diff options
| -rw-r--r-- | plugin/dnssec/README.md | 25 | ||||
| -rw-r--r-- | plugin/dnssec/dnskey.go | 7 | ||||
| -rw-r--r-- | plugin/file/README.md | 19 | ||||
| -rw-r--r-- | test/readme_test.go | 35 |
4 files changed, 67 insertions, 19 deletions
diff --git a/plugin/dnssec/README.md b/plugin/dnssec/README.md index bf560464d..372e9d971 100644 --- a/plugin/dnssec/README.md +++ b/plugin/dnssec/README.md @@ -47,10 +47,10 @@ If monitoring is enabled (via the *prometheus* directive) then the following met Sign responses for `example.org` with the key "Kexample.org.+013+45330.key". -~~~ -example.org:53 { +~~~ corefile +example.org { dnssec { - key file /etc/coredns/Kexample.org.+013+45330 + key file Kexample.org.+013+45330 } whoami } @@ -59,10 +59,10 @@ example.org:53 { Sign responses for a kubernetes zone with the key "Kcluster.local+013+45129.key". ~~~ -cluster.local:53 { - kubernetes cluster.local - dnssec cluster.local { - key file /etc/coredns/Kcluster.local+013+45129 +cluster.local { + kubernetes + dnssec { + key file Kcluster.local+013+45129 } } ~~~ @@ -70,17 +70,16 @@ cluster.local:53 { ## Bugs Multiple *dnssec* plugins inside one server stanza will silently overwrite earlier ones, here -`example.local` will overwrite the one for `cluster.local`. +`example.local` will overwrite the one for `cluster.org`. ~~~ -.:53 { +. { kubernetes cluster.local dnssec cluster.local { - key file /etc/coredns/cluster.local + key file Kcluster.local+013+45129 } - dnssec example.local { - key file /etc/coredns/example.local + dnssec example.org { + key file Kexample.org.+013+45330 } - whoami } ~~~ diff --git a/plugin/dnssec/dnskey.go b/plugin/dnssec/dnskey.go index 885538fbf..5c326d9a9 100644 --- a/plugin/dnssec/dnskey.go +++ b/plugin/dnssec/dnskey.go @@ -38,7 +38,10 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) { return nil, e } - dk := k.(*dns.DNSKEY) + dk, ok := k.(*dns.DNSKEY) + if !ok { + return nil, errors.New("no public key found") + } p, e := dk.ReadPrivateKey(f, privFile) if e != nil { return nil, e @@ -50,7 +53,7 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) { if s, ok := p.(*ecdsa.PrivateKey); ok { return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil } - return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no known private key found") + return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no private key found") } // getDNSKEY returns the correct DNSKEY to the client. Signatures are added when do is true. diff --git a/plugin/file/README.md b/plugin/file/README.md index 3dfb319bb..50912ca9c 100644 --- a/plugin/file/README.md +++ b/plugin/file/README.md @@ -44,9 +44,22 @@ file DBFILE [ZONES... ] { Load the `example.org` zone from `example.org.signed` and allow transfers to the internet, but send notifies to 10.240.1.1 +~~~ corefile +example.org { + file example.org.signed { + transfer to * + transfer to 10.240.1.1 + } +} +~~~ + +Or use a single zone file for multiple zones: + ~~~ -file example.org.signed example.org { - transfer to * - transfer to 10.240.1.1 +. { + file example.org.signed example.org example.net { + transfer to * + transfer to 10.240.1.1 + } } ~~~ diff --git a/test/readme_test.go b/test/readme_test.go index dcbb56619..f8ae0e346 100644 --- a/test/readme_test.go +++ b/test/readme_test.go @@ -14,7 +14,25 @@ import ( "github.com/mholt/caddy" ) -// TestReadme parses all README.md's of the plugins and checks if every example Corefile +// As we use the filesystem as-is, these files need to exist ON DISK for the readme test to work. This is especially +// useful for the *file* and *dnssec* plugins as their Corefiles are now tested as well. We create files in the +// current dir for all these, meaning the example READMEs MUST use relative path in their READMEs. +var contents = map[string]string{ + "Kexample.org.+013+45330.key": examplePub, + "Kexample.org.+013+45330.private": examplePriv, + "example.org.signed": exampleOrg, // not signed, but does not matter for this test. +} + +const ( + examplePub = `example.org. IN DNSKEY 256 3 13 eNMYFZYb6e0oJOV47IPo5f/UHy7wY9aBebotvcKakIYLyyGscBmXJQhbKLt/LhrMNDE2Q96hQnI5PdTBeOLzhQ== +` + examplePriv = `Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: f03VplaIEA+KHI9uizlemUSbUJH86hPBPjmcUninPoM= +` +) + +// TestReadme parses all README.mds of the plugins and checks if every example Corefile // actually works. Each corefile snippet is only used if the language is set to 'corefile': // // ~~~ corefile @@ -27,6 +45,9 @@ func TestReadme(t *testing.T) { caddy.Quiet = true dnsserver.Quiet = true + create(contents) + defer remove(contents) + log.SetOutput(ioutil.Discard) middle := filepath.Join("..", "plugin") @@ -99,3 +120,15 @@ func corefileFromReadme(readme string) ([]*Input, error) { } return input, nil } + +func create(c map[string]string) { + for name, content := range c { + ioutil.WriteFile(name, []byte(content), 0644) + } +} + +func remove(c map[string]string) { + for name := range c { + os.Remove(name) + } +} |