plugin/pkg/edns/edns.go

// Package edns provides function useful for adding/inspecting OPT records to/in messages.
package edns

import (
	"errors"
	"sync"

	"github.com/miekg/dns"
)

var sup = &supported{m: make(map[uint16]struct{})}

type supported struct {
	m map[uint16]struct{}
	sync.RWMutex
}

// SetSupportedOption adds a new supported option the set of EDNS0 options that we support. Plugins typically call
// this in their setup code to signal support for a new option.
// By default we support:
// dns.EDNS0NSID, dns.EDNS0EXPIRE, dns.EDNS0COOKIE, dns.EDNS0TCPKEEPALIVE, dns.EDNS0PADDING. These
// values are not in this map and checked directly in the server.
func SetSupportedOption(option uint16) {
	sup.Lock()
	sup.m[option] = struct{}{}
	sup.Unlock()
}

// SupportedOption returns true if the option code is supported as an extra EDNS0 option.
func SupportedOption(option uint16) bool {
	sup.RLock()
	_, ok := sup.m[option]
	sup.RUnlock()
	return ok
}

// Version checks the EDNS version in the request. If error
// is nil everything is OK and we can invoke the plugin. If non-nil, the
// returned Msg is valid to be returned to the client (and should).
func Version(req *dns.Msg) (*dns.Msg, error) {
	opt := req.IsEdns0()
	if opt == nil {
		return nil, nil
	}
	if opt.Version() == 0 {
		return nil, nil
	}
	m := new(dns.Msg)
	m.SetReply(req)

	o := new(dns.OPT)
	o.Hdr.Name = "."
	o.Hdr.Rrtype = dns.TypeOPT
	o.SetVersion(0)
	m.Rcode = dns.RcodeBadVers
	o.SetExtendedRcode(dns.RcodeBadVers)
	m.Extra = []dns.RR{o}

	return m, errors.New("EDNS0 BADVERS")
}

// Size returns a normalized size based on proto.
func Size(proto string, size uint16) uint16 {
	if proto == "tcp" {
		return dns.MaxMsgSize
	}
	if size < dns.MinMsgSize {
		return dns.MinMsgSize
	}
	return size
}
Fix various issues with formatting and typos (#424) * Fix typos * Simplify code * Fix error usage 2016-11-13 14:03:12 +00:00			`// Package edns provides function useful for adding/inspecting OPT records to/in messages.`
Cleanup: put middleware helper functions in pkgs (#245) Move all (almost all) Go files in middleware into their own packages. This makes for better naming and discoverability. Lot of changes elsewhere to make this change. The middleware.State was renamed to request.Request which is better, but still does not cover all use-cases. It was also moved out middleware because it is used by `dnsserver` as well. A pkg/dnsutil packages was added for shared, handy, dns util functions. All normalize functions are now put in normalize.go 2016-09-07 11:10:16 +01:00			`package edns`
EDNS: return error on wrong version. (#95) Split up the previous changes a bit. This PR only returns the expected error when the received packet has the wrong EDNS version. EDNS0 handling in the middleware needs a nicer abstraction, like ReflectEdns() or something. 2016-04-09 11:13:04 +01:00
			`import (`
			`"errors"`
Fix EDNS0 compliance (#2357) * Fix EDNS0 compliance Do SizeAndDo in the server (ScrubWriter) and remove all uses of this from the plugins. Also always do it. This is to get into compliance for https://dnsflagday.net/. The pkg/edns0 now exports the EDNS0 options we understand; this is exported to allow plugins add things there. The rewrite plugin used this to add custom EDNS0 option codes that the server needs to understand. This also needs a new release of miekg/dns because it triggered a race-condition that was basicly there forever. See: * https://github.com/miekg/dns/issues/857 * https://github.com/miekg/dns/pull/859 Running a test instance and pointing the https://ednscomp.isc.org/ednscomp to it shows the tests are now fixed: ~~~ EDNS Compliance Tester Checking: 'miek.nl' as at 2018-12-01T17:53:15Z miek.nl. @147.75.204.203 (drone.coredns.io.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok miek.nl. @2604:1380:2002:a000::1 (drone.coredns.io.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok All Ok Codes ok - test passed. ~~~ Signed-off-by: Miek Gieben <miek@miek.nl> Signed-off-by: Miek Gieben <miek@miek.nl> * typos in comments Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-06 21:18:11 +00:00			`"sync"`
EDNS: return error on wrong version. (#95) Split up the previous changes a bit. This PR only returns the expected error when the received packet has the wrong EDNS version. EDNS0 handling in the middleware needs a nicer abstraction, like ReflectEdns() or something. 2016-04-09 11:13:04 +01:00
			`"github.com/miekg/dns"`
			`)`

