diff options
| author |  Chris O'Haver <cohaver@infoblox.com>
| 2021-05-20 03:24:36 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-05-20 09:24:36 +0200 |
| commit | 0348b019be984a5e21c40d00d37da2bbcc7d1b20 (patch) | |
| tree | 7d17b68714b531901e896217dfe7ea15f5dd8e82 | |
| parent | 5d80a6e21e415262a4753760032f4d8fdc8d1216 (diff) | |
| download | coredns-0348b019be984a5e21c40d00d37da2bbcc7d1b20.tar.gz coredns-0348b019be984a5e21c40d00d37da2bbcc7d1b20.tar.zst coredns-0348b019be984a5e21c40d00d37da2bbcc7d1b20.zip | |
plugin/forward: Document and warn for unsupported FROM CIDR notations (#4639)
* trap unsupported FROM cidr notations
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* make is a warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
| -rw-r--r-- | plugin/forward/README.md | 3 | ||||
| -rw-r--r-- | plugin/forward/setup.go | 5 | ||||
| -rw-r--r-- | plugin/forward/setup_test.go | 3 |
3 files changed, 9 insertions, 2 deletions
diff --git a/plugin/forward/README.md b/plugin/forward/README.md index 7daecf428..8bc0e2c8b 100644 --- a/plugin/forward/README.md +++ b/plugin/forward/README.md @@ -29,7 +29,8 @@ In its most basic form, a simple forwarder uses this syntax: forward FROM TO... ~~~ -* **FROM** is the base domain to match for the request to be forwarded. +* **FROM** is the base domain to match for the request to be forwarded. Domains using CIDR notation + that expand to multiple reverse zones are not fully supported; only the first expanded zone is used. * **TO...** are the destination endpoints to forward to. The **TO** syntax allows you to specify a protocol, `tls://9.9.9.9` or `dns://` (or no protocol) for plain DNS. The number of upstreams is limited to 15. diff --git a/plugin/forward/setup.go b/plugin/forward/setup.go index b183044a8..657d5afd4 100644 --- a/plugin/forward/setup.go +++ b/plugin/forward/setup.go @@ -92,8 +92,13 @@ func parseStanza(c *caddy.Controller) (*Forward, error) { if !c.Args(&f.from) { return f, c.ArgErr() } + origFrom := f.from f.from = plugin.Host(f.from).Normalize()[0] // there can only be one here, won't work with non-octet reverse + if len(f.from) > 1 { + log.Warningf("Unsupported CIDR notation: '%s' expands to multiple zones. Using only '%s'.", origFrom, f.from) + } + to := c.RemainingArgs() if len(to) == 0 { return f, c.ArgErr() diff --git a/plugin/forward/setup_test.go b/plugin/forward/setup_test.go index ac62f2fa8..6e1b6c06a 100644 --- a/plugin/forward/setup_test.go +++ b/plugin/forward/setup_test.go @@ -32,6 +32,7 @@ func TestSetup(t *testing.T) { {"forward . [::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . [2003::1]:53", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, {"forward . 127.0.0.1 \n", false, ".", nil, 2, options{hcRecursionDesired: true}, ""}, + {"forward 10.9.3.0/18 127.0.0.1", false, "0.9.10.in-addr.arpa.", nil, 2, options{hcRecursionDesired: true}, ""}, // negative {"forward . a27.0.0.1", true, "", nil, 0, options{hcRecursionDesired: true}, "not an IP"}, {"forward . 127.0.0.1 {\nblaatl\n}\n", true, "", nil, 0, options{hcRecursionDesired: true}, "unknown property"}, @@ -50,7 +51,7 @@ func TestSetup(t *testing.T) { if err != nil { if !test.shouldErr { - t.Errorf("Test %d: expected no error but found one for input %s, got: %v", i, test.input, err) + t.Fatalf("Test %d: expected no error but found one for input %s, got: %v", i, test.input, err) } if !strings.Contains(err.Error(), test.expectedErr) { |