func RenewDnsMsg(m *dns.Msg) {
m.Extra = nil
m.Answer = nil
m.AuthenticatedData = false
m.CheckingDisabled = false
m.Question = nil
}
func cacheMsg(m *dns.Msg, tc cacheTestCase) *dns.Msg {
m.RecursionAvailable = tc.RecursionAvailable
m.AuthenticatedData = tc.AuthenticatedData
m.Authoritative = tc.Authoritative
m.Truncated = tc.Truncated
m.Answer = tc.in.Answer
m.Ns = tc.in.Ns
// m.Extra = tc.in.Extra , not the OPT record!
return m
}
// toMsg turns i into a message, it tailers to reply to m.
func (i *item) toMsg(m *dns.Msg) *dns.Msg {
m1 := new(dns.Msg)
m1.SetReply(m)
m1.Authoritative = i.Authoritative
m1.AuthenticatedData = i.AuthenticatedData
m1.RecursionAvailable = i.RecursionAvailable
m1.Compress = true
m1.Answer = i.Answer
m1.Ns = i.Ns
m1.Extra = i.Extra
ttl := int(i.origTtl) - int(time.Now().UTC().Sub(i.stored).Seconds())
if ttl < baseTtl {
ttl = baseTtl
}
setCap(m1, uint32(ttl))
return m1
}
/*
* makeMessage() - construct DNS message structure
*/
func makeMessage(c *Context, qname, qtype, qclass string, ext Extension) *dns.Msg {
m := new(dns.Msg)
m.Id = dns.Id()
if c.restype == RESOLUTION_STUB {
m.RecursionDesired = true
} else {
m.RecursionDesired = false
}
if c.adflag {
m.AuthenticatedData = true
}
if c.cdflag {
m.CheckingDisabled = true
}
if ext["dnssec_return_status"] || ext["dnssec_return_only_secure"] || ext["dnssec_return_validation_chain"] {
opt := new(dns.OPT)
opt.Hdr.Name = "."
opt.Hdr.Rrtype = dns.TypeOPT
opt.SetDo()
m.Extra = append(m.Extra, opt)
}
m.Question = make([]dns.Question, 1)
qtype_int, ok := dns.StringToType[strings.ToUpper(qtype)]
if !ok {
fmt.Printf("%s: Unrecognized query type.\n", qtype)
return nil
}
qclass_int, ok := dns.StringToClass[strings.ToUpper(qclass)]
if !ok {
fmt.Printf("%s: Unrecognized query class.\n", qclass)
return nil
}
m.Question[0] = dns.Question{qname, qtype_int, qclass_int}
return m
}
// ServeDNS is the handler for DNS requests, responsible for parsing DNS request, possibly forwarding
// it to a real dns server and returning a response.
func (s *server) ServeDNS(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.SetReply(req)
m.Authoritative = true
m.RecursionAvailable = true
m.Compress = true
bufsize := uint16(512)
dnssec := false
tcp := false
start := time.Now()
if req.Question[0].Qtype == dns.TypeANY {
m.Authoritative = false
m.Rcode = dns.RcodeRefused
m.RecursionAvailable = false
m.RecursionDesired = false
m.Compress = false
// if write fails don't care
w.WriteMsg(m)
promErrorCount.WithLabelValues("refused").Inc()
return
}
if o := req.IsEdns0(); o != nil {
bufsize = o.UDPSize()
dnssec = o.Do()
}
if bufsize < 512 {
bufsize = 512
}
// with TCP we can send 64K
if tcp = isTCP(w); tcp {
bufsize = dns.MaxMsgSize - 1
promRequestCount.WithLabelValues("tcp").Inc()
} else {
promRequestCount.WithLabelValues("udp").Inc()
}
StatsRequestCount.Inc(1)
if dnssec {
StatsDnssecOkCount.Inc(1)
promDnssecOkCount.Inc()
}
defer func() {
promCacheSize.WithLabelValues("response").Set(float64(s.rcache.Size()))
}()
// Check cache first.
key := cache.QuestionKey(req.Question[0], dnssec)
m1, exp, hit := s.rcache.Search(key)
if hit {
// Cache hit! \o/
if time.Since(exp) < 0 {
m1.Id = m.Id
m1.Compress = true
m1.Truncated = false
if dnssec {
// The key for DNS/DNSSEC in cache is different, no
// need to do Denial/Sign here.
