coredns/plugin/file/xfr.go

package file

import (
	"context"
	"fmt"
	"sync"

	"github.com/coredns/coredns/plugin"
	"github.com/coredns/coredns/plugin/file/tree"
	"github.com/coredns/coredns/request"

	"github.com/miekg/dns"
)

// Xfr serves up an AXFR.
type Xfr struct {
	*Zone
}

// ServeDNS implements the plugin.Handler interface.
func (x Xfr) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
	state := request.Request{W: w, Req: r}
	if !x.TransferAllowed(state) {
		return dns.RcodeServerFailure, nil
	}
	if state.QType() != dns.TypeAXFR && state.QType() != dns.TypeIXFR {
		return 0, plugin.Error(x.Name(), fmt.Errorf("xfr called with non transfer type: %d", state.QType()))
	}

	// For IXFR we take the SOA in the IXFR message (if there), compare it what we have and then decide to do an
	// AXFR or just reply with one SOA message back.
	if state.QType() == dns.TypeIXFR {
		code, _ := x.ServeIxfr(ctx, w, r)
		if plugin.ClientWrite(code) {
			return code, nil
		}
	}

	// get soa and apex
	apex, err := x.ApexIfDefined()
	if err != nil {
		return dns.RcodeServerFailure, nil
	}

	ch := make(chan *dns.Envelope)
	tr := new(dns.Transfer)
	wg := new(sync.WaitGroup)
	wg.Add(1)
	go func() {
		tr.Out(w, r, ch)
		wg.Done()
	}()

	rrs := []dns.RR{}
	l := len(apex)

	ch <- &dns.Envelope{RR: apex}

	x.Walk(func(e *tree.Elem, _ map[uint16][]dns.RR) error {
		rrs = append(rrs, e.All()...)
		if len(rrs) > 500 {
			ch <- &dns.Envelope{RR: rrs}
			l += len(rrs)
			rrs = []dns.RR{}
		}
		return nil
	})

	if len(rrs) > 0 {
		ch <- &dns.Envelope{RR: rrs}
		l += len(rrs)
		rrs = []dns.RR{}
	}

	ch <- &dns.Envelope{RR: []dns.RR{apex[0]}} // closing SOA.
	l++

	close(ch) // Even though we close the channel here, we still have
	wg.Wait() // to wait before we can return and close the connection.

	log.Infof("Outgoing transfer of %d records of zone %s to %s done with %d SOA serial", l, x.origin, state.IP(), apex[0].(*dns.SOA).Serial)
	return dns.RcodeSuccess, nil
}

// Name implements the plugin.Handler interface.
func (x Xfr) Name() string { return "xfr" }

// ServeIxfr checks if we need to serve a simpler IXFR for the incoming message.
// See RFC 1995 Section 3: "... and the authority section containing the SOA record of client's version of the zone."
// and Section 2, paragraph 4 where we only need to echo the SOA record back.
// This function must be called when the qtype is IXFR. It returns a plugin.ClientWrite(code) == false, when it didn't
// write anything and we should perform an AXFR.
func (x Xfr) ServeIxfr(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
	if len(r.Ns) != 1 {
		return dns.RcodeServerFailure, nil
	}
	soa, ok := r.Ns[0].(*dns.SOA)
	if !ok {
		return dns.RcodeServerFailure, nil
	}

	x.RLock()
	if x.Apex.SOA == nil {
		x.RUnlock()
		return dns.RcodeServerFailure, nil
	}
	serial := x.Apex.SOA.Serial
	x.RUnlock()

	if soa.Serial == serial { // Section 2, para 4; echo SOA back. We have the same zone
		m := new(dns.Msg)
		m.SetReply(r)
		m.Answer = []dns.RR{soa}
		w.WriteMsg(m)
		return 0, nil
	}
	return dns.RcodeServerFailure, nil
}
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`package file`