Fix EDNS0 compliance (#2357) * Fix EDNS0 compliance Do SizeAndDo in the server (ScrubWriter) and remove all uses of this from the plugins. Also always do it. This is to get into compliance for https://dnsflagday.net/. The pkg/edns0 now exports the EDNS0 options we understand; this is exported to allow plugins add things there. The rewrite plugin used this to add custom EDNS0 option codes that the server needs to understand. This also needs a new release of miekg/dns because it triggered a race-condition that was basicly there forever. See: * https://github.com/miekg/dns/issues/857 * https://github.com/miekg/dns/pull/859 Running a test instance and pointing the https://ednscomp.isc.org/ednscomp to it shows the tests are now fixed: ~~~ EDNS Compliance Tester Checking: 'miek.nl' as at 2018-12-01T17:53:15Z miek.nl. @147.75.204.203 (drone.coredns.io.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok miek.nl. @2604:1380:2002:a000::1 (drone.coredns.io.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok All Ok Codes ok - test passed. ~~~ Signed-off-by: Miek Gieben <miek@miek.nl> Signed-off-by: Miek Gieben <miek@miek.nl> * typos in comments Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-06 21:18:11 +00:00			`var sup = &supported{m: make(map[uint16]struct{})}`

			`type supported struct {`
			`m map[uint16]struct{}`
			`sync.RWMutex`
			`}`

			`// SetSupportedOption adds a new supported option the set of EDNS0 options that we support. Plugins typically call`
			`// this in their setup code to signal support for a new option.`
			`// By default we support:`
			`// dns.EDNS0NSID, dns.EDNS0EXPIRE, dns.EDNS0COOKIE, dns.EDNS0TCPKEEPALIVE, dns.EDNS0PADDING. These`
			`// values are not in this map and checked directly in the server.`
			`func SetSupportedOption(option uint16) {`
			`sup.Lock()`
			`sup.m[option] = struct{}{}`
			`sup.Unlock()`
			`}`

			`// SupportedOption returns true if the option code is supported as an extra EDNS0 option.`
			`func SupportedOption(option uint16) bool {`
			`sup.RLock()`
			`_, ok := sup.m[option]`
			`sup.RUnlock()`
			`return ok`
			`}`