//if s.config.PubKey != nil {
//s.Denial(m1) // not needed for cache hits
//s.Sign(m1, bufsize)
//}
}
if m1.Len() > int(bufsize) && !tcp {
promErrorCount.WithLabelValues("truncated").Inc()
m1.Truncated = true
}
// Still round-robin even with hits from the cache.
// Only shuffle A and AAAA records with each other.
if req.Question[0].Qtype == dns.TypeA || req.Question[0].Qtype == dns.TypeAAAA {
s.RoundRobin(m1.Answer)
}
if err := w.WriteMsg(m1); err != nil {
log.Printf("skydns: failure to return reply %q", err)
}
metricSizeAndDuration(m1, start, tcp)
return
}
// Expired! /o\
s.rcache.Remove(key)
}
q := req.Question[0]
name := strings.ToLower(q.Name)
if s.config.Verbose {
log.Printf("skydns: received DNS Request for %q from %q with type %d", q.Name, w.RemoteAddr(), q.Qtype)
}
for zone, ns := range *s.config.stub {
if strings.HasSuffix(name, zone) {
resp := s.ServeDNSStubForward(w, req, ns)
metricSizeAndDuration(resp, start, tcp)
return
}
}
// If the qname is local.dns.skydns.local. and s.config.Local != "", substitute that name.
if s.config.Local != "" && name == s.config.localDomain {
name = s.config.Local
}
if q.Qtype == dns.TypePTR && strings.HasSuffix(name, ".in-addr.arpa.") || strings.HasSuffix(name, ".ip6.arpa.") {
resp := s.ServeDNSReverse(w, req)
metricSizeAndDuration(resp, start, tcp)
return
}
if q.Qclass != dns.ClassCHAOS && !strings.HasSuffix(name, s.config.Domain) {
if s.config.Verbose {
log.Printf("skydns: %q is not sub of %q, forwarding...", name, s.config.Domain)
}
resp := s.ServeDNSForward(w, req)
metricSizeAndDuration(resp, start, tcp)
return
}
promCacheMiss.WithLabelValues("response").Inc()
defer func() {
if m.Rcode == dns.RcodeServerFailure {
if err := w.WriteMsg(m); err != nil {
log.Printf("skydns: failure to return reply %q", err)
}
return
}
// Set TTL to the minimum of the RRset and dedup the message, i.e.
// remove identical RRs.
m = s.dedup(m)
minttl := s.config.Ttl
if len(m.Answer) > 1 {
for _, r := range m.Answer {
if r.Header().Ttl < minttl {
minttl = r.Header().Ttl
}
}
for _, r := range m.Answer {
r.Header().Ttl = minttl
}
}
if !m.Truncated {
s.rcache.InsertMessage(cache.QuestionKey(req.Question[0], dnssec), m)
}
if dnssec {
if s.config.PubKey != nil {
m.AuthenticatedData = true
s.Denial(m)
s.Sign(m, bufsize)
}
}
if m.Len() > dns.MaxMsgSize {
log.Printf("skydns: overflowing maximum message size: %d, dropping additional section", m.Len())
m.Extra = nil // Drop entire additional section to see if this helps.
if m.Len() > dns.MaxMsgSize {
// *Still* too large.
log.Printf("skydns: still overflowing maximum message size: %d", m.Len())
promErrorCount.WithLabelValues("overflow").Inc()
m1 := new(dns.Msg) // Use smaller msg to signal failure.
m1.SetRcode(m, dns.RcodeServerFailure)
if err := w.WriteMsg(m1); err != nil {
log.Printf("skydns: failure to return reply %q", err)
}
metricSizeAndDuration(m1, start, tcp)
return
}
}
if m.Len() > int(bufsize) && !tcp {
m.Extra = nil // As above, drop entire additional section.
