2 files changed, 40 insertions, 9 deletions

diff --git a/middleware/kubernetes/handler.go b/middleware/kubernetes/handler.go
index 3efe6e722..326e3ac13 100644
--- a/middleware/kubernetes/handler.go
+++ b/middleware/kubernetes/handler.go
@@ -26,16 +26,17 @@ func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.M
 	// otherwise delegate to the next in the pipeline.
 	zone := middleware.Zones(k.Zones).Matches(state.Name())
 	if zone == "" {
-		if state.Type() == "PTR" {
-			// If this is a PTR request, and a the request is in a defined
-			// pod/service cidr range, process the request in this middleware,
-			// otherwise pass to next middleware.
-			if !k.IsRequestInReverseRange(state) {
-				return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r)
-			}
-			// Set the zone to this specific request.
-			zone = state.Name()
+		if state.Type() != "PTR" {
+			return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r)
 		}
+		// If this is a PTR request, and the request is in a defined
+		// pod/service cidr range, process the request in this middleware,
+		// otherwise pass to next middleware.
+		if !k.IsRequestInReverseRange(state) {
+			return middleware.NextOrFailure(k.Name(), k.Next, ctx, w, r)
+		}
+		// Set the zone to this specific request.
+		zone = state.Name()
 	}
 
 	var (
diff --git a/test/kubernetes_test.go b/test/kubernetes_test.go
index fd38c2e03..a85dae446 100644
--- a/test/kubernetes_test.go
+++ b/test/kubernetes_test.go
@@ -225,6 +225,13 @@ var dnsTestCases = []test.Case{
 			test.TXT("dns-version.cluster.local. 28800 IN TXT \"1.0.0\""),
 		},
 	},
+	{
+		Qname: "next-in-chain.", Qtype: dns.TypeA,
+		Rcode: dns.RcodeSuccess,
+		Answer: []dns.RR{
+			test.A("next-in-chain.              0       IN      A       192.0.2.53"),
+		},
+	},
 }
 
 var dnsTestCasesPodsInsecure = []test.Case{
@@ -282,6 +289,13 @@ var dnsTestCasesCidrReverseZone = []test.Case{
 			test.PTR("115.0.0.10.in-addr.arpa.      303    IN      PTR       svc-c.test-1.svc.cluster.local."),
 		},
 	},
+	{
+		Qname: "next-in-chain.", Qtype: dns.TypeA,
+		Rcode: dns.RcodeSuccess,
+		Answer: []dns.RR{
+			test.A("next-in-chain.              0       IN      A       192.0.2.53"),
+		},
+	},
 }
 
 var dnsTestCasesPartialCidrReverseZone = []test.Case{
@@ -313,6 +327,13 @@ var dnsTestCasesPartialCidrReverseZone = []test.Case{
 		Rcode:  dns.RcodeServerFailure,
 		Answer: []dns.RR{},
 	},
+	{
+		Qname: "next-in-chain.", Qtype: dns.TypeA,
+		Rcode: dns.RcodeSuccess,
+		Answer: []dns.RR{
+			test.A("next-in-chain.              0       IN      A       192.0.2.53"),
+		},
+	},
 }
 
 var dnsTestCasesAllNSExposed = []test.Case{
@@ -409,6 +430,9 @@ func TestKubernetesIntegration(t *testing.T) {
 		namespaces test-1
 		pods disabled
     }
+	erratic . {
+		drop 0
+	}
 `
 	doIntegrationTests(t, corefile, dnsTestCases)
 }
@@ -445,6 +469,9 @@ func TestKubernetesIntegrationCidrReverseZone(t *testing.T) {
                 namespaces test-1
 				cidrs 10.0.0.0/24				
     }
+	erratic . {
+		drop 0
+	}
 `
 	doIntegrationTests(t, corefile, dnsTestCasesCidrReverseZone)
 }
@@ -457,6 +484,9 @@ func TestKubernetesIntegrationPartialCidrReverseZone(t *testing.T) {
                 namespaces test-1
 				cidrs 10.0.0.96/28 10.0.0.120/32
     }
+	erratic . {
+		drop 0
+	}
 `
 	doIntegrationTests(t, corefile, dnsTestCasesPartialCidrReverseZone)
 }