coredns/plugin/dnssec/handler.go

package dnssec

import (
	"context"

	"github.com/coredns/coredns/plugin"
	"github.com/coredns/coredns/plugin/metrics"
	"github.com/coredns/coredns/request"

	"github.com/miekg/dns"
)

// ServeDNS implements the plugin.Handler interface.
func (d Dnssec) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
	state := request.Request{W: w, Req: r}

	do := state.Do()
	qname := state.Name()
	qtype := state.QType()
	zone := plugin.Zones(d.zones).Matches(qname)
	if zone == "" {
		return plugin.NextOrFailure(d.Name(), d.Next, ctx, w, r)
	}

	state.Zone = zone
	server := metrics.WithServer(ctx)

	// Intercept queries for DNSKEY, but only if one of the zones matches the qname, otherwise we let
	// the query through.
	if qtype == dns.TypeDNSKEY {
		for _, z := range d.zones {
			if qname == z {
				resp := d.getDNSKEY(state, z, do, server)
				resp.Authoritative = true
				w.WriteMsg(resp)
				return dns.RcodeSuccess, nil
			}
		}
	}

	if do {
		drr := &ResponseWriter{w, d, server}
		return plugin.NextOrFailure(d.Name(), d.Next, ctx, drr, r)
	}

	return plugin.NextOrFailure(d.Name(), d.Next, ctx, w, r)
}

// Name implements the Handler interface.
func (d Dnssec) Name() string { return "dnssec" }
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`package dnssec`

			`import (`
all: fix plugin import ordering (#1717) Got a bit messed up with stb lib "context" usage. 2018-04-22 08:34:35 +01:00			`"context"`
metrics: correctly register all metrics (#1335) After initial startup, see if prometheus is loaded and if so, register our metrics with it. Stop doing the init() func and just use the sync.Once so we don't double registrer our metrics. 2017-12-27 15:48:14 +00:00
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`"github.com/coredns/coredns/plugin"`
plugin/dnssec: add per server metrics (#1743) * plugin/dnssec: add per server metrics final plugin. Fixes #1696 #1492 #1189 * Move cache cap into handler so we can access the server label * Remove cache-capacity from it entirely 2018-04-27 19:37:31 +01:00			`"github.com/coredns/coredns/plugin/metrics"`
Fix import path `github.com/miekg/coredns` -> `github.com/coredns/coredns` (#547) This fix fixes import path from `github.com/miekg/coredns` -> `github.com/coredns/coredns` 2017-02-21 22:51:47 -08:00			`"github.com/coredns/coredns/request"`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00
			`"github.com/miekg/dns"`
			`)`

Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`// ServeDNS implements the plugin.Handler interface.`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`func (d Dnssec) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {`
Cleanup: put middleware helper functions in pkgs (#245) Move all (almost all) Go files in middleware into their own packages. This makes for better naming and discoverability. Lot of changes elsewhere to make this change. The middleware.State was renamed to request.Request which is better, but still does not cover all use-cases. It was also moved out middleware because it is used by `dnsserver` as well. A pkg/dnsutil packages was added for shared, handy, dns util functions. All normalize functions are now put in normalize.go 2016-09-07 11:10:16 +01:00			`state := request.Request{W: w, Req: r}`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00
			`do := state.Do()`
			`qname := state.Name()`
			`qtype := state.QType()`
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`zone := plugin.Zones(d.zones).Matches(qname)`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`if zone == "" {`
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`return plugin.NextOrFailure(d.Name(), d.Next, ctx, w, r)`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`}`

plugin/dnssec: implement shotgun from CloudFlare (#1305) * plugin/dnssec: implement shotgun from CloudFlare Put a whole bunch of types in the NSEC bitmap and remove the one that's being asked for. Add more records for queries to the apex, SOA, DNSKEY, MX. 2018-01-03 11:11:56 +00:00			`state.Zone = zone`
plugin/dnssec: add per server metrics (#1743) * plugin/dnssec: add per server metrics final plugin. Fixes #1696 #1492 #1189 * Move cache cap into handler so we can access the server label * Remove cache-capacity from it entirely 2018-04-27 19:37:31 +01:00			`server := metrics.WithServer(ctx)`
plugin/dnssec: implement shotgun from CloudFlare (#1305) * plugin/dnssec: implement shotgun from CloudFlare Put a whole bunch of types in the NSEC bitmap and remove the one that's being asked for. Add more records for queries to the apex, SOA, DNSKEY, MX. 2018-01-03 11:11:56 +00:00
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`// Intercept queries for DNSKEY, but only if one of the zones matches the qname, otherwise we let`
			`// the query through.`
			`if qtype == dns.TypeDNSKEY {`
			`for _, z := range d.zones {`
			`if qname == z {`
plugin/dnssec: add per server metrics (#1743) * plugin/dnssec: add per server metrics final plugin. Fixes #1696 #1492 #1189 * Move cache cap into handler so we can access the server label * Remove cache-capacity from it entirely 2018-04-27 19:37:31 +01:00			`resp := d.getDNSKEY(state, z, do, server)`
Set Authoritative Answer - DNSKEY (fix #210) (#212) * Authoritative Answer - DNSKEY * Improve Style 2016-08-14 20:19:36 +02:00			`resp.Authoritative = true`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`w.WriteMsg(resp)`
			`return dns.RcodeSuccess, nil`
			`}`
			`}`
			`}`

Default to scrubbing replies in the server (#2012) Every plugin needs to deal with EDNS0 and should call Scrub to make a message fit the client's buffer. Move this functionality into the server and wrapping the ResponseWriter into a ScrubWriter that handles these bits for us. Result: Less code and faster, because multiple chained plugins could all be calling scrub and SizeAndDo - now there is just one place. Most tests in file/* and dnssec/* needed adjusting because in those unit tests you don't see OPT RRs anymore. The DNSSEC signer was also looking at the returned OPT RR to see if it needed to sign - as those are now added by the server (and thus later), this needed to change slightly. Scrub itself still exist (for backward compat reasons), but has been made a noop. Scrub has been renamed to scrub as it should not be used by external plugins. Fixes: #2010 Signed-off-by: Miek Gieben <miek@miek.nl> 2018-08-29 12:26:22 +01:00			`if do {`
			`drr := &ResponseWriter{w, d, server}`
			`return plugin.NextOrFailure(d.Name(), d.Next, ctx, drr, r)`
			`}`

			`return plugin.NextOrFailure(d.Name(), d.Next, ctx, w, r)`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`}`

golint 2016-10-27 11:48:37 +00:00			`// Name implements the Handler interface.`
middleware/metrics: cleanup (#355) * middleware/metrics: add more metrics middleware/cache: Add metrics for number of elements in the cache. Also export the total size. Update README to detail the new metrics. middleware/metrics Move metrics into subpackage called "vars". This breaks the import cycle and is cleaner. This allows vars.Report to be used in the the dnsserver to log refused queries. middleware/metrics: tests Add tests to the metrics framework. The metrics/test subpackage allows scraping of the local server. Do a few test scrape of the metrics that are defined in the metrics middleware. This also allows metrics integration tests to check if the caching and dnssec middleware export their metrics correctly. * update README * typos * fix tests 2016-10-26 10:01:52 +01:00			`func (d Dnssec) Name() string { return "dnssec" }`