diff options
| author |  Patrick W. Healy <phealy@phealy.com>
| 2022-05-06 14:34:12 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-05-06 15:34:12 -0400 |
| commit | a5b9749462a9717c8920dba095f242611c61a989 (patch) | |
| tree | 50739254f7e4001aff37ed3c1c0adbd4fd9afed1 | |
| parent | 7a7b0a2b9b4090a308828f7d1780475614320b44 (diff) | |
| download | coredns-a5b9749462a9717c8920dba095f242611c61a989.tar.gz coredns-a5b9749462a9717c8920dba095f242611c61a989.tar.zst coredns-a5b9749462a9717c8920dba095f242611c61a989.zip | |
Don't add OPT RR to non-EDNS0 queries (#5368)
* Don't add OPT RR to non-EDNS0 queries
Signed-off-by: Patrick W. Healy <phealy@phealy.com>
Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com>
* Update plugin/bufsize/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
| -rw-r--r-- | plugin/bufsize/README.md | 2 | ||||
| -rw-r--r-- | plugin/bufsize/bufsize.go | 3 | ||||
| -rw-r--r-- | plugin/bufsize/bufsize_test.go | 10 |
3 files changed, 10 insertions, 5 deletions
diff --git a/plugin/bufsize/README.md b/plugin/bufsize/README.md index 6353307a9..56a9dddfc 100644 --- a/plugin/bufsize/README.md +++ b/plugin/bufsize/README.md @@ -5,6 +5,7 @@ ## Description *bufsize* limits a requester's UDP payload size. It prevents IP fragmentation, mitigating certain DNS vulnerabilities. +This will only affect queries that have an OPT RR. ## Syntax ```txt @@ -36,4 +37,3 @@ Enable limiting the buffer size as an authoritative nameserver: ## Considerations - Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links. -- For now, if a client does not use EDNS, this plugin adds OPT RR. diff --git a/plugin/bufsize/bufsize.go b/plugin/bufsize/bufsize.go index 1522be894..f3c228d07 100644 --- a/plugin/bufsize/bufsize.go +++ b/plugin/bufsize/bufsize.go @@ -19,9 +19,6 @@ type Bufsize struct { func (buf Bufsize) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { if option := r.IsEdns0(); option != nil { option.SetUDPSize(uint16(buf.Size)) - } else { - // If a client does not use EDNS, add it - r.SetEdns0(uint16(buf.Size), false) } return plugin.NextOrFailure(buf.Name(), buf.Next, ctx, w, r) diff --git a/plugin/bufsize/bufsize_test.go b/plugin/bufsize/bufsize_test.go index 3d714d2f1..45fef84e7 100644 --- a/plugin/bufsize/bufsize_test.go +++ b/plugin/bufsize/bufsize_test.go @@ -31,7 +31,7 @@ func TestBufsize(t *testing.T) { outgoingBufsize: 512, expectedErr: nil, }, - // If EDNS is not enabled, this plugin adds it + // If EDNS is not enabled, this plugin should not add it { next: whoami.Whoami{}, qname: ".", @@ -68,5 +68,13 @@ func TestBufsize(t *testing.T) { } } } + + if tc.inputBufsize == 0 { + for _, extra := range req.Extra { + if _, ok := extra.(*dns.OPT); ok { + t.Errorf("Test %d: Found OPT RR on reply to query with no OPT RR.", i) + } + } + } } } |