forked from rancher/external-dns
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rfc2136.go
248 lines (206 loc) · 5.56 KB
/
rfc2136.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
package rfc2136
import (
"fmt"
"net"
"os"
"strconv"
"time"
"github.com/Sirupsen/logrus"
"github.com/miekg/dns"
"github.com/rancher/external-dns/providers"
"github.com/rancher/external-dns/utils"
)
type RFC2136Provider struct {
nameserver string
zoneName string
tsigKeyName string
tsigSecret string
insecure bool
}
func init() {
providers.RegisterProvider("rfc2136", &RFC2136Provider{})
}
func (r *RFC2136Provider) Init(rootDomainName string) error {
var host, port, keyName, secret string
var insecure bool
var err error
if host = os.Getenv("RFC2136_HOST"); len(host) == 0 {
return fmt.Errorf("RFC2136_HOST is not set")
}
if port = os.Getenv("RFC2136_PORT"); len(port) == 0 {
return fmt.Errorf("RFC2136_PORT is not set")
}
if insecureStr := os.Getenv("RFC2136_INSECURE"); len(insecureStr) == 0 {
insecure = false
} else {
if insecure, err = strconv.ParseBool(insecureStr); err != nil {
return fmt.Errorf("RFC2136_INSECURE must be a boolean value")
}
}
if !insecure {
if keyName = os.Getenv("RFC2136_TSIG_KEYNAME"); len(keyName) == 0 {
return fmt.Errorf("RFC2136_TSIG_KEYNAME is not set")
}
if secret = os.Getenv("RFC2136_TSIG_SECRET"); len(secret) == 0 {
return fmt.Errorf("RFC2136_TSIG_SECRET is not set")
}
}
r.nameserver = net.JoinHostPort(host, port)
r.zoneName = dns.Fqdn(rootDomainName)
if !insecure {
r.tsigKeyName = dns.Fqdn(keyName)
r.tsigSecret = secret
}
r.insecure = insecure
logrus.Infof("Configured %s with zone '%s' and nameserver '%s'",
r.GetName(), r.zoneName, r.nameserver)
return nil
}
func (*RFC2136Provider) GetName() string {
return "RFC2136"
}
func (r *RFC2136Provider) HealthCheck() error {
m := new(dns.Msg)
m.SetQuestion(r.zoneName, dns.TypeSOA)
err := r.sendMessage(m)
if err != nil {
return fmt.Errorf("Failed to query zone SOA record: %v", err)
}
return nil
}
func (r *RFC2136Provider) AddRecord(record utils.DnsRecord) error {
logrus.Debugf("Adding RRset '%s %s'", record.Fqdn, record.Type)
m := new(dns.Msg)
m.SetUpdate(r.zoneName)
rrs := make([]dns.RR, 0)
for _, rec := range record.Records {
logrus.Debugf("Adding RR: '%s %d %s %s'", record.Fqdn, record.TTL, record.Type, rec)
rr, err := dns.NewRR(fmt.Sprintf("%s %d %s %s", record.Fqdn, record.TTL, record.Type, rec))
if err != nil {
return fmt.Errorf("Failed to build RR: %v", err)
}
rrs = append(rrs, rr)
}
m.Insert(rrs)
err := r.sendMessage(m)
if err != nil {
return fmt.Errorf("RFC2136 query failed: %v", err)
}
return nil
}
func (r *RFC2136Provider) RemoveRecord(record utils.DnsRecord) error {
logrus.Debugf("Removing RRset '%s %s'", record.Fqdn, record.Type)
m := new(dns.Msg)
m.SetUpdate(r.zoneName)
rr, err := dns.NewRR(fmt.Sprintf("%s 0 %s 0.0.0.0", record.Fqdn, record.Type))
if err != nil {
return fmt.Errorf("Could not construct RR: %v", err)
}
rrs := make([]dns.RR, 1)
rrs[0] = rr
m.RemoveRRset(rrs)
err = r.sendMessage(m)
if err != nil {
return fmt.Errorf("RFC2136 query failed: %v", err)
}
return nil
}
func (r *RFC2136Provider) UpdateRecord(record utils.DnsRecord) error {
err := r.RemoveRecord(record)
if err != nil {
return err
}
return r.AddRecord(record)
}
func (r *RFC2136Provider) GetRecords() ([]utils.DnsRecord, error) {
records := make([]utils.DnsRecord, 0)
list, err := r.list()
if err != nil {
return records, err
}
OuterLoop:
for _, rr := range list {
if rr.Header().Class != dns.ClassINET {
continue
}
rrFqdn := rr.Header().Name
rrTTL := int(rr.Header().Ttl)
var rrType string
var rrValues []string
switch rr.Header().Rrtype {
case dns.TypeCNAME:
rrValues = []string{rr.(*dns.CNAME).Target}
rrType = "CNAME"
case dns.TypeA:
rrValues = []string{rr.(*dns.A).A.String()}
rrType = "A"
case dns.TypeAAAA:
rrValues = []string{rr.(*dns.AAAA).AAAA.String()}
rrType = "AAAA"
case dns.TypeTXT:
rrValues = rr.(*dns.TXT).Txt
rrType = "TXT"
default:
continue // Unhandled record type
}
for idx, existingRecord := range records {
if existingRecord.Fqdn == rrFqdn && existingRecord.Type == rrType {
records[idx].Records = append(records[idx].Records, rrValues...)
continue OuterLoop
}
}
record := utils.DnsRecord{
Fqdn: rrFqdn,
Type: rrType,
TTL: rrTTL,
Records: rrValues,
}
records = append(records, record)
}
return records, nil
}
func (r *RFC2136Provider) sendMessage(msg *dns.Msg) error {
c := new(dns.Client)
c.SingleInflight = true
if !r.insecure {
c.TsigSecret = map[string]string{r.tsigKeyName: r.tsigSecret}
msg.SetTsig(r.tsigKeyName, dns.HmacMD5, 300, time.Now().Unix())
}
resp, _, err := c.Exchange(msg, r.nameserver)
if err != nil {
return err
}
if resp != nil && resp.Rcode != dns.RcodeSuccess {
return fmt.Errorf("Bad return code: %s", dns.RcodeToString[resp.Rcode])
}
return nil
}
func (r *RFC2136Provider) list() ([]dns.RR, error) {
logrus.Debugf("Fetching records for '%s'", r.zoneName)
t := new(dns.Transfer)
if !r.insecure {
t.TsigSecret = map[string]string{r.tsigKeyName: r.tsigSecret}
}
m := new(dns.Msg)
m.SetAxfr(r.zoneName)
if !r.insecure {
m.SetTsig(r.tsigKeyName, dns.HmacMD5, 300, time.Now().Unix())
}
env, err := t.In(m, r.nameserver)
if err != nil {
return nil, fmt.Errorf("Failed to fetch records via AXFR: %v", err)
}
records := make([]dns.RR, 0)
for e := range env {
if e.Error != nil {
if e.Error == dns.ErrSoa {
logrus.Error("AXFR error: unexpected response received from the server")
} else {
logrus.Errorf("AXFR error: %v", e.Error)
}
continue
}
records = append(records, e.RR...)
}
return records, nil
}