Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-11-01 02:33:14 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix dns-01-003 (#1634)

Browse Source 
* plugin/{cache,forward,proxy}: don't allow responses that are bogus

Responses that are not matching what we've been querying for should be
dropped. They are converted into FormErrs by forward and proxy; as a 2nd
backstop cache will also not cache these.

* plug

* add explicit test
This commit is contained in:
Miek Gieben
2018-03-25 17:11:10 +01:00
committed by GitHub
parent 91413c25e1
commit 5616fcb175
7 changed files with 102 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugin/proxy/proxy.go
View File

@@ -100,6 +100,14 @@ func (p Proxy) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (
taperr := toDnstap(ctx, host.Name, upstream.Exchanger(), state, reply, start)
if backendErr == nil {
// Check if the reply is correct; if not return FormErr.
if !state.Match(reply) {
formerr := state.ErrorMessage(dns.RcodeFormatError)
w.WriteMsg(formerr)
return 0, taperr
}
w.WriteMsg(reply)
RequestDuration.WithLabelValues(state.Proto(), upstream.Exchanger().Protocol(), familyToString(state.Family()), host.Name).Observe(time.Since(start).Seconds())