2016-03-27 07:37:23 +01:00
|
|
|
package file
|
|
|
|
|
|
2016-03-29 08:17:45 +01:00
|
|
|
import (
|
|
|
|
|
"github.com/miekg/coredns/middleware/file/tree"
|
2016-03-30 16:45:02 +00:00
|
|
|
|
2016-03-29 08:17:45 +01:00
|
|
|
"github.com/miekg/dns"
|
|
|
|
|
)
|
2016-03-27 07:37:23 +01:00
|
|
|
|
|
|
|
|
// Result is the result of a Lookup
|
|
|
|
|
type Result int
|
|
|
|
|
|
|
|
|
|
const (
|
2016-09-23 09:14:12 +01:00
|
|
|
// Success is a successful lookup.
|
2016-03-27 07:37:23 +01:00
|
|
|
Success Result = iota
|
2016-09-23 09:14:12 +01:00
|
|
|
// NameError indicates a nameerror
|
2016-03-27 07:37:23 +01:00
|
|
|
NameError
|
2016-09-23 09:14:12 +01:00
|
|
|
// Delegation indicates the lookup resulted in a delegation.
|
2016-04-16 16:16:52 +01:00
|
|
|
Delegation
|
2016-09-23 09:14:12 +01:00
|
|
|
// NoData indicates the lookup resulted in a NODATA.
|
2016-03-29 08:17:45 +01:00
|
|
|
NoData
|
2016-09-23 09:14:12 +01:00
|
|
|
// ServerFailure indicates a server failure during the lookup.
|
2016-03-29 08:17:45 +01:00
|
|
|
ServerFailure
|
2016-03-27 07:37:23 +01:00
|
|
|
)
|
|
|
|
|
|
2016-04-02 16:56:16 +01:00
|
|
|
// Lookup looks up qname and qtype in the zone. When do is true DNSSEC records are included.
|
2016-03-29 08:17:45 +01:00
|
|
|
// Three sets of records are returned, one for the answer, one for authority and one for the additional section.
|
|
|
|
|
func (z *Zone) Lookup(qname string, qtype uint16, do bool) ([]dns.RR, []dns.RR, []dns.RR, Result) {
|
2016-11-05 14:39:49 +00:00
|
|
|
if !z.NoReload {
|
|
|
|
|
z.reloadMu.RLock()
|
|
|
|
|
}
|
|
|
|
|
defer func() {
|
2016-10-27 21:01:04 +01:00
|
|
|
if !z.NoReload {
|
|
|
|
|
z.reloadMu.RUnlock()
|
|
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
if qtype == dns.TypeSOA {
|
|
|
|
|
soa := z.soa(do)
|
|
|
|
|
return soa, nil, nil, Success
|
2016-03-27 07:37:23 +01:00
|
|
|
}
|
2016-04-16 16:16:52 +01:00
|
|
|
if qtype == dns.TypeNS && qname == z.origin {
|
2016-11-05 14:39:49 +00:00
|
|
|
nsrrs := z.ns(do)
|
|
|
|
|
glue := z.Glue(nsrrs)
|
|
|
|
|
return nsrrs, nil, glue, Success
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
found, shot bool
|
|
|
|
|
parts string
|
|
|
|
|
i int
|
|
|
|
|
elem, wildElem *tree.Elem
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Lookup:
|
|
|
|
|
// * Per label from the right, look if it exists. We do this to find potential
|
|
|
|
|
// delegation records.
|
|
|
|
|
// * If the per-label search finds nothing, we will look for the wildcard at the
|
|
|
|
|
// level. If found we keep it around. If we don't find the complete name we will
|
|
|
|
|
// use the wildcard.
|
|
|
|
|
//
|
|
|
|
|
// Main for-loop handles delegation and finding or not finding the qname.
|
|
|
|
|
// If found we check if it is a CNAME and do CNAME processing (DNAME should be added as well)
|
|
|
|
|
// We also check if we have type and do a nodata resposne.
