Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-04-05 11:45:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Core: Propagate TSIG status in DoQ transport (#7947)

Browse Source 
This PR nsure DoQ writer preserves and returns TSIG verification status, preventing authentication bypass on DNS-over-QUIC.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang
2026-03-20 13:08:19 -07:00
committed by GitHub
parent 68a8f46129
commit e8db7e155e
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/dnsserver/quic.go
View File

@@ -14,6 +14,7 @@ type DoQWriter struct {
remoteAddr net.Addr
stream *quic.Stream
Msg *dns.Msg
tsigStatus error
}
func (w *DoQWriter) Write(b []byte) (int, error) {
@@ -61,7 +62,7 @@ func AddPrefix(b []byte) (m []byte) {
// These methods implement the dns.ResponseWriter interface from Go DNS.
func (w *DoQWriter) TsigStatus() error { return nil }
func (w *DoQWriter) TsigStatus() error { return w.tsigStatus }
func (w *DoQWriter) TsigTimersOnly(b bool) {}
func (w *DoQWriter) Hijack() {}
func (w *DoQWriter) LocalAddr() net.Addr { return w.localAddr }