coredns/middleware/file/closest.go

package file

import "github.com/miekg/dns"

// ClosestEncloser returns the closest encloser for rr.
func (z *Zone) ClosestEncloser(rr dns.RR) string {
	// tree/tree.go does not store a parent *Node pointer, so we can't
	// just follow up the tree. TODO(miek): fix.

	offset, end := dns.NextLabel(rr.Header().Name, 0)
	for !end {
		elem := z.Tree.Get(rr)
		if elem != nil {
			return elem.Name()
		}
		rr.Header().Name = rr.Header().Name[offset:]

		offset, end = dns.NextLabel(rr.Header().Name, offset)
	}

	return z.SOA.Header().Name
}

// nameErrorProof finds the closest encloser and return an NSEC that proofs
// the wildcard does not exist and an NSEC that proofs the name does no exist.
func (z *Zone) nameErrorProof(rr dns.RR) []dns.RR {
	elem := z.Tree.Prev(rr)
	if elem == nil {
		return nil
	}
	nsec := z.lookupNSEC(elem, true)
	nsecIndex := 0
	for i := 0; i < len(nsec); i++ {
		if nsec[i].Header().Rrtype == dns.TypeNSEC {
			nsecIndex = i
			break
		}
	}

	// We do this lookup twice, once for wildcard and once for the name proof. TODO(miek): fix
	ce := z.ClosestEncloser(rr)
	wildcard := "*." + ce
	rr.Header().Name = wildcard
	elem = z.Tree.Prev(rr)
	if elem == nil {
		// Root?
		return nil
	}
	nsec1 := z.lookupNSEC(elem, true)
	nsec1Index := 0
	for i := 0; i < len(nsec1); i++ {
		if nsec1[i].Header().Rrtype == dns.TypeNSEC {
			nsec1Index = i
			break
		}
	}

	// Check for duplicate NSEC.
	if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&
		nsec[nsecIndex].(*dns.NSEC).NextDomain == nsec1[nsec1Index].(*dns.NSEC).NextDomain {
		return nsec
	}

	return append(nsec, nsec1...)
}
add closest encloser stuff 2016-03-30 16:45:02 +00:00			`package file`

			`import "github.com/miekg/dns"`

			`// ClosestEncloser returns the closest encloser for rr.`
			`func (z *Zone) ClosestEncloser(rr dns.RR) string {`
Fix closest encloser 2016-03-30 20:13:48 +01:00			`// tree/tree.go does not store a parent *Node pointer, so we can't`
			`// just follow up the tree. TODO(miek): fix.`

			`offset, end := dns.NextLabel(rr.Header().Name, 0)`
			`for !end {`
			`elem := z.Tree.Get(rr)`
			`if elem != nil {`
			`return elem.Name()`
			`}`
			`rr.Header().Name = rr.Header().Name[offset:]`

			`offset, end = dns.NextLabel(rr.Header().Name, offset)`
add closest encloser stuff 2016-03-30 16:45:02 +00:00			`}`
Fix closest encloser 2016-03-30 20:13:48 +01:00
			`return z.SOA.Header().Name`
add closest encloser stuff 2016-03-30 16:45:02 +00:00			`}`
Add nameerror proof 2016-03-30 20:47:38 +01:00
			`// nameErrorProof finds the closest encloser and return an NSEC that proofs`
			`// the wildcard does not exist and an NSEC that proofs the name does no exist.`
			`func (z *Zone) nameErrorProof(rr dns.RR) []dns.RR {`
			`elem := z.Tree.Prev(rr)`
			`if elem == nil {`
			`return nil`
			`}`
			`nsec := z.lookupNSEC(elem, true)`
			`nsecIndex := 0`
			`for i := 0; i < len(nsec); i++ {`
			`if nsec[i].Header().Rrtype == dns.TypeNSEC {`
			`nsecIndex = i`
			`break`
			`}`
			`}`

Positive wildcare replies Reply to queries when you have a wildcard in the zone. This works for DNS and DNSSEC. Thing missing is NODATA responses for that specific wildcard. Add wildcard_test.go as well. 2016-03-31 09:25:22 +00:00			`// We do this lookup twice, once for wildcard and once for the name proof. TODO(miek): fix`
Add nameerror proof 2016-03-30 20:47:38 +01:00			`ce := z.ClosestEncloser(rr)`
			`wildcard := "*." + ce`
			`rr.Header().Name = wildcard`
			`elem = z.Tree.Prev(rr)`
			`if elem == nil {`
			`// Root?`
			`return nil`
			`}`
			`nsec1 := z.lookupNSEC(elem, true)`
			`nsec1Index := 0`
			`for i := 0; i < len(nsec1); i++ {`
			`if nsec1[i].Header().Rrtype == dns.TypeNSEC {`
			`nsec1Index = i`
			`break`
			`}`
			`}`

			`// Check for duplicate NSEC.`
			`if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&`
			`nsec[nsecIndex].(dns.NSEC).NextDomain == nsec1[nsec1Index].(dns.NSEC).NextDomain {`
			`return nsec`
			`}`

			`return append(nsec, nsec1...)`
			`}`