if m.Len() > int(bufsize) {
promErrorCount.WithLabelValues("truncated").Inc()
m.Truncated = true
}
}
if err := w.WriteMsg(m); err != nil {
log.Printf("skydns: failure to return reply %q %d", err, m.Len())
}
metricSizeAndDuration(m, start, tcp)
}()
if name == s.config.Domain {
if q.Qtype == dns.TypeSOA {
m.Answer = []dns.RR{s.NewSOA()}
return
}
if q.Qtype == dns.TypeDNSKEY {
if s.config.PubKey != nil {
m.Answer = []dns.RR{s.config.PubKey}
return
}
}
}
if q.Qclass == dns.ClassCHAOS {
if q.Qtype == dns.TypeTXT {
switch name {
case "authors.bind.":
fallthrough
case s.config.Domain:
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
authors := []string{"Erik St. Martin", "Brian Ketelsen", "Miek Gieben", "Michael Crosby"}
for _, a := range authors {
m.Answer = append(m.Answer, &dns.TXT{Hdr: hdr, Txt: []string{a}})
}
for j := 0; j < len(authors)*(int(dns.Id())%4+1); j++ {
q := int(dns.Id()) % len(authors)
p := int(dns.Id()) % len(authors)
if q == p {
p = (p + 1) % len(authors)
}
m.Answer[q], m.Answer[p] = m.Answer[p], m.Answer[q]
}
return
case "version.bind.":
fallthrough
case "version.server.":
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
m.Answer = []dns.RR{&dns.TXT{Hdr: hdr, Txt: []string{Version}}}
return
case "hostname.bind.":
fallthrough
case "id.server.":
// TODO(miek): machine name to return
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
m.Answer = []dns.RR{&dns.TXT{Hdr: hdr, Txt: []string{"localhost"}}}
return
}
}
// still here, fail
m.SetReply(req)
m.SetRcode(req, dns.RcodeServerFailure)
return
}
switch q.Qtype {
case dns.TypeNS:
if name != s.config.Domain {
log.Printf("skydns: %q unmatch default domain", name)
break
}
// Lookup s.config.DnsDomain
records, extra, err := s.NSRecords(q, s.config.dnsDomain)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
case dns.TypeA, dns.TypeAAAA:
records, err := s.AddressRecords(q, name, nil, bufsize, dnssec, false)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
case dns.TypeTXT:
records, err := s.TXTRecords(q, name)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
case dns.TypeCNAME:
records, err := s.CNAMERecords(q, name)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
case dns.TypeMX:
records, extra, err := s.MXRecords(q, name, bufsize, dnssec)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
default:
fallthrough // also catch other types, so that they return NODATA
case dns.TypeSRV:
records, extra, err := s.SRVRecords(q, name, bufsize, dnssec)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
if q.Qtype == dns.TypeSRV { // Otherwise NODATA
s.ServerFailure(m, req)
return
}
}
// if we are here again, check the types, because an answer may only
// be given for SRV. All other types should return NODATA, the
// NXDOMAIN part is handled in the above code. TODO(miek): yes this
// can be done in a more elegant manor.
if q.Qtype == dns.TypeSRV {
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
}
}
if len(m.Answer) == 0 { // NODATA response
StatsNoDataCount.Inc(1)
m.Ns = []dns.RR{s.NewSOA()}
m.Ns[0].Header().Ttl = s.config.MinTtl
}
}
// ServeDNS is the handler for DNS requests, responsible for parsing DNS request, possibly forwarding
// it to a real dns server and returning a response.
func (s *server) ServeDNS(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.SetReply(req)
m.Authoritative = true
m.RecursionAvailable = true
m.Compress = true
bufsize := uint16(512)
dnssec := false
tcp := false
if req.Question[0].Qtype == dns.TypeANY {
m.Authoritative = false
m.Rcode = dns.RcodeRefused
m.RecursionAvailable = false
m.RecursionDesired = false
m.Compress = false
// if write fails don't care
w.WriteMsg(m)
return
}
if o := req.IsEdns0(); o != nil {
bufsize = o.UDPSize()
dnssec = o.Do()
}
if bufsize < 512 {
bufsize = 512
}
// with TCP we can send 64K
if _, ok := w.RemoteAddr().(*net.TCPAddr); ok {
bufsize = dns.MaxMsgSize - 1
tcp = true
}
// Check cache first.
