Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-29 17:24:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fork TLSConfig for each encrypted connection (#5710)

Browse Source 
* Fork TLSConfig for each encrypted connection

Signed-off-by: sanyo <sanyo0714@163.com>
Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com>
This commit is contained in:
sanyo0714
2022-10-29 00:55:41 +08:00
committed by GitHub
parent 575825a156
commit 9497644505
2 changed files with 52 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/dnsserver/register.go
View File

@@ -147,7 +147,9 @@ func (h *dnsContext) MakeServers() ([]caddy.Server, error) {
c.ListenHosts = c.firstConfigInBlock.ListenHosts c.ListenHosts = c.firstConfigInBlock.ListenHosts
c.Debug = c.firstConfigInBlock.Debug c.Debug = c.firstConfigInBlock.Debug
c.Stacktrace = c.firstConfigInBlock.Stacktrace c.Stacktrace = c.firstConfigInBlock.Stacktrace
c.TLSConfig = c.firstConfigInBlock.TLSConfig
// Fork TLSConfig for each encrypted connection
c.TLSConfig = c.firstConfigInBlock.TLSConfig.Clone()
c.TsigSecret = c.firstConfigInBlock.TsigSecret c.TsigSecret = c.firstConfigInBlock.TsigSecret
} }

41
test/tls_test.go
View File

@@ -2,33 +2,52 @@ package test
import ( import (
"crypto/tls" "crypto/tls"
"fmt"
"testing" "testing"
"github.com/miekg/dns" "github.com/miekg/dns"
) )
func TestDNSoverTLS(t *testing.T) { func TestTLS(t *testing.T) {
corefile := `tls://.:1053 { tempCorefile := `%s {
tls ../plugin/tls/test_cert.pem ../plugin/tls/test_key.pem tls ../plugin/tls/test_cert.pem ../plugin/tls/test_key.pem
whoami whoami
}` }`
qname := "example.com."
qtype := dns.TypeA dot, doh := ":1053", ":8443"
m := new(dns.Msg)
m.SetQuestion("example.com.", dns.TypeA)
answerLength := 0 answerLength := 0
ex, _, tcp, err := CoreDNSServerAndPorts(corefile) tests := []struct {
server string
tlsConfig *tls.Config
}{
{fmt.Sprintf("tls://.%s", dot),
&tls.Config{InsecureSkipVerify: true},
},
{fmt.Sprintf("tls://.%s", dot),
&tls.Config{InsecureSkipVerify: true, NextProtos: []string{"dot"}},
},
{fmt.Sprintf("tls://.%s https://.%s", dot, doh),
&tls.Config{InsecureSkipVerify: true},
},
{fmt.Sprintf("tls://.%s https://.%s", dot, doh),
&tls.Config{InsecureSkipVerify: true, NextProtos: []string{"dot"}},
},
}
for _, tc := range tests {
ex, _, _, err := CoreDNSServerAndPorts(fmt.Sprintf(tempCorefile, tc.server))
if err != nil { if err != nil {
t.Fatalf("Could not get CoreDNS serving instance: %s", err) t.Fatalf("Could not get CoreDNS serving instance: %s", err)
} }
defer ex.Stop()
m := new(dns.Msg)
m.SetQuestion(qname, qtype)
client := dns.Client{ client := dns.Client{
Net: "tcp-tls", Net: "tcp-tls",
TLSConfig: &tls.Config{InsecureSkipVerify: true}, TLSConfig: tc.tlsConfig,
} }
r, _, err := client.Exchange(m, tcp) r, _, err := client.Exchange(m, dot)
if err != nil { if err != nil {
t.Fatalf("Could not exchange msg: %s", err) t.Fatalf("Could not exchange msg: %s", err)
@@ -43,4 +62,6 @@ func TestDNSoverTLS(t *testing.T) {
if r.Rcode != dns.RcodeSuccess { if r.Rcode != dns.RcodeSuccess {
t.Errorf("Expected success but got %d", r.Rcode) t.Errorf("Expected success but got %d", r.Rcode)
} }
ex.Stop()
}
} }