Cleanup: put middleware helper functions in pkgs (#245) Move all (almost all) Go files in middleware into their own packages. This makes for better naming and discoverability. Lot of changes elsewhere to make this change. The middleware.State was renamed to request.Request which is better, but still does not cover all use-cases. It was also moved out middleware because it is used by `dnsserver` as well. A pkg/dnsutil packages was added for shared, handy, dns util functions. All normalize functions are now put in normalize.go 2016-09-07 11:10:16 +01:00			`// Version checks the EDNS version in the request. If error`
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`// is nil everything is OK and we can invoke the plugin. If non-nil, the`
plugin/edns: remove truncating of question section on bad EDNS version (#5787) * plugin/edns: remove truncating of question section on bad EDNS version EDNS requests of "Unknown Version" removed the query section altogether. Not sure why since this is not require (see [link](https://kb.isc.org/docs/edns-compatibility-dig-queries) This cause issues with DNS solutions that uses this information (initial queried name, type and class) in order to route the response to the right client (e.g. PDNS). The change here is to keep the inital query section as is. Signed-off-by: Ben Kaplan <ben.kaplan@redis.com> * adding tests for edns0 version check Signed-off-by: Ben Kaplan <ben.kaplan@redis.com> * adding tests for non-edns0 version check Signed-off-by: Ben Kaplan <ben.kaplan@redis.com> Signed-off-by: Ben Kaplan <ben.kaplan@redis.com> 2022-12-01 16:07:13 +02:00			`// returned Msg is valid to be returned to the client (and should).`
Cleanup: put middleware helper functions in pkgs (#245) Move all (almost all) Go files in middleware into their own packages. This makes for better naming and discoverability. Lot of changes elsewhere to make this change. The middleware.State was renamed to request.Request which is better, but still does not cover all use-cases. It was also moved out middleware because it is used by `dnsserver` as well. A pkg/dnsutil packages was added for shared, handy, dns util functions. All normalize functions are now put in normalize.go 2016-09-07 11:10:16 +01:00			`func Version(req dns.Msg) (dns.Msg, error) {`
EDNS: return error on wrong version. (#95) Split up the previous changes a bit. This PR only returns the expected error when the received packet has the wrong EDNS version. EDNS0 handling in the middleware needs a nicer abstraction, like ReflectEdns() or something. 2016-04-09 11:13:04 +01:00			`opt := req.IsEdns0()`
			`if opt == nil {`
			`return nil, nil`
			`}`
			`if opt.Version() == 0 {`
			`return nil, nil`
			`}`
			`m := new(dns.Msg)`
			`m.SetReply(req)`

			`o := new(dns.OPT)`
			`o.Hdr.Name = "."`
			`o.Hdr.Rrtype = dns.TypeOPT`
			`o.SetVersion(0)`
edns0 compliance: set correct RCODE (#2388) The miekg/dns API is a bit scruffy (documentation PR in flight soon), but these both need to be set for the correct RCODE to be reflected in the returned packet. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-11 20:27:29 +00:00			`m.Rcode = dns.RcodeBadVers`
EDNS: return error on wrong version. (#95) Split up the previous changes a bit. This PR only returns the expected error when the received packet has the wrong EDNS version. EDNS0 handling in the middleware needs a nicer abstraction, like ReflectEdns() or something. 2016-04-09 11:13:04 +01:00			`o.SetExtendedRcode(dns.RcodeBadVers)`
			`m.Extra = []dns.RR{o}`

			`return m, errors.New("EDNS0 BADVERS")`
			`}`
correct EDNS responses (#96) Tests updated as well and all the middleware. And Prometheus renamed to metrics (directive is still prometheus). 2016-04-09 16:17:53 +01:00
Cleanup: put middleware helper functions in pkgs (#245) Move all (almost all) Go files in middleware into their own packages. This makes for better naming and discoverability. Lot of changes elsewhere to make this change. The middleware.State was renamed to request.Request which is better, but still does not cover all use-cases. It was also moved out middleware because it is used by `dnsserver` as well. A pkg/dnsutil packages was added for shared, handy, dns util functions. All normalize functions are now put in normalize.go 2016-09-07 11:10:16 +01:00			`// Size returns a normalized size based on proto.`
Make request.Request smaller (#3351) * Make request.Request smaller This makes the request struct smaller and removes the pointer to the do boolean (tri-bool) as size == 0 will indicate if we have cached it. Family can be a int8 because it only carries 3 values, Size itself is just a uint16 under the covers. This is a more comprehensive fix than #3292 Closes #3292 Signed-off-by: Miek Gieben <miek@miek.nl> * cache: fix test this now needs a valid response writter Signed-off-by: Miek Gieben <miek@miek.nl> 2019-10-04 09:44:58 +01:00			`func Size(proto string, size uint16) uint16 {`
correct EDNS responses (#96) Tests updated as well and all the middleware. And Prometheus renamed to metrics (directive is still prometheus). 2016-04-09 16:17:53 +01:00			`if proto == "tcp" {`
			`return dns.MaxMsgSize`
			`}`
			`if size < dns.MinMsgSize {`
			`return dns.MinMsgSize`
			`}`
			`return size`
			`}`