// ServeDNS implements the middleware.Handler interface.
func (c Cache) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
state := middleware.State{W: w, Req: r}
qname := state.Name()
qtype := state.QType()
zone := middleware.Zones(c.Zones).Matches(qname)
if zone == "" {
return c.Next.ServeDNS(ctx, w, r)
}
do := state.Do() // might need more from OPT record?
if i, ok := c.get(qname, qtype, do); ok {
resp := i.toMsg(r)
state.SizeAndDo(resp)
w.WriteMsg(resp)
cacheHitCount.WithLabelValues(zone).Inc()
return dns.RcodeSuccess, nil
}
cacheMissCount.WithLabelValues(zone).Inc()
crr := NewCachingResponseWriter(w, c.cache, c.cap)
return c.Next.ServeDNS(ctx, crr, r)
}
// ServeDNS implements the middleware.Handler interface.
func (d Dnssec) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
state := middleware.State{W: w, Req: r}
do := state.Do()
qname := state.Name()
qtype := state.QType()
zone := middleware.Zones(d.zones).Matches(qname)
if zone == "" {
return d.Next.ServeDNS(ctx, w, r)
}
// Intercept queries for DNSKEY, but only if one of the zones matches the qname, otherwise we let
// the query through.
if qtype == dns.TypeDNSKEY {
for _, z := range d.zones {
if qname == z {
resp := d.getDNSKEY(state, z, do)
state.SizeAndDo(resp)
w.WriteMsg(resp)
return dns.RcodeSuccess, nil
}
}
}
drr := NewDnssecResponseWriter(w, d)
return d.Next.ServeDNS(ctx, drr, r)
}
func (m Metrics) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
state := middleware.State{W: w, Req: r}
qname := state.QName()
zone := middleware.Zones(m.ZoneNames).Matches(qname)
if zone == "" {
zone = "."
}
// Record response to get status code and size of the reply.
rw := middleware.NewResponseRecorder(w)
status, err := m.Next.ServeDNS(ctx, rw, r)
Report(state, zone, rw.Rcode(), rw.Size(), rw.Start())
return status, err
}
func (d *DnssecResponseWriter) WriteMsg(res *dns.Msg) error {
// By definition we should sign anything that comes back, we should still figure out for
// which zone it should be.
state := middleware.State{W: d.ResponseWriter, Req: res}
qname := state.Name()
zone := middleware.Zones(d.d.zones).Matches(qname)
if zone == "" {
return d.ResponseWriter.WriteMsg(res)
}
if state.Do() {
res = d.d.Sign(state, zone, time.Now().UTC())
}
state.SizeAndDo(res)
return d.ResponseWriter.WriteMsg(res)
}
func kubernetesParse(c *Controller) (kubernetes.Kubernetes, error) {
/*
* TODO: Remove unused state and simplify.
* Inflight and Ctx might not be needed. Leaving in place until
* we take a pass at API caching and optimizing connector to the
* k8s API. Single flight (or limited upper-bound) for inflight
* API calls may be desirable.
*/
k8s := kubernetes.Kubernetes{
Proxy: proxy.New([]string{}),
Ctx: context.Background(),
// Inflight: &singleflight.Group{},
}
var (
endpoints = []string{defaultK8sEndpoint}
template = defaultNameTemplate
namespaces = []string{}
)
k8s.APIConn = k8sc.NewK8sConnector(endpoints[0])
k8s.NameTemplate = new(nametemplate.NameTemplate)
k8s.NameTemplate.SetTemplate(template)
for c.Next() {
if c.Val() == "kubernetes" {
zones := c.RemainingArgs()
if len(zones) == 0 {
k8s.Zones = c.ServerBlockHosts
} else {
// Normalize requested zones
k8s.Zones = kubernetes.NormalizeZoneList(zones)
}
middleware.Zones(k8s.Zones).FullyQualify()
if c.NextBlock() {
// TODO(miek): 2 switches?
switch c.Val() {
case "endpoint":
args := c.RemainingArgs()
if len(args) == 0 {
return kubernetes.Kubernetes{}, c.ArgErr()
}
endpoints = args
k8s.APIConn = k8sc.NewK8sConnector(endpoints[0])
}
for c.Next() {
switch c.Val() {
case "template":
args := c.RemainingArgs()
if len(args) == 0 {
return kubernetes.Kubernetes{}, c.ArgErr()
}
template = strings.Join(args, "")
err := k8s.NameTemplate.SetTemplate(template)
if err != nil {
return kubernetes.Kubernetes{}, err
}
case "namespaces":
args := c.RemainingArgs()
if len(args) == 0 {
return kubernetes.Kubernetes{}, c.ArgErr()
}
namespaces = args
k8s.Namespaces = &namespaces
}
}
}
return k8s, nil
}
}
return kubernetes.Kubernetes{}, nil
}
func (e Etcd) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
state := middleware.State{W: w, Req: r}
if state.QClass() != dns.ClassINET {
return dns.RcodeServerFailure, fmt.Errorf("can only deal with ClassINET")
}
name := state.Name()
if e.Debug {
if debug := isDebug(name); debug != "" {
e.debug = r.Question[0].Name
state.Clear()
state.Req.Question[0].Name = debug
}
}
// We need to check stubzones first, because we may get a request for a zone we
// are not auth. for *but* do have a stubzone forward for. If we do the stubzone
// handler will handle the request.
