/
rfc2136.go
109 lines (93 loc) · 2.89 KB
/
rfc2136.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/*
Copyright 2019 The Jetstack cert-manager contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package server
import (
"fmt"
"sync"
"time"
"github.com/go-logr/logr"
"github.com/miekg/dns"
)
type rfc2136Handler struct {
log logr.Logger
txtRecords map[string][]string
zones []string
tsigZone string
lock sync.Mutex
}
// serveDNS implements github.com/miekg/dns.Handler
func (b *rfc2136Handler) ServeDNS(w dns.ResponseWriter, req *dns.Msg) {
b.lock.Lock()
defer b.lock.Unlock()
log := b.log.WithName("serveDNS")
m := new(dns.Msg)
m.SetReply(req)
defer w.WriteMsg(m)
var zone string
if len(req.Question) > 0 {
question := req.Question[0].Name
log = log.WithValues("question", question, "opcode", dns.OpcodeToString[req.Opcode])
zone = b.zoneForFQDN(question)
if zone == "" {
log.Info("failed to lookup zone for fqdn")
m.Rcode = dns.RcodeServerFailure
return
}
log = log.WithValues("zone", zone)
}
if t := req.IsTsig(); t != nil {
log.Info("TSIG requested on DNS request")
if w.TsigStatus() == nil {
log.Info("setting TSIG values on response")
// Validated
m.SetTsig(b.tsigZone, dns.HmacMD5, 300, time.Now().Unix())
}
}
// updates are currently accepted for *all* zones
if req.Opcode == dns.OpcodeUpdate {
for _, rr := range req.Ns {
txt := rr.(*dns.TXT)
log := log.WithValues("value", txt.Hdr.Name, "class", dns.ClassToString[rr.Header().Class], "txt", txt.Txt)
if rr.Header().Class == dns.ClassNONE {
log.Info("deleting txt record value due to NONE class")
// TODO: can we only delete the named record here somehow?
delete(b.txtRecords, txt.Hdr.Name)
continue
}
log.Info("setting TXT record value")
b.txtRecords[txt.Hdr.Name] = txt.Txt
}
}
switch req.Question[0].Qtype {
case dns.TypeSOA:
// Return SOA to appease findZoneByFqdn()
soaRR, _ := dns.NewRR(fmt.Sprintf("%s %d IN SOA ns1.%s admin.%s 2016022801 28800 7200 2419200 1200", zone, defaultTTL, zone, zone))
m.Answer = []dns.RR{soaRR}
case dns.TypeTXT:
for _, rr := range b.txtRecords[req.Question[0].Name] {
txtRR, _ := dns.NewRR(fmt.Sprintf("%s %d IN TXT %s", req.Question[0].Name, defaultTTL, rr))
m.Answer = append(m.Answer, txtRR)
}
}
for _, rr := range m.Answer {
log.Info("responding", "response", rr.String())
}
}
func (b *rfc2136Handler) zoneForFQDN(s string) string {
for _, z := range b.zones {
if dns.IsSubDomain(z, s) {
return z
}
}
return ""
}