			`import (`
all: fix plugin import ordering (#1717) Got a bit messed up with stb lib "context" usage. 2018-04-22 08:34:35 +01:00			`"context"`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`"fmt"`
file: close correctlty after AXFR (#2943) * file: close correctlty after AXFR Don't hijack, but wait for the writes to be done and then savely close the connection. Fixes: #2929 Signed-off-by: Miek Gieben <miek@miek.nl> * Update comment Signed-off-by: Miek Gieben <miek@miek.nl> * file: close correctlty after AXFR (#2943) apply Signed-off-by: Miek Gieben <miek@miek.nl> 2019-07-03 07:01:57 +01:00			`"sync"`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`"github.com/coredns/coredns/plugin"`
plugin/file: rework outgoing axfr (#3227) * plugin/file: rework outgoing axfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> * Actually properly test xfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-30 13:47:27 +01:00			`"github.com/coredns/coredns/plugin/file/tree"`
Fix import path `github.com/miekg/coredns` -> `github.com/coredns/coredns` (#547) This fix fixes import path from `github.com/miekg/coredns` -> `github.com/coredns/coredns` 2017-02-21 22:51:47 -08:00			`"github.com/coredns/coredns/request"`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00
			`"github.com/miekg/dns"`
			`)`

Golint2 (#280) * Fix linter errors * More linting fixes * More docs and making members private that dont need to be public * Fix linter errors * More linting fixes * More docs and making members private that dont need to be public * More lint fixes This leaves: ~~~ middleware/kubernetes/nametemplate/nametemplate.go:64:6: exported type NameTemplate should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:71:1: exported method NameTemplate.SetTemplate should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:108:1: exported method NameTemplate.GetZoneFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:116:1: exported method NameTemplate.GetNamespaceFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:120:1: exported method NameTemplate.GetServiceFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:124:1: exported method NameTemplate.GetTypeFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:135:1: exported method NameTemplate.GetSymbolFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:167:1: exported method NameTemplate.IsValid should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:182:6: exported type NameValues should have comment or be unexported middleware/kubernetes/util/util.go:1:1: package comment should be of the form "Package util ..." middleware/kubernetes/util/util.go:27:2: exported const WildcardStar should have comment (or a comment on this block) or be unexported middleware/proxy/lookup.go:66:1: exported method Proxy.Forward should have comment or be unexported middleware/proxy/proxy.go:24:6: exported type Client should have comment or be unexported middleware/proxy/proxy.go:107:1: exported function Clients should have comment or be unexported middleware/proxy/reverseproxy.go:10:6: exported type ReverseProxy should have comment or be unexported middleware/proxy/reverseproxy.go:16:1: exported method ReverseProxy.ServeDNS should have comment or be unexported middleware/proxy/upstream.go:42:6: exported type Options should have comment or be unexported ~~~ I plan on reworking the proxy anyway, so I'll leave that be. 2016-09-23 09:14:12 +01:00			`// Xfr serves up an AXFR.`
			`type Xfr struct {`
			`*Zone`
			`}`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`// ServeDNS implements the plugin.Handler interface.`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`func (x Xfr) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {`
Cleanup: put middleware helper functions in pkgs (#245) Move all (almost all) Go files in middleware into their own packages. This makes for better naming and discoverability. Lot of changes elsewhere to make this change. The middleware.State was renamed to request.Request which is better, but still does not cover all use-cases. It was also moved out middleware because it is used by `dnsserver` as well. A pkg/dnsutil packages was added for shared, handy, dns util functions. All normalize functions are now put in normalize.go 2016-09-07 11:10:16 +01:00			`state := request.Request{W: w, Req: r}`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`if !x.TransferAllowed(state) {`
			`return dns.RcodeServerFailure, nil`
			`}`
Allow IXFR as well (#97) 2016-04-09 16:39:50 +01:00			`if state.QType() != dns.TypeAXFR && state.QType() != dns.TypeIXFR {`
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`return 0, plugin.Error(x.Name(), fmt.Errorf("xfr called with non transfer type: %d", state.QType()))`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`}`

