Skip to content

Commit

Permalink
When appending the SOA for authoritative NXDOMAIN responses, it needs…
Browse files Browse the repository at this point in the history
… to go in

the Authoritative section, not the Answer section.

This fixes the acme-dns validation for the lego Let's Encrypt client.
  • Loading branch information
cure committed Feb 6, 2019
1 parent 4f5fad0 commit aa44cc4
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ func (d *DNSServer) readQuery(m *dns.Msg) {
m.MsgHdr.Authoritative = authoritative
if authoritative {
if m.MsgHdr.Rcode == dns.RcodeNameError {
m.Answer = append(m.Answer, d.SOA)
m.Ns = append(m.Ns, d.SOA)
}
}

Expand Down
8 changes: 4 additions & 4 deletions dns_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,11 @@ func TestAuthoritative(t *testing.T) {
if answer.Rcode != dns.RcodeNameError {
t.Errorf("Was expecing NXDOMAIN rcode, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
}
if len(answer.Answer) != 1 {
t.Errorf("Was expecting exactly one answer (SOA) for invalid subdomain, but got %d", len(answer.Answer))
if len(answer.Ns) != 1 {
t.Errorf("Was expecting exactly one answer (SOA) for invalid subdomain, but got %d", len(answer.Ns))
}
if answer.Answer[0].Header().Rrtype != dns.TypeSOA {
t.Errorf("Was expecting SOA record as answer for NXDOMAIN but got [%s]", dns.TypeToString[answer.Answer[0].Header().Rrtype])
if answer.Ns[0].Header().Rrtype != dns.TypeSOA {
t.Errorf("Was expecting SOA record as answer for NXDOMAIN but got [%s]", dns.TypeToString[answer.Ns[0].Header().Rrtype])
}
if !answer.MsgHdr.Authoritative {
t.Errorf("Was expecting authoritative bit to be set")
Expand Down

0 comments on commit aa44cc4

Please sign in to comment.