diff options
| -rw-r--r-- | plugin/backend.go | 4 | ||||
| -rw-r--r-- | plugin/kubernetes/handler_pod_insecure_test.go | 28 | ||||
| -rw-r--r-- | plugin/kubernetes/kubernetes.go | 6 |
3 files changed, 36 insertions, 2 deletions
diff --git a/plugin/backend.go b/plugin/backend.go index 7b5b2f467..fad61d418 100644 --- a/plugin/backend.go +++ b/plugin/backend.go @@ -9,8 +9,8 @@ import ( // ServiceBackend defines a (dynamic) backend that returns a slice of service definitions. type ServiceBackend interface { - // Services communicates with the backend to retrieve the service definition. Exact indicates - // on exact much are that we are allowed to recurs. + // Services communicates with the backend to retrieve the service definitions. Exact indicates + // on exact match should be returned. Services(state request.Request, exact bool, opt Options) ([]msg.Service, error) // Reverse communicates with the backend to retrieve service definition based on a IP address diff --git a/plugin/kubernetes/handler_pod_insecure_test.go b/plugin/kubernetes/handler_pod_insecure_test.go index 6dcfd5629..b086f3fe6 100644 --- a/plugin/kubernetes/handler_pod_insecure_test.go +++ b/plugin/kubernetes/handler_pod_insecure_test.go @@ -26,12 +26,40 @@ var podModeInsecureCases = []test.Case{ }, }, { + Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, + { + Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeAAAA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, + { + Qname: "blah.podns.pod.cluster.local.", Qtype: dns.TypeHINFO, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, + { Qname: "blah.pod-nons.pod.cluster.local.", Qtype: dns.TypeA, Rcode: dns.RcodeNameError, Ns: []dns.RR{ test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), }, }, + { + Qname: "podns.pod.cluster.local.", Qtype: dns.TypeA, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + test.SOA("cluster.local. 300 IN SOA ns.dns.cluster.local. hostmaster.cluster.local. 1515173576 7200 1800 86400 30"), + }, + }, } func TestServeDNSModeInsecure(t *testing.T) { diff --git a/plugin/kubernetes/kubernetes.go b/plugin/kubernetes/kubernetes.go index 4e79738e7..785a16ae3 100644 --- a/plugin/kubernetes/kubernetes.go +++ b/plugin/kubernetes/kubernetes.go @@ -321,6 +321,12 @@ func (k *Kubernetes) findPods(r recordRequest, zone string) (pods []msg.Service, if !wildcard(namespace) && !k.namespace(namespace) { // no wildcard, but namespace does not exist return nil, errNoItems } + + // If ip does not parse as an IP address, we return an error, otherwise we assume a CNAME and will try to resolve it in backend_lookup.go + if net.ParseIP(ip) == nil { + return nil, errNoItems + } + return []msg.Service{{Key: strings.Join([]string{zonePath, Pod, namespace, podname}, "/"), Host: ip, TTL: k.ttl}}, err } |