if e.Stubmap != nil && len(*e.Stubmap) > 0 {
for zone := range *e.Stubmap {
if middleware.Name(zone).Matches(name) {
stub := Stub{Etcd: e, Zone: zone}
return stub.ServeDNS(ctx, w, r)
}
}
}
zone := middleware.Zones(e.Zones).Matches(state.Name())
if zone == "" {
if e.Next == nil {
return dns.RcodeServerFailure, nil
}
return e.Next.ServeDNS(ctx, w, r)
}
var (
records, extra []dns.RR
debug []msg.Service
err error
)
switch state.Type() {
case "A":
records, debug, err = e.A(zone, state, nil)
case "AAAA":
records, debug, err = e.AAAA(zone, state, nil)
case "TXT":
records, debug, err = e.TXT(zone, state)
case "CNAME":
records, debug, err = e.CNAME(zone, state)
case "PTR":
records, debug, err = e.PTR(zone, state)
case "MX":
records, extra, debug, err = e.MX(zone, state)
case "SRV":
records, extra, debug, err = e.SRV(zone, state)
case "SOA":
records, debug, err = e.SOA(zone, state)
case "NS":
if state.Name() == zone {
records, extra, debug, err = e.NS(zone, state)
break
}
fallthrough
default:
// Do a fake A lookup, so we can distinguish between NODATA and NXDOMAIN
_, debug, err = e.A(zone, state, nil)
}
if e.debug != "" {
// Substitute this name with the original when we return the request.
state.Clear()
state.Req.Question[0].Name = e.debug
}
if isEtcdNameError(err) {
return e.Err(zone, dns.RcodeNameError, state, debug, err)
}
if err != nil {
return e.Err(zone, dns.RcodeServerFailure, state, debug, err)
}
if len(records) == 0 {
return e.Err(zone, dns.RcodeSuccess, state, debug, err)
}
m := new(dns.Msg)
m.SetReply(r)
m.Authoritative, m.RecursionAvailable, m.Compress = true, true, true
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
if e.debug != "" {
m.Extra = append(m.Extra, servicesToTxt(debug)...)
}
m = dedup(m)
state.SizeAndDo(m)
m, _ = state.Scrub(m)
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
func etcdParse(c *Controller) (etcd.Etcd, bool, error) {
stub := make(map[string]proxy.Proxy)
etc := etcd.Etcd{
Proxy: proxy.New([]string{"8.8.8.8:53", "8.8.4.4:53"}),
PathPrefix: "skydns",
Ctx: context.Background(),
Inflight: &singleflight.Group{},
Stubmap: &stub,
}
var (
client etcdc.KeysAPI
tlsCertFile = ""
tlsKeyFile = ""
tlsCAcertFile = ""
endpoints = []string{defaultEndpoint}
stubzones = false
)
for c.Next() {
if c.Val() == "etcd" {
etc.Client = client
etc.Zones = c.RemainingArgs()
if len(etc.Zones) == 0 {
etc.Zones = c.ServerBlockHosts
}
middleware.Zones(etc.Zones).FullyQualify()
if c.NextBlock() {
// TODO(miek): 2 switches?
switch c.Val() {
case "stubzones":
stubzones = true
case "debug":
etc.Debug = true
case "path":
if !c.NextArg() {
return etcd.Etcd{}, false, c.ArgErr()
}
etc.PathPrefix = c.Val()
case "endpoint":
args := c.RemainingArgs()
if len(args) == 0 {
return etcd.Etcd{}, false, c.ArgErr()
}
endpoints = args
case "upstream":
args := c.RemainingArgs()
if len(args) == 0 {
return etcd.Etcd{}, false, c.ArgErr()
}
for i := 0; i < len(args); i++ {
h, p, e := net.SplitHostPort(args[i])
if e != nil && p == "" {
args[i] = h + ":53"
}
}
endpoints = args
etc.Proxy = proxy.New(args)
case "tls": // cert key cacertfile
args := c.RemainingArgs()
if len(args) != 3 {
return etcd.Etcd{}, false, c.ArgErr()
}
tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]
}
for c.Next() {
switch c.Val() {
case "stubzones":
stubzones = true
case "debug":
etc.Debug = true
case "path":
if !c.NextArg() {
return etcd.Etcd{}, false, c.ArgErr()
}
etc.PathPrefix = c.Val()
case "endpoint":
args := c.RemainingArgs()
if len(args) == 0 {
return etcd.Etcd{}, false, c.ArgErr()
}
endpoints = args
case "upstream":
args := c.RemainingArgs()
if len(args) == 0 {
return etcd.Etcd{}, false, c.ArgErr()
}
for i := 0; i < len(args); i++ {
h, p, e := net.SplitHostPort(args[i])
if e != nil && p == "" {
args[i] = h + ":53"
}
}
etc.Proxy = proxy.New(args)
case "tls": // cert key cacertfile
args := c.RemainingArgs()
if len(args) != 3 {
return etcd.Etcd{}, false, c.ArgErr()
}
tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]
}
}
}
