Fix dns-01-003 (#1634)

* plugin/{cache,forward,proxy}: don't allow responses that are bogus Responses that are not matching what we've been querying for should be dropped. They are converted into FormErrs by forward and proxy; as a 2nd backstop cache will also not cache these. * plug * add explicit test
2025-10-28 08:44:17 -04:00 · 2018-03-25 17:11:10 +01:00
parent 91413c25e1
commit 5616fcb175
7 changed files with 102 additions and 5 deletions
--- a/plugin/cache/handler.go
+++ b/plugin/cache/handler.go
@@ -46,7 +46,7 @@ func (c *Cache) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 					// When prefetching we loose the item i, and with it the frequency
 					// that we've gathered sofar. See we copy the frequencies info back
 					// into the new item that was stored in the cache.
-					prr := &ResponseWriter{ResponseWriter: w, Cache: c, prefetch: true}
+					prr := &ResponseWriter{ResponseWriter: w, Cache: c, prefetch: true, state: state}
 					plugin.NextOrFailure(c.Name(), c.Next, ctx, prr, r)

 					if i1 := c.exists(qname, qtype, do); i1 != nil {
@@ -58,7 +58,7 @@ func (c *Cache) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg)
 		return dns.RcodeSuccess, nil
 	}

-	crr := &ResponseWriter{ResponseWriter: w, Cache: c}
+	crr := &ResponseWriter{ResponseWriter: w, Cache: c, state: state}
 	return plugin.NextOrFailure(c.Name(), c.Next, ctx, crr, r)
 }

@@ -127,6 +127,13 @@ var (
 		Name:      "prefetch_total",
 		Help:      "The number of time the cache has prefetched a cached item.",
 	})
+
+	cacheDrops = prometheus.NewCounter(prometheus.CounterOpts{
+		Namespace: plugin.Namespace,
+		Subsystem: "cache",
+		Name:      "drops_total",
+		Help:      "The number responses that are not cached, because the reply is malformed.",
+	})
 )

 var once sync.Once