From 4b2b9140d3e2526a935216ba42faba9b86b9ef3f Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Thu, 8 Apr 2021 17:31:34 +0300 Subject: [PATCH] dnsforward: respond with nxdomain --- internal/dnsforward/dns.go | 12 +++++++----- internal/dnsforward/dns_test.go | 24 ++++++++++++++++-------- 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/internal/dnsforward/dns.go b/internal/dnsforward/dns.go index 9fb8a6fc8b2..65c94cbea84 100644 --- a/internal/dnsforward/dns.go +++ b/internal/dnsforward/dns.go @@ -256,8 +256,8 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) { d := dctx.proxyCtx if !dctx.isLocalClient { - log.Debug("dns: %q requests for internal host", d.Addr.String()) - d.Res = s.makeResponse(req) + log.Debug("dns: %q requests for internal host", d.Addr) + d.Res = s.genNXDomain(req) // Do not even put into query log. return resultCodeFinish @@ -265,6 +265,8 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) { ip, ok := s.hostToIP(host) if !ok { + // TODO(e.burkov): Inspect special cases when user want to apply + // some rules handled by other processors to the hosts with TLD. d.Res = s.genNXDomain(req) return resultCodeFinish @@ -285,8 +287,8 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) { return resultCodeSuccess } -// processRestrictLocal responds with empty answers to PTR requests for IP -// addresses in locally-served network from external clients. +// processRestrictLocal responds with NXDOMAIN to PTR requests for IP addresses +// in locally-served network from external clients. func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) { d := ctx.proxyCtx req := d.Req @@ -310,7 +312,7 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) { if s.subnetDetector.IsLocallyServedNetwork(ip) { if !ctx.isLocalClient { log.Debug("dns: %q requests for internal ip", d.Addr.String()) - d.Res = s.makeResponse(req) + d.Res = s.genNXDomain(req) // Do not even put into query log. return resultCodeFinish diff --git a/internal/dnsforward/dns_test.go b/internal/dnsforward/dns_test.go index defcd38cba3..4536295665d 100644 --- a/internal/dnsforward/dns_test.go +++ b/internal/dnsforward/dns_test.go @@ -110,19 +110,22 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) { dctx := &dnsContext{ proxyCtx: &proxy.DNSContext{ Req: req, - // Just to avoid SIGSEGV. - Addr: &net.TCPAddr{}, }, isLocalClient: tc.isLocalCli, } res := s.processInternalHosts(dctx) - assert.Equal(t, tc.wantRes, res) + require.Equal(t, tc.wantRes, res) + pctx := dctx.proxyCtx if tc.wantRes == resultCodeFinish { + require.NotNil(t, pctx.Res) + + assert.Equal(t, dns.RcodeNameError, pctx.Res.Rcode) + assert.Len(t, pctx.Res.Answer, 0) + return } - pctx := dctx.proxyCtx if tc.wantIP == nil { assert.Nil(t, pctx.Res) } else { @@ -138,6 +141,11 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) { } func TestServer_ProcessInternalHosts(t *testing.T) { + const ( + examplecom = "example.com" + examplelan = "example.lan" + ) + knownIP := net.IP{1, 2, 3, 4} testCases := []struct { name string @@ -148,21 +156,21 @@ func TestServer_ProcessInternalHosts(t *testing.T) { qtyp uint16 }{{ name: "success_external", - host: "example.com", + host: examplecom, suffix: defaultAutohostSuffix, wantIP: nil, wantRes: resultCodeSuccess, qtyp: dns.TypeA, }, { name: "success_external_non_a", - host: "example.com", + host: examplecom, suffix: defaultAutohostSuffix, wantIP: nil, wantRes: resultCodeSuccess, qtyp: dns.TypeCNAME, }, { name: "success_internal", - host: "example.lan", + host: examplelan, suffix: defaultAutohostSuffix, wantIP: knownIP, wantRes: resultCodeSuccess, @@ -176,7 +184,7 @@ func TestServer_ProcessInternalHosts(t *testing.T) { qtyp: dns.TypeA, }, { name: "success_internal_aaaa", - host: "example.lan", + host: examplelan, suffix: defaultAutohostSuffix, wantIP: nil, wantRes: resultCodeSuccess,