key := cache.QuestionKey(req.Question[0], dnssec)
m1, exp, hit := s.rcache.Search(key)
if hit {
// Cache hit! \o/
if time.Since(exp) < 0 {
m1.Id = m.Id
if dnssec {
StatsDnssecOkCount.Inc(1)
// The key for DNS/DNSSEC in cache is different, no
// need to do Denial/Sign here.
//if s.config.PubKey != nil {
//s.Denial(m1) // not needed for cache hits
//s.Sign(m1, bufsize)
//}
}
if m1.Len() > int(bufsize) && !tcp {
m1.Truncated = true
}
// Still round-robin even with hits from the cache.
if s.config.RoundRobin && (req.Question[0].Qtype == dns.TypeA ||
req.Question[0].Qtype == dns.TypeAAAA) {
switch l := len(m1.Answer); l {
case 2:
if dns.Id()%2 == 0 {
m1.Answer[0], m1.Answer[1] = m1.Answer[1], m1.Answer[0]
}
default:
// Do a minimum of l swap, maximum of 4l swaps
for j := 0; j < l*(int(dns.Id())%4+1); j++ {
q := int(dns.Id()) % l
p := int(dns.Id()) % l
if q == p {
p = (p + 1) % l
}
m1.Answer[q], m1.Answer[p] = m1.Answer[p], m1.Answer[q]
}
}
}
if err := w.WriteMsg(m1); err != nil {
s.config.log.Errorf("failure to return reply %q", err)
}
return
}
// Expired! /o\
s.rcache.Remove(key)
}
q := req.Question[0]
name := strings.ToLower(q.Name)
StatsRequestCount.Inc(1)
if verbose {
s.config.log.Infof("received DNS Request for %q from %q with type %d", q.Name, w.RemoteAddr(), q.Qtype)
}
// If the qname is local.dns.skydns.local. and s.config.Local != "", substitute that name.
if s.config.Local != "" && name == s.config.localDomain {
name = s.config.Local
}
if q.Qtype == dns.TypePTR && strings.HasSuffix(name, ".in-addr.arpa.") || strings.HasSuffix(name, ".ip6.arpa.") {
s.ServeDNSReverse(w, req)
return
}
if q.Qclass != dns.ClassCHAOS && !strings.HasSuffix(name, s.config.Domain) {
s.ServeDNSForward(w, req)
return
}
defer func() {
if m.Rcode == dns.RcodeServerFailure {
if err := w.WriteMsg(m); err != nil {
s.config.log.Errorf("failure to return reply %q", err)
}
return
}
// Set TTL to the minimum of the RRset.
minttl := s.config.Ttl
if len(m.Answer) > 1 {
for _, r := range m.Answer {
if r.Header().Ttl < minttl {
minttl = r.Header().Ttl
}
}
for _, r := range m.Answer {
r.Header().Ttl = minttl
}
}
s.rcache.InsertMessage(cache.QuestionKey(req.Question[0], dnssec), m)
if dnssec {
StatsDnssecOkCount.Inc(1)
if s.config.PubKey != nil {
m.AuthenticatedData = true
s.Denial(m)
s.Sign(m, bufsize)
}
}
if m.Len() > int(bufsize) && !tcp {
// TODO(miek): this is a little brain dead, better is to not add
// RRs in the message in the first place.
