aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugin/backend.go4
-rw-r--r--plugin/kubernetes/handler_pod_insecure_test.go28
-rw-r--r--plugin/kubernetes/kubernetes.go6
3 files changed, 36 insertions, 2 deletions
diff --git a/plugin/backend.go b/plugin/backend.go
index 7b5b2f467..fad61d418 100644
--- a/plugin/backend.go
+++ b/plugin/backend.go
@@ -9,8 +9,8 @@ import (
// ServiceBackend defines a (dynamic) backend that returns a slice of service definitions.
type ServiceBackend interface {
- // Services communicates with the backend to retrieve the service definition. Exact indicates
- // on exact much are that we are allowed to recurs.
+ // Services communicates with the backend to retrieve the service definitions. Exact indicates
+ // on exact match should be returned.
Services(state request.Request, exact bool, opt Options) ([]msg.Service, error)
// Reverse communicates with the backend to retrieve service definition based on a IP address
diff --git a/plugin/kubernetes/handler_pod_insecure_test.go b/plugin/kubernetes/handler_pod_insecure_test.go
index 6dcfd5629..b086f3fe6 100644
--- a/plugin/kubernetes/handler_pod_insecure_test.go
+++ b/plugin/kubernetes/handler_pod_insecure_test.go
@@ -26,12 +26,40 @@ var podModeInsecureCases = []test.Case{
},
},
{
+ Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeA,
+ Rcode: dns.RcodeNameError,
+ Ns: []dns.RR{
+ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
+ },
+ },
+ {
+ Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeAAAA,
+ Rcode: dns.RcodeNameError,
+ Ns: []dns.RR{
+ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
+ },
+ },
+ {
+ Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeHINFO,
+ Rcode: dns.RcodeNameError,
+ Ns: []dns.RR{
+ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
+ },
+ },
+ {
Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA,
Rcode: dns.RcodeNameError,
Ns: []dns.RR{
test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
},
},
+ {
+ Qname: "podns.pod.cluster.local.", Qtype: dns.TypeA,
+ Rcode: dns.RcodeNameError,
+ Ns: []dns.RR{
+ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"),
+ },
+ },
}
func TestServeDNSModeInsecure(t *testing.T) {
diff --git a/plugin/kubernetes/kubernetes.go b/plugin/kubernetes/kubernetes.go
index 4e79738e7..785a16ae3 100644
--- a/plugin/kubernetes/kubernetes.go
+++ b/plugin/kubernetes/kubernetes.go
@@ -321,6 +321,12 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service,
if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist
return nil, errNoItems
}
+
+ // If ip does not parse as an IP address, we return an error, otherwise we assume a CNAME and will try to resolve it in backend_lookup.go
+ if net.ParseIP(ip) == nil {
+ return nil, errNoItems
+ }
+
return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err
}