plugin/file/auto: Write CNAME answer to client even if target lookup is SERVFAIL (#4863)

* write cname answer to client even if target lookup is servfail

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>

* fix existing unit test expectations

Signed-off-by: Chris O'Haver <cohaver@infoblox.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/plugin/file/file.go b/plugin/file/file.go
index 0834ddc4d..f50c3d091 100644
--- a/plugin/file/file.go
+++ b/plugin/file/file.go
@@ -99,7 +99,14 @@ func (f File) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (i
 	case Delegation:
 		m.Authoritative = false
 	case ServerFailure:
-		return dns.RcodeServerFailure, nil
+		// If the result is SERVFAIL and the answer is non-empty, then the SERVFAIL came from an
+		// external CNAME lookup and the answer contains the CNAME with no target record. We should
+		// write the CNAME record to the client instead of sending an empty SERVFAIL response.
+		if len(m.Answer) == 0 {
+			return dns.RcodeServerFailure, nil
+		}
+		//  The rcode in the response should be the rcode received from the target lookup. RFC 6604 section 3
+		m.Rcode = dns.RcodeServerFailure
 	}
 
 	w.WriteMsg(m)