client, err := newEtcdClient(endpoints, tlsCertFile, tlsKeyFile, tlsCAcertFile)
if err != nil {
return etcd.Etcd{}, false, err
}
etc.Client = client
return etc, stubzones, nil
}
}
return etcd.Etcd{}, false, nil
}
func (f File) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
state := middleware.State{W: w, Req: r}
if state.QClass() != dns.ClassINET {
return dns.RcodeServerFailure, errors.New("can only deal with ClassINET")
}
qname := state.Name()
zone := middleware.Zones(f.Zones.Names).Matches(qname)
if zone == "" {
if f.Next != nil {
return f.Next.ServeDNS(ctx, w, r)
}
return dns.RcodeServerFailure, errors.New("no next middleware found")
}
z, ok := f.Zones.Z[zone]
if !ok {
return f.Next.ServeDNS(ctx, w, r)
}
if z == nil {
return dns.RcodeServerFailure, nil
}
if r.Opcode == dns.OpcodeNotify {
if z.isNotify(state) {
m := new(dns.Msg)
m.SetReply(r)
m.Authoritative, m.RecursionAvailable, m.Compress = true, true, true
state.SizeAndDo(m)
w.WriteMsg(m)
log.Printf("[INFO] Notify from %s for %s: checking transfer", state.IP(), zone)
ok, err := z.shouldTransfer()
if ok {
z.TransferIn()
} else {
log.Printf("[INFO] Notify from %s for %s: no serial increase seen", state.IP(), zone)
}
if err != nil {
log.Printf("[WARNING] Notify from %s for %s: failed primary check: %s", state.IP(), zone, err)
}
return dns.RcodeSuccess, nil
}
log.Printf("[INFO] Dropping notify from %s for %s", state.IP(), zone)
return dns.RcodeSuccess, nil
}
if z.Expired != nil && *z.Expired {
log.Printf("[ERROR] Zone %s is expired", zone)
return dns.RcodeServerFailure, nil
}
if state.QType() == dns.TypeAXFR || state.QType() == dns.TypeIXFR {
xfr := Xfr{z}
return xfr.ServeDNS(ctx, w, r)
}
answer, ns, extra, result := z.Lookup(qname, state.QType(), state.Do())
m := new(dns.Msg)
m.SetReply(r)
m.Authoritative, m.RecursionAvailable, m.Compress = true, true, true
m.Answer, m.Ns, m.Extra = answer, ns, extra
switch result {
case Success:
case NoData:
case NameError:
m.Rcode = dns.RcodeNameError
case Delegation:
m.Authoritative = false
case ServerFailure:
return dns.RcodeServerFailure, nil
}
state.SizeAndDo(m)
m, _ = state.Scrub(m)
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
func (k Kubernetes) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
log.Printf("[debug] here entering ServeDNS: ctx:%v dnsmsg:%v\n", ctx, r)
state := middleware.State{W: w, Req: r}
if state.QClass() != dns.ClassINET {
return dns.RcodeServerFailure, fmt.Errorf("can only deal with ClassINET")
}
// Check that query matches one of the zones served by this middleware,
// otherwise delegate to the next in the pipeline.
zone := middleware.Zones(k.Zones).Matches(state.Name())
if zone == "" {
if k.Next == nil {
return dns.RcodeServerFailure, nil
}
return k.Next.ServeDNS(ctx, w, r)
}
m := new(dns.Msg)
m.SetReply(r)
m.Authoritative, m.RecursionAvailable, m.Compress = true, true, true
var (
records, extra []dns.RR
err error
)
switch state.Type() {
case "A":
records, err = k.A(zone, state, nil)
case "AAAA":
records, err = k.AAAA(zone, state, nil)
case "TXT":
records, err = k.TXT(zone, state)
// TODO: change lookup to return appropriate error. Then add code below
// this switch to check for the error and return not implemented.
//return dns.RcodeNotImplemented, nil
case "CNAME":
records, err = k.CNAME(zone, state)
case "MX":
records, extra, err = k.MX(zone, state)
case "SRV":
records, extra, err = k.SRV(zone, state)
case "SOA":
records = []dns.RR{k.SOA(zone, state)}
case "NS":
if state.Name() == zone {
records, extra, err = k.NS(zone, state)
break
}
fallthrough
default:
// Do a fake A lookup, so we can distinguish betwen NODATA and NXDOMAIN
_, err = k.A(zone, state, nil)
}
if isKubernetesNameError(err) {
return k.Err(zone, dns.RcodeNameError, state)
}
if err != nil {
return dns.RcodeServerFailure, err
}
if len(records) == 0 {
return k.Err(zone, dns.RcodeSuccess, state)
}
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
m = dedup(m)
state.SizeAndDo(m)
m, _ = state.Scrub(m)
w.WriteMsg(m)
return dns.RcodeSuccess, nil
}
