diff options
| author |  Jason Du <xdu@infoblox.com>
| 2021-05-17 13:21:08 -0700 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-05-17 13:21:08 -0700 |
| commit | fbf3f07f469a99fcbb5985a41c260a3fad26f908 (patch) | |
| tree | 0fa377dd26e555711be622e9f6da0f4278b8ebd2 /plugin/file/lookup.go | |
| parent | 5f41d8eb1f74621ada05968dd6b0d24f9ae742df (diff) | |
| download | coredns-fbf3f07f469a99fcbb5985a41c260a3fad26f908.tar.gz coredns-fbf3f07f469a99fcbb5985a41c260a3fad26f908.tar.zst coredns-fbf3f07f469a99fcbb5985a41c260a3fad26f908.zip | |
plugin/file: Fix in wrong answers returned when wildcard and concrete records exist (#4599)
* plugin/file: Fix in wrong answers returned when wildcard and concrete records exist
Signed-off-by: Jason Du <xdu@infoblox.com>
* Remove superfluous change
Signed-off-by: Jason Du <xdu@infoblox.com>
* Re-implementation and new test case
If the domain's terminal is neither the matching wildcard, nor a domian directly
under the wildcard, return NXDOMAIN
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix empty non-terminal & add test case
Signed-off-by: Jason Du <xdu@infoblox.com>
* Cleanup
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix case on domain name with character before * and add more test cases
Signed-off-by: Jason Du <xdu@infoblox.com>
* Use different IPs for records in cornerCasesWildcard zone file
Signed-off-by: Jason Du <xdu@infoblox.com>
Diffstat (limited to 'plugin/file/lookup.go')
| -rw-r--r-- | plugin/file/lookup.go | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/plugin/file/lookup.go b/plugin/file/lookup.go index 6eeb4c397..7b17698a4 100644 --- a/plugin/file/lookup.go +++ b/plugin/file/lookup.go @@ -56,10 +56,10 @@ func (z *Zone) Lookup(ctx context.Context, state request.Request, qname string) } var ( - found, shot bool - parts string - i int - elem, wildElem *tree.Elem + found, shot bool + parts string + i, maxLabelNum int + elem, wildElem, nextElem *tree.Elem ) loop, _ := ctx.Value(dnsserver.LoopKey{}).(int) @@ -92,6 +92,12 @@ func (z *Zone) Lookup(ctx context.Context, state request.Request, qname string) break } + if nextElem, found = tr.Next(parts); found { + if dns.IsSubDomain(parts, nextElem.Name()) { + maxLabelNum = z.origLen + i + } + } + elem, found = tr.Search(parts) if !found { // Apex will always be found, when we are here we can search for a wildcard @@ -201,8 +207,18 @@ func (z *Zone) Lookup(ctx context.Context, state request.Request, qname string) // Found wildcard. if wildElem != nil { - auth := ap.ns(do) + // if the domain's longest matching parent domain is subdomain of the wildcard, + // in other words, the domainās max number of labels matched is >= number of labels of the wildcard + if maxLabelNum >= dns.CountLabel(wildElem.Name()) { + ret := ap.soa(do) + if do { + nsec := typeFromElem(wildElem, dns.TypeNSEC, do) + ret = append(ret, nsec...) + } + return nil, ret, nil, NameError + } + auth := ap.ns(do) if rrs := wildElem.TypeForWildcard(dns.TypeCNAME, qname); len(rrs) > 0 { ctx = context.WithValue(ctx, dnsserver.LoopKey{}, loop+1) return z.externalLookup(ctx, state, wildElem, rrs) |