middleware/file: add DNSSEC support (#697)

* middleware/file: add DNSSEC support Add tests for DNSSEC and check if everything is working. * add signatures * tweak * Add DNSSEC signing tests for DNAME * Just sign it all
2025-10-31 02:03:20 -04:00 · 2017-06-02 17:18:58 +01:00
parent d684dedfd3
commit 7be066e4de
4 changed files with 207 additions and 2 deletions
--- a/middleware/file/lookup.go
+++ b/middleware/file/lookup.go
@@ -105,14 +105,20 @@ func (z *Zone) Lookup(state request.Request, qname string) ([]dns.RR, []dns.RR,

 		// If we see DNAME records, we should return those.
 		if dnamerrs := elem.Types(dns.TypeDNAME); dnamerrs != nil {
-			// Only one DNAME is allowed per name. We just pick the first one.
+			// Only one DNAME is allowed per name. We just pick the first one to synthesize from.
 			dname := dnamerrs[0]
 			if cname := synthesizeCNAME(state.Name(), dname.(*dns.DNAME)); cname != nil {
 				answer, ns, extra, rcode := z.searchCNAME(state, elem, []dns.RR{cname})

+				if do {
+					sigs := elem.Types(dns.TypeRRSIG)
+					sigs = signatureForSubType(sigs, dns.TypeDNAME)
+					dnamerrs = append(dnamerrs, sigs...)
+				}
+
 				// The relevant DNAME RR should be included in the answer section,
 				// if the DNAME is being employed as a substitution instruction.
-				answer = append([]dns.RR{dname}, answer...)
+				answer = append(dnamerrs, answer...)

 				return answer, ns, extra, rcode
 			}