m.Truncated = true
}
if err := w.WriteMsg(m); err != nil {
s.config.log.Errorf("failure to return reply %q", err)
}
}()
if name == s.config.Domain {
if q.Qtype == dns.TypeSOA {
m.Answer = []dns.RR{s.NewSOA()}
return
}
if q.Qtype == dns.TypeDNSKEY {
if s.config.PubKey != nil {
m.Answer = []dns.RR{s.config.PubKey}
return
}
}
}
if q.Qclass == dns.ClassCHAOS {
if q.Qtype == dns.TypeTXT {
switch name {
case "authors.bind.":
fallthrough
case s.config.Domain:
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
authors := []string{"Erik St. Martin", "Brian Ketelsen", "Miek Gieben", "Michael Crosby"}
for _, a := range authors {
m.Answer = append(m.Answer, &dns.TXT{Hdr: hdr, Txt: []string{a}})
}
for j := 0; j < len(authors)*(int(dns.Id())%4+1); j++ {
q := int(dns.Id()) % len(authors)
p := int(dns.Id()) % len(authors)
if q == p {
p = (p + 1) % len(authors)
}
m.Answer[q], m.Answer[p] = m.Answer[p], m.Answer[q]
}
return
case "version.bind.":
fallthrough
case "version.server.":
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
m.Answer = []dns.RR{&dns.TXT{Hdr: hdr, Txt: []string{Version}}}
return
case "hostname.bind.":
fallthrough
case "id.server.":
// TODO(miek): machine name to return
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
m.Answer = []dns.RR{&dns.TXT{Hdr: hdr, Txt: []string{"localhost"}}}
return
}
}
// still here, fail
m.SetReply(req)
m.SetRcode(req, dns.RcodeServerFailure)
return
}
switch q.Qtype {
case dns.TypeNS:
if name != s.config.Domain {
break
}
// Lookup s.config.DnsDomain
records, extra, err := s.NSRecords(q, s.config.dnsDomain)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
case dns.TypeA, dns.TypeAAAA:
records, err := s.AddressRecords(q, name, nil)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
if err.Error() == "incomplete CNAME chain" {
// We can not complete the CNAME internally, *iff* there is a
// external name in the set, take it, and try to resolve it externally.
if len(records) == 0 {
s.NameError(m, req)
return
}
target := ""
for _, r := range records {
if v, ok := r.(*dns.CNAME); ok {
if !dns.IsSubDomain(s.config.Domain, v.Target) {
target = v.Target
break
}
}
}
if target == "" {
s.config.log.Warningf("incomplete CNAME chain for %s", name)
s.NoDataError(m, req)
return
}
m1, e1 := s.Lookup(target, req.Question[0].Qtype, bufsize, dnssec)
if e1 != nil {
s.config.log.Errorf("%q", err)
s.NoDataError(m, req)
return
}
records = append(records, m1.Answer...)
}
}
m.Answer = append(m.Answer, records...)
case dns.TypeCNAME:
records, err := s.CNAMERecords(q, name)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
m.Answer = append(m.Answer, records...)
default:
fallthrough // also catch other types, so that they return NODATA
case dns.TypeSRV, dns.TypeANY:
records, extra, err := s.SRVRecords(q, name, bufsize, dnssec)
if err != nil {
if e, ok := err.(*etcd.EtcdError); ok {
if e.ErrorCode == 100 {
s.NameError(m, req)
return
}
}
}
// if we are here again, check the types, because an answer may only
// be given for SRV or ANY. All other types should return NODATA, the
// NXDOMAIN part is handled in the above code. TODO(miek): yes this
// can be done in a more elegant manor.
if q.Qtype == dns.TypeSRV || q.Qtype == dns.TypeANY {
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
}
}
if len(m.Answer) == 0 { // NODATA response
StatsNoDataCount.Inc(1)
m.Ns = []dns.RR{s.NewSOA()}
m.Ns[0].Header().Ttl = s.config.MinTtl
}
}
// ServeDNS is the handler for DNS requests, responsible for parsing DNS request, possibly forwarding
// it to a real dns server and returning a response.