|
|
|
|
|
//
|
|
|
|
|
// If not found, we check the potential wildcard, and use that for further processing.
|
|
|
|
|
// If not found and no wildcard we will process this as an NXDOMAIN response.
|
|
|
|
|
//
|
|
|
|
|
for {
|
|
|
|
|
parts, shot = z.nameFromRight(qname, i)
|
|
|
|
|
// We overshot the name, break and check if we previously found something.
|
|
|
|
|
if shot {
|
|
|
|
|
break
|
2016-10-27 21:01:04 +01:00
|
|
|
}
|
2016-10-28 12:57:02 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
elem, found = z.Tree.Search(parts)
|
|
|
|
|
if !found {
|
|
|
|
|
// Apex will always be found, when we are here we can search for a wildcard
|
|
|
|
|
// and save the result of that search. So when nothing match, but we have a
|
|
|
|
|
// wildcard we should expand the wildcard. There can only be one wildcard,
|
|
|
|
|
// so when we found one, we won't look for another.
|
2016-10-28 12:57:02 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
if wildElem == nil {
|
|
|
|
|
wildcard := replaceWithAsteriskLabel(parts)
|
|
|
|
|
wildElem, _ = z.Tree.Search(wildcard)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Keep on searching, because maybe we hit an empty-non-terminal (which aren't
|
|
|
|
|
// stored in the tree. Only when we have match the full qname (and possible wildcard
|
|
|
|
|
// we can be confident that we didn't find anything.
|
|
|
|
|
i++
|
|
|
|
|
continue
|
2016-10-27 21:01:04 +01:00
|
|
|
}
|
2016-03-27 07:37:23 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// If we see NS records, it means the name as been delegated, and we should return the delegation.
|
|
|
|
|
if nsrrs := elem.Types(dns.TypeNS); nsrrs != nil {
|
|
|
|
|
glue := z.Glue(nsrrs)
|
|
|
|
|
// If qtype == NS, we should returns success to put RRs in answer.
|
|
|
|
|
if qtype == dns.TypeNS {
|
|
|
|
|
return nsrrs, nil, glue, Success
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if do {
|
|
|
|
|
dss := z.typeFromElem(elem, dns.TypeDS, do)
|
|
|
|
|
nsrrs = append(nsrrs, dss...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil, nsrrs, glue, Delegation
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i++
|
2016-10-27 21:01:04 +01:00
|
|
|
}
|
2016-10-28 12:57:02 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// What does found and !shot mean - do we ever hit it?
|
|
|
|
|
if found && !shot {
|
|
|
|
|
return nil, nil, nil, ServerFailure
|
2016-10-27 21:01:04 +01:00
|
|
|
}
|
2016-10-28 12:57:02 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// Found entire name.
|
|
|
|
|
if found && shot {
|
|
|
|
|
|
2016-11-09 10:02:26 +00:00
|
|
|
// DNAME...
|
|
|
|
|
if rrs := elem.Types(dns.TypeCNAME); len(rrs) > 0 && qtype != dns.TypeCNAME {
|
|
|
|
|
return z.searchCNAME(elem, rrs, qtype, do)
|
2016-11-05 14:39:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rrs := elem.Types(qtype, qname)
|
|
|
|
|
|
|
|
|
|
// NODATA
|
|
|
|
|
if len(rrs) == 0 {
|
|
|
|
|
ret := z.soa(do)
|
|
|
|
|
if do {
|
|
|
|
|
nsec := z.typeFromElem(elem, dns.TypeNSEC, do)
|
|
|
|
|
ret = append(ret, nsec...)
|
2016-04-16 16:16:52 +01:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
return nil, ret, nil, NoData
|
2016-04-16 16:16:52 +01:00
|
|
|
}
|
2016-03-28 21:18:16 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
if do {
|
|
|
|
|
sigs := elem.Types(dns.TypeRRSIG)
|
|
|
|
|
sigs = signatureForSubType(sigs, qtype)
|
|
|
|
|
rrs = append(rrs, sigs...)
