diff options
| author |  Miek Gieben <miek@miek.nl>
| 2019-08-26 08:14:43 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2019-08-26 08:14:43 +0000 |
| commit | d65cd709cd1a1dff69c8f83dff8038087191f29c (patch) | |
| tree | f6a0648e5555aed80e8d69535f6b92480bca27c2 /plugin/file/xfr.go | |
| parent | e08d3335b0014e5fa9ef6ff239ca3f4d2122f658 (diff) | |
| download | coredns-d65cd709cd1a1dff69c8f83dff8038087191f29c.tar.gz coredns-d65cd709cd1a1dff69c8f83dff8038087191f29c.tar.zst coredns-d65cd709cd1a1dff69c8f83dff8038087191f29c.zip | |
plugin/file: respond correctly to IXFR message (#3177)
* plugin/file: respond correctly to IXFR message
Respond with a sing SOA record to an IXFR request if the SOA serials
match.
The added test fails on the current code with:
~~~
=== RUN TestIxfrResponse
--- FAIL: TestIxfrResponse (0.00s)
secondary_test.go:122: Expected answer section with single RR
FAIL
exit status 1
~~~
And obviously passes with the new code. This should cut down on the
weird number of zone transfers that I was seeing. At some point IXFR
support might be cool.
Fixes: #3176
Signed-off-by: Miek Gieben <miek@miek.nl>
* reuse code
Signed-off-by: Miek Gieben <miek@miek.nl>
* Sligtht tweaks
Signed-off-by: Miek Gieben <miek@miek.nl>
Diffstat (limited to 'plugin/file/xfr.go')
| -rw-r--r-- | plugin/file/xfr.go | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/plugin/file/xfr.go b/plugin/file/xfr.go index b2dbd1458..f5f803d11 100644 --- a/plugin/file/xfr.go +++ b/plugin/file/xfr.go @@ -26,6 +26,15 @@ func (x Xfr) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (in return 0, plugin.Error(x.Name(), fmt.Errorf("xfr called with non transfer type: %d", state.QType())) } + // For IXFR we take the SOA in the IXFR message (if there), compare it what we have and then decide to do an + // AXFR or just reply with one SOA message back. + if state.QType() == dns.TypeIXFR { + code, _ := x.ServeIxfr(ctx, w, r) + if plugin.ClientWrite(code) { + return code, nil + } + } + records := x.All() if len(records) == 0 { return dns.RcodeServerFailure, nil @@ -63,4 +72,36 @@ func (x Xfr) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (in // Name implements the plugin.Handler interface. func (x Xfr) Name() string { return "xfr" } +// ServeIxfr checks if we need to serve a simpler IXFR for the incoming message. +// See RFC 1995 Section 3: "... and the authority section containing the SOA record of client's version of the zone." +// and Section 2, paragraph 4 where we only need to echo the SOA record back. +// This function must be called when the qtype is IXFR. It returns a plugin.ClientWrite(code) == false, when it didn't +// write anything and we should perform an AXFR. +func (x Xfr) ServeIxfr(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { + if len(r.Ns) != 1 { + return dns.RcodeServerFailure, nil + } + soa, ok := r.Ns[0].(*dns.SOA) + if !ok { + return dns.RcodeServerFailure, nil + } + + x.RLock() + if x.Apex.SOA == nil { + x.RUnlock() + return dns.RcodeServerFailure, nil + } + serial := x.Apex.SOA.Serial + x.RUnlock() + + if soa.Serial == serial { // Section 2, para 4; echo SOA back. We have the same zone + m := new(dns.Msg) + m.SetReply(r) + m.Answer = []dns.RR{soa} + w.WriteMsg(m) + return 0, nil + } + return dns.RcodeServerFailure, nil +} + const transferLength = 1000 // Start a new envelop after message reaches this size in bytes. Intentionally small to test multi envelope parsing. |