func (s *server) ServeDNS(w dns.ResponseWriter, req *dns.Msg) {
m := new(dns.Msg)
m.SetReply(req)
m.Authoritative = true
m.RecursionAvailable = true
m.Compress = true
bufsize := uint16(512)
dnssec := false
tcp := false
start := time.Now()
q := req.Question[0]
name := strings.ToLower(q.Name)
if q.Qtype == dns.TypeANY {
m.Authoritative = false
m.Rcode = dns.RcodeRefused
m.RecursionAvailable = false
m.RecursionDesired = false
m.Compress = false
// if write fails don't care
w.WriteMsg(m)
promErrorCount.WithLabelValues("refused").Inc()
return
}
if o := req.IsEdns0(); o != nil {
bufsize = o.UDPSize()
dnssec = o.Do()
}
if bufsize < 512 {
bufsize = 512
}
// with TCP we can send 64K
if tcp = isTCP(w); tcp {
bufsize = dns.MaxMsgSize - 1
promRequestCount.WithLabelValues("tcp").Inc()
} else {
promRequestCount.WithLabelValues("udp").Inc()
}
StatsRequestCount.Inc(1)
if dnssec {
StatsDnssecOkCount.Inc(1)
promDnssecOkCount.Inc()
}
if s.config.Verbose {
logf("received DNS Request for %q from %q with type %d", q.Name, w.RemoteAddr(), q.Qtype)
}
// Check cache first.
m1 := s.rcache.Hit(q, dnssec, tcp, m.Id)
if m1 != nil {
if tcp {
if _, overflow := Fit(m1, dns.MaxMsgSize, tcp); overflow {
promErrorCount.WithLabelValues("overflow").Inc()
msgFail := new(dns.Msg)
s.ServerFailure(msgFail, req)
w.WriteMsg(msgFail)
return
}
} else {
// Overflow with udp always results in TC.
Fit(m1, int(bufsize), tcp)
if m1.Truncated {
promErrorCount.WithLabelValues("truncated").Inc()
}
}
// Still round-robin even with hits from the cache.
// Only shuffle A and AAAA records with each other.
if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA {
s.RoundRobin(m1.Answer)
}
if err := w.WriteMsg(m1); err != nil {
logf("failure to return reply %q", err)
}
metricSizeAndDuration(m1, start, tcp)
return
}
for zone, ns := range *s.config.stub {
if strings.HasSuffix(name, zone) {
resp := s.ServeDNSStubForward(w, req, ns)
if resp != nil {
s.rcache.InsertMessage(cache.Key(q, dnssec, tcp), resp)
metricSizeAndDuration(resp, start, tcp)
}
return
}
}
// If the qname is local.ds.skydns.local. and s.config.Local != "", substitute that name.
if s.config.Local != "" && name == s.config.localDomain {
name = s.config.Local
}
if q.Qtype == dns.TypePTR && strings.HasSuffix(name, ".in-addr.arpa.") || strings.HasSuffix(name, ".ip6.arpa.") {
resp := s.ServeDNSReverse(w, req)
if resp != nil {
s.rcache.InsertMessage(cache.Key(q, dnssec, tcp), resp)
metricSizeAndDuration(resp, start, tcp)
}
return
}
if q.Qclass != dns.ClassCHAOS && !strings.HasSuffix(name, s.config.Domain) {
resp := s.ServeDNSForward(w, req)
if resp != nil {
s.rcache.InsertMessage(cache.Key(q, dnssec, tcp), resp)
metricSizeAndDuration(resp, start, tcp)
}
return
}
promCacheMiss.WithLabelValues("response").Inc()
defer func() {
if m.Rcode == dns.RcodeServerFailure {
if err := w.WriteMsg(m); err != nil {
logf("failure to return reply %q", err)
}
return
}
// Set TTL to the minimum of the RRset and dedup the message, i.e. remove identical RRs.
