Skip to content

Commit

Permalink
Proper EDNS0 (non)support (#188)
Browse files Browse the repository at this point in the history
* Proper EDNS0 (non)support

* Add changelog entry

* Add EDNS0 tests
  • Loading branch information
joohoi authored Oct 18, 2019
1 parent 5b1e515 commit af542b4
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 27 deletions.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,9 @@ use for the renewal.

## Changelog

- v0.8
- Changed
- Fixed: EDNS0 support
- v0.7.2
- Changed
- Fixed: Regression error of not being able to answer to incoming random-case requests.
Expand Down
25 changes: 18 additions & 7 deletions dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,24 @@ func (d *DNSServer) handleRequest(w dns.ResponseWriter, r *dns.Msg) {
m := new(dns.Msg)
m.SetReply(r)

if r.Opcode == dns.OpcodeQuery {
d.readQuery(m)
// handle edns0
opt := r.IsEdns0()
if opt != nil {
if opt.Version() != 0 {
// Only EDNS0 is standardized
m.MsgHdr.Rcode = dns.RcodeBadVers
m.SetEdns0(512, false)
} else {
// We can safely do this as we know that we're not setting other OPT RRs within acme-dns.
m.SetEdns0(512, false)
if r.Opcode == dns.OpcodeQuery {
d.readQuery(m)
}
}
} else {
if r.Opcode == dns.OpcodeQuery {
d.readQuery(m)
}
}
w.WriteMsg(m)
}
Expand All @@ -107,7 +123,6 @@ func (d *DNSServer) readQuery(m *dns.Msg) {
m.Ns = append(m.Ns, d.SOA)
}
}

}

func (d *DNSServer) getRecord(q dns.Question) ([]dns.RR, error) {
Expand Down Expand Up @@ -169,10 +184,6 @@ func (d *DNSServer) answer(q dns.Question) ([]dns.RR, int, bool, error) {
// Make sure that we return NOERROR if there were dynamic records for the domain
rcode = dns.RcodeSuccess
}
// Handle EDNS (no support at the moment)
if q.Qtype == dns.TypeOPT {
return []dns.RR{}, dns.RcodeFormatError, authoritative, nil
}
log.WithFields(log.Fields{"qtype": dns.TypeToString[q.Qtype], "domain": q.Name, "rcode": dns.RcodeToString[rcode]}).Debug("Answering question for domain")
return r, rcode, authoritative, nil
}
Expand Down
80 changes: 60 additions & 20 deletions dns_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,48 @@ func TestResolveA(t *testing.T) {
func TestEDNS(t *testing.T) {
resolv := resolver{server: "127.0.0.1:15353"}
answer, _ := resolv.lookup("auth.example.org", dns.TypeOPT)
if answer.Rcode != dns.RcodeFormatError {
t.Errorf("Was expecing FORMERR rcode for OPT query, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
if answer.Rcode != dns.RcodeSuccess {
t.Errorf("Was expecing NOERROR rcode for OPT query, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
}
}

func TestEDNSA(t *testing.T) {
msg := new(dns.Msg)
msg.Id = dns.Id()
msg.Question = make([]dns.Question, 1)
msg.Question[0] = dns.Question{Name: dns.Fqdn("auth.example.org"), Qtype: dns.TypeA, Qclass: dns.ClassINET}
// Set EDNS0 with DO=1
msg.SetEdns0(512, true)
in, err := dns.Exchange(msg, "127.0.0.1:15353")
if err != nil {
t.Errorf("Error querying the server [%v]", err)
}
if in != nil && in.Rcode != dns.RcodeSuccess {
t.Errorf("Received error from the server [%s]", dns.RcodeToString[in.Rcode])
}
opt := in.IsEdns0()
if opt == nil {
t.Errorf("Should have got OPT back")
}
}

func TestEDNSBADVERS(t *testing.T) {
msg := new(dns.Msg)
msg.Id = dns.Id()
msg.Question = make([]dns.Question, 1)
msg.Question[0] = dns.Question{Name: dns.Fqdn("auth.example.org"), Qtype: dns.TypeA, Qclass: dns.ClassINET}
// Set EDNS0 with version 1
o := new(dns.OPT)
o.SetVersion(1)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
msg.Extra = append(msg.Extra, o)
in, err := dns.Exchange(msg, "127.0.0.1:15353")
if err != nil {
t.Errorf("Error querying the server [%v]", err)
}
if in != nil && in.Rcode != dns.RcodeBadVers {
t.Errorf("Received unexpected rcode from the server [%s]", dns.RcodeToString[in.Rcode])
}
}

Expand Down Expand Up @@ -220,25 +260,25 @@ func TestResolveTXT(t *testing.T) {
}

func TestCaseInsensitiveResolveA(t *testing.T) {
resolv := resolver{server: "127.0.0.1:15353"}
answer, err := resolv.lookup("aUtH.eXAmpLe.org", dns.TypeA)
if err != nil {
t.Errorf("%v", err)
}

if len(answer.Answer) == 0 {
t.Error("No answer for DNS query")
}
resolv := resolver{server: "127.0.0.1:15353"}
answer, err := resolv.lookup("aUtH.eXAmpLe.org", dns.TypeA)
if err != nil {
t.Errorf("%v", err)
}

if len(answer.Answer) == 0 {
t.Error("No answer for DNS query")
}
}

func TestCaseInsensitiveResolveSOA(t *testing.T) {
resolv := resolver{server: "127.0.0.1:15353"}
answer, _ := resolv.lookup("doesnotexist.aUtH.eXAmpLe.org", dns.TypeSOA)
if answer.Rcode != dns.RcodeNameError {
t.Errorf("Was expecing NXDOMAIN rcode, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
}

if len(answer.Ns) == 0 {
t.Error("No SOA answer for DNS query")
}
resolv := resolver{server: "127.0.0.1:15353"}
answer, _ := resolv.lookup("doesnotexist.aUtH.eXAmpLe.org", dns.TypeSOA)
if answer.Rcode != dns.RcodeNameError {
t.Errorf("Was expecing NXDOMAIN rcode, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
}

if len(answer.Ns) == 0 {
t.Error("No SOA answer for DNS query")
}
}

0 comments on commit af542b4

Please sign in to comment.