plugin/file: respond correctly to IXFR message (#3177) * plugin/file: respond correctly to IXFR message Respond with a sing SOA record to an IXFR request if the SOA serials match. The added test fails on the current code with: ~~~ === RUN TestIxfrResponse --- FAIL: TestIxfrResponse (0.00s) secondary_test.go:122: Expected answer section with single RR FAIL exit status 1 ~~~ And obviously passes with the new code. This should cut down on the weird number of zone transfers that I was seeing. At some point IXFR support might be cool. Fixes: #3176 Signed-off-by: Miek Gieben <miek@miek.nl> * reuse code Signed-off-by: Miek Gieben <miek@miek.nl> * Sligtht tweaks Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-26 08:14:43 +00:00			`// For IXFR we take the SOA in the IXFR message (if there), compare it what we have and then decide to do an`
			`// AXFR or just reply with one SOA message back.`
			`if state.QType() == dns.TypeIXFR {`
			`code, _ := x.ServeIxfr(ctx, w, r)`
			`if plugin.ClientWrite(code) {`
			`return code, nil`
			`}`
			`}`

plugin/file: rework outgoing axfr (#3227) * plugin/file: rework outgoing axfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> * Actually properly test xfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-30 13:47:27 +01:00			`// get soa and apex`
			`apex, err := x.ApexIfDefined()`
			`if err != nil {`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`return dns.RcodeServerFailure, nil`
			`}`

			`ch := make(chan *dns.Envelope)`
			`tr := new(dns.Transfer)`
file: close correctlty after AXFR (#2943) * file: close correctlty after AXFR Don't hijack, but wait for the writes to be done and then savely close the connection. Fixes: #2929 Signed-off-by: Miek Gieben <miek@miek.nl> * Update comment Signed-off-by: Miek Gieben <miek@miek.nl> * file: close correctlty after AXFR (#2943) apply Signed-off-by: Miek Gieben <miek@miek.nl> 2019-07-03 07:01:57 +01:00			`wg := new(sync.WaitGroup)`
plugin: cleanup code based on staticcheck warnings (#3302) TrimPrefix re-assign to former variable Signed-off-by: Guangming Wang <guangming.wang@daocloud.io> 2019-09-25 20:23:43 +08:00			`wg.Add(1)`
file: close correctlty after AXFR (#2943) * file: close correctlty after AXFR Don't hijack, but wait for the writes to be done and then savely close the connection. Fixes: #2929 Signed-off-by: Miek Gieben <miek@miek.nl> * Update comment Signed-off-by: Miek Gieben <miek@miek.nl> * file: close correctlty after AXFR (#2943) apply Signed-off-by: Miek Gieben <miek@miek.nl> 2019-07-03 07:01:57 +01:00			`go func() {`
			`tr.Out(w, r, ch)`
			`wg.Done()`
			`}()`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00
plugin/file: rework outgoing axfr (#3227) * plugin/file: rework outgoing axfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> * Actually properly test xfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-30 13:47:27 +01:00			`rrs := []dns.RR{}`
			`l := len(apex)`

			`ch <- &dns.Envelope{RR: apex}`

			`x.Walk(func(e *tree.Elem, _ map[uint16][]dns.RR) error {`
			`rrs = append(rrs, e.All()...)`
			`if len(rrs) > 500 {`
			`ch <- &dns.Envelope{RR: rrs}`
			`l += len(rrs)`
			`rrs = []dns.RR{}`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`}`
plugin/file: rework outgoing axfr (#3227) * plugin/file: rework outgoing axfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> * Actually properly test xfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-30 13:47:27 +01:00			`return nil`
			`})`

			`if len(rrs) > 0 {`
			`ch <- &dns.Envelope{RR: rrs}`
			`l += len(rrs)`
			`rrs = []dns.RR{}`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`}`
plugin/file: rework outgoing axfr (#3227) * plugin/file: rework outgoing axfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> * Actually properly test xfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-30 13:47:27 +01:00
			`ch <- &dns.Envelope{RR: []dns.RR{apex[0]}} // closing SOA.`
			`l++`

