2016-04-26 17:57:11 +01:00
|
|
|
package dnssec
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"time"
|
|
|
|
|
|
2017-09-14 09:36:06 +01:00
|
|
|
"github.com/coredns/coredns/plugin"
|
2017-02-21 22:51:47 -08:00
|
|
|
"github.com/coredns/coredns/request"
|
2016-09-07 11:10:16 +01:00
|
|
|
|
2016-04-26 17:57:11 +01:00
|
|
|
"github.com/miekg/dns"
|
|
|
|
|
)
|
|
|
|
|
|
2016-09-23 09:14:12 +01:00
|
|
|
// ResponseWriter sign the response on the fly.
|
2016-09-21 17:01:19 +01:00
|
|
|
type ResponseWriter struct {
|
2016-04-26 17:57:11 +01:00
|
|
|
dns.ResponseWriter
|
2018-04-27 19:37:31 +01:00
|
|
|
d Dnssec
|
|
|
|
|
server string // server label for metrics.
|
2016-04-26 17:57:11 +01:00
|
|
|
}
|
|
|
|
|
|
2016-09-23 09:14:12 +01:00
|
|
|
// WriteMsg implements the dns.ResponseWriter interface.
|
2016-09-21 17:01:19 +01:00
|
|
|
func (d *ResponseWriter) WriteMsg(res *dns.Msg) error {
|
2016-04-26 17:57:11 +01:00
|
|
|
// By definition we should sign anything that comes back, we should still figure out for
|
|
|
|
|
// which zone it should be.
|
2016-09-07 11:10:16 +01:00
|
|
|
state := request.Request{W: d.ResponseWriter, Req: res}
|
2016-04-26 17:57:11 +01:00
|
|
|
|
2017-10-20 09:22:02 +01:00
|
|
|
zone := plugin.Zones(d.d.zones).Matches(state.Name())
|
2016-04-26 17:57:11 +01:00
|
|
|
if zone == "" {
|
|
|
|
|
return d.ResponseWriter.WriteMsg(res)
|
|
|
|
|
}
|
2018-01-03 11:11:56 +00:00
|
|
|
state.Zone = zone
|
2016-04-26 17:57:11 +01:00
|
|
|
|
2018-08-29 12:26:22 +01:00
|
|
|
res = d.d.Sign(state, time.Now().UTC(), d.server)
|
|
|
|
|
cacheSize.WithLabelValues(d.server, "signature").Set(float64(d.d.cache.Len()))
|
|
|
|
|
// No need for EDNS0 trickery, as that is handled by the server.
|
2016-04-26 17:57:11 +01:00
|
|
|
|
|
|
|
|
return d.ResponseWriter.WriteMsg(res)
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-23 09:14:12 +01:00
|
|
|
// Write implements the dns.ResponseWriter interface.
|
2016-09-21 17:01:19 +01:00
|
|
|
func (d *ResponseWriter) Write(buf []byte) (int, error) {
|
2018-04-19 07:41:56 +01:00
|
|
|
log.Warning("Dnssec called with Write: not signing reply")
|
2016-04-26 17:57:11 +01:00
|
|
|
n, err := d.ResponseWriter.Write(buf)
|
|
|
|
|
return n, err
|
|
|
|
|
}
|