|
|
|
|
|
}
|
2016-03-27 07:37:23 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
return rrs, nil, nil, Success
|
2016-03-29 13:22:17 +00:00
|
|
|
|
2016-03-27 07:37:23 +01:00
|
|
|
}
|
2016-10-08 15:22:31 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// Haven't found the original name.
|
2016-03-27 07:37:23 +01:00
|
|
|
|
2016-11-06 08:32:07 +00:00
|
|
|
// Found wildcard.
|
2016-11-05 14:39:49 +00:00
|
|
|
if wildElem != nil {
|
2016-11-06 08:32:07 +00:00
|
|
|
auth := []dns.RR{}
|
2016-04-02 16:56:16 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
if rrs := wildElem.Types(dns.TypeCNAME, qname); len(rrs) > 0 {
|
2016-11-09 10:02:26 +00:00
|
|
|
return z.searchCNAME(wildElem, rrs, qtype, do)
|
2016-11-05 14:39:49 +00:00
|
|
|
}
|
2016-04-02 16:56:16 +01:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
rrs := wildElem.Types(qtype, qname)
|
2016-03-31 09:25:22 +00:00
|
|
|
|
2016-11-06 08:32:07 +00:00
|
|
|
// NODATA response.
|
2016-11-05 14:39:49 +00:00
|
|
|
if len(rrs) == 0 {
|
|
|
|
|
ret := z.soa(do)
|
2016-03-31 09:25:22 +00:00
|
|
|
if do {
|
2016-11-05 14:39:49 +00:00
|
|
|
nsec := z.typeFromElem(wildElem, dns.TypeNSEC, do)
|
|
|
|
|
ret = append(ret, nsec...)
|
2016-03-31 09:25:22 +00:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
return nil, ret, nil, Success
|
|
|
|
|
}
|
2016-11-06 08:32:07 +00:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
if do {
|
2016-11-06 08:32:07 +00:00
|
|
|
// An NSEC is needed to say no longer name exists under this wildcard.
|
|
|
|
|
if deny, found := z.Tree.Prev(qname); found {
|
|
|
|
|
nsec := z.typeFromElem(deny, dns.TypeNSEC, do)
|
|
|
|
|
auth = append(auth, nsec...)
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
sigs := wildElem.Types(dns.TypeRRSIG, qname)
|
|
|
|
|
sigs = signatureForSubType(sigs, qtype)
|
|
|
|
|
rrs = append(rrs, sigs...)
|
|
|
|
|
|
2016-03-31 09:25:22 +00:00
|
|
|
}
|
2016-11-06 08:32:07 +00:00
|
|
|
return rrs, auth, nil, Success
|
2016-03-31 09:25:22 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
rcode := NameError
|
|
|
|
|
|
|
|
|
|
// Hacky way to get around empty-non-terminals. If a longer name does exist, but this qname, does not, it
|
|
|
|
|
// must be an empty-non-terminal. If so, we do the proper NXDOMAIN handling, but the the rcode to be success.
|
|
|
|
|
if x, found := z.Tree.Next(qname); found {
|
|
|
|
|
if dns.IsSubDomain(qname, x.Name()) {
|
|
|
|
|
rcode = Success
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret := z.soa(do)
|
2016-03-28 21:18:16 +01:00
|
|
|
if do {
|
2016-11-05 14:39:49 +00:00
|
|
|
deny, found := z.Tree.Prev(qname)
|
|
|
|
|
nsec := z.typeFromElem(deny, dns.TypeNSEC, do)
|
|
|
|
|
ret = append(ret, nsec...)
