    examplecom,
 		suffix:  defaultAutohostSuffix,
 		wantIP:  nil,
 		wantRes: resultCodeSuccess,
 		qtyp:    dns.TypeCNAME,
 	}, {
 		name:    "success_internal",
-		host:    "example.lan",
+		host:    examplelan,
 		suffix:  defaultAutohostSuffix,
 		wantIP:  knownIP,
 		wantRes: resultCodeSuccess,
@@ -176,7 +184,7 @@ func TestServer_ProcessInternalHosts(t *testing.T) {
 		qtyp:    dns.TypeA,
 	}, {
 		name:    "success_internal_aaaa",
-		host:    "example.lan",
+		host:    examplelan,
 		suffix:  defaultAutohostSuffix,
 		wantIP:  nil,
 		wantRes: resultCodeSuccess,