m = s.dedup(m)
minttl := s.config.Ttl
if len(m.Answer) > 1 {
for _, r := range m.Answer {
if r.Header().Ttl < minttl {
minttl = r.Header().Ttl
}
}
for _, r := range m.Answer {
r.Header().Ttl = minttl
}
}
if dnssec {
if s.config.PubKey != nil {
m.AuthenticatedData = true
s.Denial(m)
s.Sign(m, bufsize)
}
}
if tcp {
if _, overflow := Fit(m, dns.MaxMsgSize, tcp); overflow {
msgFail := new(dns.Msg)
s.ServerFailure(msgFail, req)
w.WriteMsg(msgFail)
return
}
} else {
Fit(m, int(bufsize), tcp)
if m.Truncated {
promErrorCount.WithLabelValues("truncated").Inc()
}
}
s.rcache.InsertMessage(cache.Key(q, dnssec, tcp), m)
if err := w.WriteMsg(m); err != nil {
logf("failure to return reply %q", err)
}
metricSizeAndDuration(m, start, tcp)
}()
if name == s.config.Domain {
if q.Qtype == dns.TypeSOA {
m.Answer = []dns.RR{s.NewSOA()}
return
}
if q.Qtype == dns.TypeDNSKEY {
if s.config.PubKey != nil {
m.Answer = []dns.RR{s.config.PubKey}
return
}
}
}
if q.Qclass == dns.ClassCHAOS {
if q.Qtype == dns.TypeTXT {
switch name {
case "authors.bind.":
fallthrough
case s.config.Domain:
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
authors := []string{"Erik St. Martin", "Brian Ketelsen", "Miek Gieben", "Michael Crosby"}
for _, a := range authors {
m.Answer = append(m.Answer, &dns.TXT{Hdr: hdr, Txt: []string{a}})
}
for j := 0; j < len(authors)*(int(dns.Id())%4+1); j++ {
q := int(dns.Id()) % len(authors)
p := int(dns.Id()) % len(authors)
if q == p {
p = (p + 1) % len(authors)
}
m.Answer[q], m.Answer[p] = m.Answer[p], m.Answer[q]
}
return
case "version.bind.":
fallthrough
case "version.server.":
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
m.Answer = []dns.RR{&dns.TXT{Hdr: hdr, Txt: []string{Version}}}
return
case "hostname.bind.":
fallthrough
case "id.server.":
// TODO(miek): machine name to return
hdr := dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassCHAOS, Ttl: 0}
m.Answer = []dns.RR{&dns.TXT{Hdr: hdr, Txt: []string{"localhost"}}}
return
}
}
// still here, fail
m.SetReply(req)
m.SetRcode(req, dns.RcodeServerFailure)
return
}
switch q.Qtype {
case dns.TypeNS:
if name != s.config.Domain {
break
}
// Lookup s.config.DnsDomain
records, extra, err := s.NSRecords(q, s.config.dnsDomain)
if isEtcdNameError(err, s) {
s.NameError(m, req)
return
}
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
case dns.TypeA, dns.TypeAAAA:
records, err := s.AddressRecords(q, name, nil, bufsize, dnssec, false)
if isEtcdNameError(err, s) {
s.NameError(m, req)
return
}
m.Answer = append(m.Answer, records...)
case dns.TypeTXT:
records, err := s.TXTRecords(q, name)
if isEtcdNameError(err, s) {
s.NameError(m, req)
return
}
m.Answer = append(m.Answer, records...)
case dns.TypeCNAME:
records, err := s.CNAMERecords(q, name)
if isEtcdNameError(err, s) {
s.NameError(m, req)
return
}
m.Answer = append(m.Answer, records...)
case dns.TypeMX:
records, extra, err := s.MXRecords(q, name, bufsize, dnssec)
if isEtcdNameError(err, s) {
s.NameError(m, req)
return
}
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
default:
fallthrough // also catch other types, so that they return NODATA
case dns.TypeSRV:
records, extra, err := s.SRVRecords(q, name, bufsize, dnssec)
if err != nil {
if isEtcdNameError(err, s) {
s.NameError(m, req)
return
}
logf("got error from backend: %s", err)
if q.Qtype == dns.TypeSRV { // Otherwise NODATA
s.ServerFailure(m, req)
return
}
}
// if we are here again, check the types, because an answer may only
// be given for SRV. All other types should return NODATA, the
// NXDOMAIN part is handled in the above code. TODO(miek): yes this
// can be done in a more elegant manor.
if q.Qtype == dns.TypeSRV {
m.Answer = append(m.Answer, records...)
m.Extra = append(m.Extra, extra...)
}
}
if len(m.Answer) == 0 { // NODATA response
StatsNoDataCount.Inc(1)
m.Ns = []dns.RR{s.NewSOA()}
m.Ns[0].Header().Ttl = s.config.MinTtl
}
}