|
|
|
|
|
|
|
|
|
|
if rcode != NameError {
|
|
|
|
|
goto Out
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ce, found := z.ClosestEncloser(qname)
|
|
|
|
|
|
|
|
|
|
// wildcard denial only for NXDOMAIN
|
|
|
|
|
if found {
|
|
|
|
|
// wildcard denial
|
|
|
|
|
wildcard := "*." + ce.Name()
|
|
|
|
|
if ss, found := z.Tree.Prev(wildcard); found {
|
|
|
|
|
// Only add this nsec if it is different than the one already added
|
|
|
|
|
if ss.Name() != deny.Name() {
|
|
|
|
|
nsec := z.typeFromElem(ss, dns.TypeNSEC, do)
|
|
|
|
|
ret = append(ret, nsec...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-28 21:18:16 +01:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
Out:
|
|
|
|
|
return nil, ret, nil, rcode
|
2016-03-29 08:17:45 +01:00
|
|
|
}
|
|
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// Return type tp from e and add signatures (if they exists) and do is true.
|
|
|
|
|
func (z *Zone) typeFromElem(elem *tree.Elem, tp uint16, do bool) []dns.RR {
|
|
|
|
|
rrs := elem.Types(tp)
|
2016-03-29 08:17:45 +01:00
|
|
|
if do {
|
2016-11-05 14:39:49 +00:00
|
|
|
sigs := elem.Types(dns.TypeRRSIG)
|
|
|
|
|
sigs = signatureForSubType(sigs, tp)
|
|
|
|
|
if len(sigs) > 0 {
|
|
|
|
|
rrs = append(rrs, sigs...)
|
|
|
|
|
}
|
2016-04-16 16:16:52 +01:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
return rrs
|
2016-04-16 16:16:52 +01:00
|
|
|
}
|
|
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
func (z *Zone) soa(do bool) []dns.RR {
|
2016-04-16 16:16:52 +01:00
|
|
|
if do {
|
2016-11-05 14:39:49 +00:00
|
|
|
ret := append([]dns.RR{z.Apex.SOA}, z.Apex.SIGSOA...)
|
|
|
|
|
return ret
|
2016-03-29 08:17:45 +01:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
return []dns.RR{z.Apex.SOA}
|
2016-03-29 08:17:45 +01:00
|
|
|
}
|
|
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
func (z *Zone) ns(do bool) []dns.RR {
|
2016-03-29 08:17:45 +01:00
|
|
|
if do {
|
2016-11-05 14:39:49 +00:00
|
|
|
ret := append(z.Apex.NS, z.Apex.SIGNS...)
|
|
|
|
|
return ret
|
2016-03-29 08:17:45 +01:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
return z.Apex.NS
|
2016-03-27 07:37:23 +01:00
|
|
|
}
|
|
|
|
|
|
2016-11-09 10:02:26 +00:00
|
|
|
func (z *Zone) searchCNAME(elem *tree.Elem, rrs []dns.RR, qtype uint16, do bool) ([]dns.RR, []dns.RR, []dns.RR, Result) {
|
|
|
|
|
if do {
|
|
|
|
|
sigs := elem.Types(dns.TypeRRSIG)
|
|
|
|
|
sigs = signatureForSubType(sigs, dns.TypeCNAME)
|
|
|
|
|
if len(sigs) > 0 {
|
|
|
|
|
rrs = append(rrs, sigs...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
elem, _ = z.Tree.Search(rrs[0].(*dns.CNAME).Target)
|
2016-03-28 21:18:16 +01:00
|
|
|
if elem == nil {
|
2016-03-29 08:17:45 +01:00
|
|
|
return rrs, nil, nil, Success
|
2016-03-28 21:18:16 +01:00
|
|
|
}
|
2016-10-08 15:22:31 +01:00
|
|
|
|
2016-11-09 10:02:26 +00:00
|
|
|
i := 0
|
|
|
|
|
|
|
|
|
|
Redo:
|
|
|
|
|
cname := elem.Types(dns.TypeCNAME)
|
|
|
|
|
if len(cname) > 0 {
|
|
|
|
|
rrs = append(rrs, cname...)
