fix(forward): disallow NOERROR in failover (#7622)

Previously the parsing logic in the forward plugin setup failed to recognise when NOERROR was used as a failover RCODE criteria. The check was in the wrong code branch. This PR fixes it and adds validation tests. Also updates the plugin README. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-10-31 10:13:14 -04:00 · 2025-10-17 14:37:02 +03:00
parent 38c020941b
commit f4ab631ae4
3 changed files with 42 additions and 9 deletions
--- a/plugin/forward/setup_test.go
+++ b/plugin/forward/setup_test.go
@@ -503,3 +503,39 @@ func TestFailover(t *testing.T) {
 		}
 	}
 }
+
+func TestFailoverValidation(t *testing.T) {
+	cases := []struct {
+		name      string
+		input     string
+		wantError string
+	}{
+		{
+			name: "NoErrorDisallowed",
+			input: `forward . 127.0.0.1 {
+		failover NOERROR
+	}`,
+			wantError: "NoError cannot be used in failover",
+		},
+		{
+			name: "InvalidRcode",
+			input: `forward . 127.0.0.1 {
+		failover NOT_A_VALID_RCODE
+	}`,
+			wantError: "not a valid rcode",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			c := caddy.NewTestController("dns", tc.input)
+			_, err := parseForward(c)
+			if err == nil {
+				t.Fatalf("expected error for %s, got nil", tc.name)
+			}
+			if !strings.Contains(err.Error(), tc.wantError) {
+				t.Fatalf("expected error to contain %q, got: %v", tc.wantError, err)
+			}
+		})
+	}
+}