file: close correctlty after AXFR (#2943) * file: close correctlty after AXFR Don't hijack, but wait for the writes to be done and then savely close the connection. Fixes: #2929 Signed-off-by: Miek Gieben <miek@miek.nl> * Update comment Signed-off-by: Miek Gieben <miek@miek.nl> * file: close correctlty after AXFR (#2943) apply Signed-off-by: Miek Gieben <miek@miek.nl> 2019-07-03 07:01:57 +01:00			`close(ch) // Even though we close the channel here, we still have`
			`wg.Wait() // to wait before we can return and close the connection.`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00
plugin/file: rework outgoing axfr (#3227) * plugin/file: rework outgoing axfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> * Actually properly test xfr Signed-off-by: Miek Gieben <miek@miek.nl> * Fix test Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-30 13:47:27 +01:00			`log.Infof("Outgoing transfer of %d records of zone %s to %s done with %d SOA serial", l, x.origin, state.IP(), apex[0].(*dns.SOA).Serial)`
Support outgoing zone transfers These can be enabled by adding "transfer out" to the Corefile. Without it no AXFR is allowed. For now only AXFR and no IXFR. No TSIG and no ACLs. 2016-03-28 12:08:05 +01:00			`return dns.RcodeSuccess, nil`
			`}`

Typo fixes (#2031) 2018-08-14 17:55:55 +02:00			`// Name implements the plugin.Handler interface.`
middleware/secondary: multiple fixes (#745) Fix transferring the zone from a master and the matching of notifies to source and dst IP addresses. Add `upstream` keyword as well, because it is needed for the same reasons as in the file middlware. Add some dire warning about upstream in the readme of both middlewares. Out of band testing, hidden by net build tag was added. Integration testing still needs to be setup. 2017-06-21 23:46:20 -07:00			`func (x Xfr) Name() string { return "xfr" }`
Add middleware.NextOrFailure (#462) This checks if the next middleware to be called is nil, and if so returns ServerFailure and an error. This makes the next calling more robust and saves some lines of code. Also prefix the error with the name of the middleware to aid in debugging. 2016-12-20 18:58:05 +00:00
plugin/file: respond correctly to IXFR message (#3177) * plugin/file: respond correctly to IXFR message Respond with a sing SOA record to an IXFR request if the SOA serials match. The added test fails on the current code with: ~~~ === RUN TestIxfrResponse --- FAIL: TestIxfrResponse (0.00s) secondary_test.go:122: Expected answer section with single RR FAIL exit status 1 ~~~ And obviously passes with the new code. This should cut down on the weird number of zone transfers that I was seeing. At some point IXFR support might be cool. Fixes: #3176 Signed-off-by: Miek Gieben <miek@miek.nl> * reuse code Signed-off-by: Miek Gieben <miek@miek.nl> * Sligtht tweaks Signed-off-by: Miek Gieben <miek@miek.nl> 2019-08-26 08:14:43 +00:00			`// ServeIxfr checks if we need to serve a simpler IXFR for the incoming message.`
			`// See RFC 1995 Section 3: "... and the authority section containing the SOA record of client's version of the zone."`
			`// and Section 2, paragraph 4 where we only need to echo the SOA record back.`
			`// This function must be called when the qtype is IXFR. It returns a plugin.ClientWrite(code) == false, when it didn't`
			`// write anything and we should perform an AXFR.`
			`func (x Xfr) ServeIxfr(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {`
			`if len(r.Ns) != 1 {`
			`return dns.RcodeServerFailure, nil`
			`}`
			`soa, ok := r.Ns[0].(*dns.SOA)`
			`if !ok {`
			`return dns.RcodeServerFailure, nil`
			`}`

			`x.RLock()`
			`if x.Apex.SOA == nil {`
			`x.RUnlock()`
			`return dns.RcodeServerFailure, nil`
			`}`
			`serial := x.Apex.SOA.Serial`
			`x.RUnlock()`

			`if soa.Serial == serial { // Section 2, para 4; echo SOA back. We have the same zone`
			`m := new(dns.Msg)`
			`m.SetReply(r)`
			`m.Answer = []dns.RR{soa}`
			`w.WriteMsg(m)`
			`return 0, nil`
			`}`
			`return dns.RcodeServerFailure, nil`
			`}`