|
|
|
|
|
|
|
|
|
|
if do {
|
|
|
|
|
sigs := elem.Types(dns.TypeRRSIG)
|
|
|
|
|
sigs = signatureForSubType(sigs, dns.TypeCNAME)
|
|
|
|
|
if len(sigs) > 0 {
|
|
|
|
|
rrs = append(rrs, sigs...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
elem, _ = z.Tree.Search(cname[0].(*dns.CNAME).Target)
|
|
|
|
|
if elem == nil {
|
|
|
|
|
return rrs, nil, nil, Success
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i++
|
|
|
|
|
if i > maxChain {
|
|
|
|
|
return rrs, nil, nil, Success
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
goto Redo
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-16 17:55:11 +01:00
|
|
|
targets := cnameForType(elem.All(), qtype)
|
2016-11-09 10:02:26 +00:00
|
|
|
if len(targets) > 0 {
|
|
|
|
|
rrs = append(rrs, targets...)
|
|
|
|
|
|
|
|
|
|
if do {
|
|
|
|
|
sigs := elem.Types(dns.TypeRRSIG)
|
|
|
|
|
sigs = signatureForSubType(sigs, qtype)
|
|
|
|
|
if len(sigs) > 0 {
|
|
|
|
|
rrs = append(rrs, sigs...)
|
|
|
|
|
}
|
2016-03-28 21:18:16 +01:00
|
|
|
}
|
|
|
|
|
}
|
2016-11-09 10:02:26 +00:00
|
|
|
|
|
|
|
|
return rrs, nil, nil, Success
|
2016-03-28 21:18:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func cnameForType(targets []dns.RR, origQtype uint16) []dns.RR {
|
|
|
|
|
ret := []dns.RR{}
|
|
|
|
|
for _, target := range targets {
|
|
|
|
|
if target.Header().Rrtype == origQtype {
|
|
|
|
|
ret = append(ret, target)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ret
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// signatureForSubType range through the signature and return the correct ones for the subtype.
|
2016-03-28 21:18:16 +01:00
|
|
|
func signatureForSubType(rrs []dns.RR, subtype uint16) []dns.RR {
|
2016-03-27 07:37:23 +01:00
|
|
|
sigs := []dns.RR{}
|
|
|
|
|
for _, sig := range rrs {
|
|
|
|
|
if s, ok := sig.(*dns.RRSIG); ok {
|
|
|
|
|
if s.TypeCovered == subtype {
|
|
|
|
|
sigs = append(sigs, s)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return sigs
|
|
|
|
|
}
|
2016-03-31 09:25:22 +00:00
|
|
|
|
2016-11-05 14:39:49 +00:00
|
|
|
// Glue returns any potential glue records for nsrrs.
|
|
|
|
|
func (z *Zone) Glue(nsrrs []dns.RR) []dns.RR {
|
|
|
|
|
glue := []dns.RR{}
|
2016-11-06 08:32:07 +00:00
|
|
|
for _, rr := range nsrrs {
|
|
|
|
|
if ns, ok := rr.(*dns.NS); ok && dns.IsSubDomain(ns.Header().Name, ns.Ns) {
|
|
|
|
|
glue = append(glue, z.searchGlue(ns.Ns)...)
|
2016-11-05 14:39:49 +00:00
|
|
|
}
|
2016-03-31 09:25:22 +00:00
|
|
|
}
|
2016-11-05 14:39:49 +00:00
|
|
|
return glue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// searchGlue looks up A and AAAA for name.
|
|
|
|
|
func (z *Zone) searchGlue(name string) []dns.RR {
|
|
|
|
|
glue := []dns.RR{}
|
|
|
|
|
|
|
|
|
|
// A
|
|
|
|
|
if elem, found := z.Tree.Search(name); found {
|
|
|
|
|
glue = append(glue, elem.Types(dns.TypeA)...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AAAA
|
|
|
|
|
if elem, found := z.Tree.Search(name); found {
|
|
|
|
|
glue = append(glue, elem.Types(dns.TypeAAAA)...)
|
|
|
|
|
}
|
|
|
|
|
return glue
|
2016-03-31 09:25:22 +00:00
|
|
|
}
|
2016-11-09 10:02:26 +00:00
|
|
|
|
|
|
|
|
const maxChain = 8
|
