Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-27 08:14:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

Drop NSEC3 zone (#120)

Browse Source 
Error out when parsing and transferring such a zone. If we would serve
it we would give out the wrong answers, leading to (probably) validation
failures...

Fixes #114
This commit is contained in:
Miek Gieben
2016-04-14 07:33:03 +01:00
parent ec343ce0ce
commit eb1f21bfff
3 changed files with 46 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
middleware/file/file.go
View File

@@ -108,19 +108,25 @@ func Parse(f io.Reader, origin, fileName string) (*Zone, error) {
z := NewZone(origin) z := NewZone(origin)
for x := range tokens { for x := range tokens {
if x.Error != nil { if x.Error != nil {
log.Printf("[ERROR] Failed to parse %s: %v", origin, x.Error) log.Printf("[ERROR] Failed to parse `%s': %v", origin, x.Error)
return nil, x.Error return nil, x.Error
} }
if x.RR.Header().Rrtype == dns.TypeSOA { switch h := x.RR.Header().Rrtype; h {
case dns.TypeSOA:
z.SOA = x.RR.(*dns.SOA) z.SOA = x.RR.(*dns.SOA)
continue case dns.TypeNSEC3, dns.TypeNSEC3PARAM:
} err := fmt.Errorf("NSEC3 zone is not supported, dropping")
if x.RR.Header().Rrtype == dns.TypeRRSIG { log.Printf("[ERROR] Failed to parse `%s': %v", origin, err)
return nil, err
case dns.TypeRRSIG:
if x, ok := x.RR.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA { if x, ok := x.RR.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA {
z.SIG = append(z.SIG, x) z.SIG = append(z.SIG, x)
continue
} }
fallthrough
default:
z.Insert(x.RR)
} }
z.Insert(x.RR)
} }
return z, nil return z, nil
} }

20
middleware/file/nsec3_test.go Normal file
View File

@@ -0,0 +1,20 @@
package file
import (
"strings"
"testing"
)
func TestParseNSEC3(t *testing.T) {
_, err := Parse(strings.NewReader(nsec3_test), "miek.nl", "stdin")
if err == nil {
t.Fatalf("expected error when reading zone, got nothing")
}
}
const nsec3_test = `miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1460175181 14400 3600 604800 14400
miek.nl. 1800 IN NS omval.tednet.nl.
miek.nl. 1800 IN NS linode.atoom.net.
miek.nl. 1800 IN NS ext.ns.whyscream.net.
miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl.
miek.nl. 0 IN NSEC3PARAM 1 0 5 A3DEBC9CC4F695C7`

21
middleware/file/secondary.go
View File

@@ -1,6 +1,7 @@
package file package file
import ( import (
"fmt"
"log" "log"
"time" "time"
@@ -28,27 +29,33 @@ Transfer:
t := new(dns.Transfer) t := new(dns.Transfer)
c, err := t.In(m, tr) c, err := t.In(m, tr)
if err != nil { if err != nil {
log.Printf("[ERROR] Failed to setup transfer %s with %s: %v", z.name, tr, err) log.Printf("[ERROR] Failed to setup transfer `%s' with `%s': %v", z.name, tr, err)
Err = err Err = err
continue Transfer continue Transfer
} }
for env := range c { for env := range c {
if env.Error != nil { if env.Error != nil {
log.Printf("[ERROR] Failed to parse transfer %s: %v", z.name, env.Error) log.Printf("[ERROR] Failed to parse transfer `%s': %v", z.name, env.Error)
Err = env.Error Err = env.Error
continue Transfer continue Transfer
} }
for _, rr := range env.RR { for _, rr := range env.RR {
if rr.Header().Rrtype == dns.TypeSOA { switch h := rr.Header().Rrtype; h {
case dns.TypeSOA:
z1.SOA = rr.(*dns.SOA) z1.SOA = rr.(*dns.SOA)
continue case dns.TypeNSEC3, dns.TypeNSEC3PARAM:
} err := fmt.Errorf("NSEC3 zone is not supported, dropping")
if rr.Header().Rrtype == dns.TypeRRSIG { log.Printf("[ERROR] Failed to parse transfer `%s': %v", z.name, err)
return err
case dns.TypeRRSIG:
if x, ok := rr.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA { if x, ok := rr.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA {
z1.SIG = append(z1.SIG, x) z1.SIG = append(z1.SIG, x)
continue
} }
fallthrough
default:
z1.Insert(rr)
} }
z1.Insert(rr)
} }
} }
Err = nil Err = nil