Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-27 16:24:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix dns-01-003 (#1634)

Browse Source 
* plugin/{cache,forward,proxy}: don't allow responses that are bogus

Responses that are not matching what we've been querying for should be
dropped. They are converted into FormErrs by forward and proxy; as a 2nd
backstop cache will also not cache these.

* plug

* add explicit test
This commit is contained in:
Miek Gieben
2018-03-25 17:11:10 +01:00
committed by GitHub
parent 91413c25e1
commit 5616fcb175
7 changed files with 102 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
plugin/cache/cache.go vendored
View File

@@ -10,6 +10,7 @@ import (
"github.com/coredns/coredns/plugin"
"github.com/coredns/coredns/plugin/pkg/cache"
"github.com/coredns/coredns/plugin/pkg/response"
"github.com/coredns/coredns/request"
"github.com/miekg/dns"
)
@@ -102,6 +103,7 @@ func hash(qname string, qtype uint16, do bool) uint32 {
type ResponseWriter struct {
dns.ResponseWriter
*Cache
state request.Request
prefetch bool // When true write nothing back to the client.
}
@@ -128,10 +130,15 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
}
if key != -1 && duration > 0 {
w.set(res, key, mt, duration)
cacheSize.WithLabelValues(Success).Set(float64(w.pcache.Len()))
cacheSize.WithLabelValues(Denial).Set(float64(w.ncache.Len()))
if w.state.Match(res) {
w.set(res, key, mt, duration)
cacheSize.WithLabelValues(Success).Set(float64(w.pcache.Len()))
cacheSize.WithLabelValues(Denial).Set(float64(w.ncache.Len()))
} else {
// Don't log it, but increment counter
cacheDrops.Inc()
}
}
if w.prefetch {