Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-28 00:34:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix dns-01-003 (#1634)

Browse Source 
* plugin/{cache,forward,proxy}: don't allow responses that are bogus

Responses that are not matching what we've been querying for should be
dropped. They are converted into FormErrs by forward and proxy; as a 2nd
backstop cache will also not cache these.

* plug

* add explicit test
This commit is contained in:
Miek Gieben
2018-03-25 17:11:10 +01:00
committed by GitHub
parent 91413c25e1
commit 5616fcb175
7 changed files with 102 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugin/forward/forward.go
View File

@@ -119,6 +119,13 @@ func (f *Forward) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
break
}
// Check if the reply is correct; if not return FormErr.
if !state.Match(ret) {
formerr := state.ErrorMessage(dns.RcodeFormatError)
w.WriteMsg(formerr)
return 0, nil
}
ret.Compress = true
// When using force_tcp the upstream can send a message that is too big for
// the udp buffer, hence we need to truncate the message to at least make it