plugin/rewrite: Write failures with ResponseReverter (#5150)

* write failures with ResponseReverter instead of letting server write them Signed-off-by: Chris O'Haver <cohaver@infoblox.com> * fix comment Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
2025-10-27 08:14:18 -04:00 · 2022-02-01 16:54:06 -05:00
parent 49ee97994e
commit 911891f485
2 changed files with 39 additions and 1 deletions
--- a/plugin/rewrite/rewrite.go
+++ b/plugin/rewrite/rewrite.go
@@ -57,7 +57,17 @@ func (rw Rewrite) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg
 				if !rw.RevertPolicy.DoRevert() {
 					return plugin.NextOrFailure(rw.Name(), rw.Next, ctx, w, r)
 				}
-				return plugin.NextOrFailure(rw.Name(), rw.Next, ctx, wr, r)
+				rcode, err := plugin.NextOrFailure(rw.Name(), rw.Next, ctx, wr, r)
+				if plugin.ClientWrite(rcode) {
+					return rcode, err
+				}
+				// The next plugins didn't write a response, so write one now with the ResponseReverter.
+				// If server.ServeDNS does this then it will create an answer mismatch.
+				res := new(dns.Msg).SetRcode(r, rcode)
+				state.SizeAndDo(res)
+				wr.WriteMsg(res)
+				// return success, so server does not write a second error response to client
+				return dns.RcodeSuccess, err
 			}
 		}
 	}