aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Miek Gieben <miek@miek.nl> 2016-04-14 07:33:03 +0100
committerGravatar Miek Gieben <miek@miek.nl> 2016-04-14 07:33:03 +0100
commiteb1f21bfff2d32858af632450a18d7f661ee0c3a (patch)
tree8840c6d54e5de707214479accff949de5fc62711
parentec343ce0ce994c95b9a9efbcf21f59d3784f17df (diff)
downloadcoredns-eb1f21bfff2d32858af632450a18d7f661ee0c3a.tar.gz
coredns-eb1f21bfff2d32858af632450a18d7f661ee0c3a.tar.zst
coredns-eb1f21bfff2d32858af632450a18d7f661ee0c3a.zip
Drop NSEC3 zone (#120)
Error out when parsing and transferring such a zone. If we would serve it we would give out the wrong answers, leading to (probably) validation failures... Fixes #114
Diffstat
-rw-r--r--middleware/file/file.go18
-rw-r--r--middleware/file/nsec3_test.go20
-rw-r--r--middleware/file/secondary.go21
3 files changed, 46 insertions, 13 deletions
diff --git a/middleware/file/file.go b/middleware/file/file.go
index a81858211..50ae3fd26 100644
--- a/middleware/file/file.go
+++ b/middleware/file/file.go
@@ -108,19 +108,25 @@ func Parse(f io.Reader, origin, fileName string) (*Zone, error) {
z := NewZone(origin)
for x := range tokens {
if x.Error != nil {
- log.Printf("[ERROR] Failed to parse %s: %v", origin, x.Error)
+ log.Printf("[ERROR] Failed to parse `%s': %v", origin, x.Error)
return nil, x.Error
}
- if x.RR.Header().Rrtype == dns.TypeSOA {
+ switch h := x.RR.Header().Rrtype; h {
+ case dns.TypeSOA:
z.SOA = x.RR.(*dns.SOA)
- continue
- }
- if x.RR.Header().Rrtype == dns.TypeRRSIG {
+ case dns.TypeNSEC3, dns.TypeNSEC3PARAM:
+ err := fmt.Errorf("NSEC3 zone is not supported, dropping")
+ log.Printf("[ERROR] Failed to parse `%s': %v", origin, err)
+ return nil, err
+ case dns.TypeRRSIG:
if x, ok := x.RR.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA {
z.SIG = append(z.SIG, x)
+ continue
}
+ fallthrough
+ default:
+ z.Insert(x.RR)
}
- z.Insert(x.RR)
}
return z, nil
}
diff --git a/middleware/file/nsec3_test.go b/middleware/file/nsec3_test.go
new file mode 100644
index 000000000..1e1e68700
--- /dev/null
+++ b/middleware/file/nsec3_test.go
@@ -0,0 +1,20 @@
+package file
+
+import (
+ "strings"
+ "testing"
+)
+
+func TestParseNSEC3(t *testing.T) {
+ _, err := Parse(strings.NewReader(nsec3_test), "miek.nl", "stdin")
+ if err == nil {
+ t.Fatalf("expected error when reading zone, got nothing")
+ }
+}
+
+const nsec3_test = `miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1460175181 14400 3600 604800 14400
+miek.nl. 1800 IN NS omval.tednet.nl.
+miek.nl. 1800 IN NS linode.atoom.net.
+miek.nl. 1800 IN NS ext.ns.whyscream.net.
+miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl.
+miek.nl. 0 IN NSEC3PARAM 1 0 5 A3DEBC9CC4F695C7`
diff --git a/middleware/file/secondary.go b/middleware/file/secondary.go
index 66b1daa98..9b3886a36 100644
--- a/middleware/file/secondary.go
+++ b/middleware/file/secondary.go
@@ -1,6 +1,7 @@
package file
import (
+ "fmt"
"log"
"time"
@@ -28,27 +29,33 @@ Transfer:
t := new(dns.Transfer)
c, err := t.In(m, tr)
if err != nil {
- log.Printf("[ERROR] Failed to setup transfer %s with %s: %v", z.name, tr, err)
+ log.Printf("[ERROR] Failed to setup transfer `%s' with `%s': %v", z.name, tr, err)
Err = err
continue Transfer
}
for env := range c {
if env.Error != nil {
- log.Printf("[ERROR] Failed to parse transfer %s: %v", z.name, env.Error)
+ log.Printf("[ERROR] Failed to parse transfer `%s': %v", z.name, env.Error)
Err = env.Error
continue Transfer
}
for _, rr := range env.RR {
- if rr.Header().Rrtype == dns.TypeSOA {
+ switch h := rr.Header().Rrtype; h {
+ case dns.TypeSOA:
z1.SOA = rr.(*dns.SOA)
- continue
- }
- if rr.Header().Rrtype == dns.TypeRRSIG {
+ case dns.TypeNSEC3, dns.TypeNSEC3PARAM:
+ err := fmt.Errorf("NSEC3 zone is not supported, dropping")
+ log.Printf("[ERROR] Failed to parse transfer `%s': %v", z.name, err)
+ return err
+ case dns.TypeRRSIG:
if x, ok := rr.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA {
z1.SIG = append(z1.SIG, x)
+ continue
}
+ fallthrough
+ default:
+ z1.Insert(rr)
}
- z1.Insert(rr)
}
}
Err = nil
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-30 04:19:50 +0000