Skip to content
Snippets Groups Projects
Commit 37db83e5 authored by Ward Vandewege's avatar Ward Vandewege Committed by Joona Hoikkala
Browse files

Respond case insensitively to A and SOA requests (#152)

* When appending the SOA for authoritative NXDOMAIN responses, it needs to go in
the Authoritative section, not the Answer section.

This fixes the acme-dns validation for the lego Let's Encrypt client.

* Respond case-insensitively to A and SOA requests. Add corresponding tests.

This fixes the autocert feature with Let's Encrypt, because Let's Encrypt does
a lookup for the A record with a deliberately mangled case.
parent 41a1cff0
No related branches found
No related tags found
No related merge requests found
...@@ -113,7 +113,7 @@ func (d *DNSServer) readQuery(m *dns.Msg) { ...@@ -113,7 +113,7 @@ func (d *DNSServer) readQuery(m *dns.Msg) {
func (d *DNSServer) getRecord(q dns.Question) ([]dns.RR, error) { func (d *DNSServer) getRecord(q dns.Question) ([]dns.RR, error) {
var rr []dns.RR var rr []dns.RR
var cnames []dns.RR var cnames []dns.RR
domain, ok := d.Domains[q.Name] domain, ok := d.Domains[strings.ToLower(q.Name)]
if !ok { if !ok {
return rr, fmt.Errorf("No records for domain %s", q.Name) return rr, fmt.Errorf("No records for domain %s", q.Name)
} }
...@@ -133,7 +133,7 @@ func (d *DNSServer) getRecord(q dns.Question) ([]dns.RR, error) { ...@@ -133,7 +133,7 @@ func (d *DNSServer) getRecord(q dns.Question) ([]dns.RR, error) {
// answeringForDomain checks if we have any records for a domain // answeringForDomain checks if we have any records for a domain
func (d *DNSServer) answeringForDomain(name string) bool { func (d *DNSServer) answeringForDomain(name string) bool {
_, ok := d.Domains[name] _, ok := d.Domains[strings.ToLower(name)]
return ok return ok
} }
...@@ -141,7 +141,7 @@ func (d *DNSServer) isAuthoritative(q dns.Question) bool { ...@@ -141,7 +141,7 @@ func (d *DNSServer) isAuthoritative(q dns.Question) bool {
if d.answeringForDomain(q.Name) { if d.answeringForDomain(q.Name) {
return true return true
} }
domainParts := strings.Split(q.Name, ".") domainParts := strings.Split(strings.ToLower(q.Name), ".")
for i := range domainParts { for i := range domainParts {
if d.answeringForDomain(strings.Join(domainParts[i:], ".")) { if d.answeringForDomain(strings.Join(domainParts[i:], ".")) {
return true return true
......
...@@ -218,3 +218,27 @@ func TestResolveTXT(t *testing.T) { ...@@ -218,3 +218,27 @@ func TestResolveTXT(t *testing.T) {
} }
} }
} }
func TestCaseInsensitiveResolveA(t *testing.T) {
resolv := resolver{server: "127.0.0.1:15353"}
answer, err := resolv.lookup("aUtH.eXAmpLe.org", dns.TypeA)
if err != nil {
t.Errorf("%v", err)
}
if len(answer.Answer) == 0 {
t.Error("No answer for DNS query")
}
}
func TestCaseInsensitiveResolveSOA(t *testing.T) {
resolv := resolver{server: "127.0.0.1:15353"}
answer, _ := resolv.lookup("doesnotexist.aUtH.eXAmpLe.org", dns.TypeSOA)
if answer.Rcode != dns.RcodeNameError {
t.Errorf("Was expecing NXDOMAIN rcode, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
}
if len(answer.Ns) == 0 {
t.Error("No SOA answer for DNS query")
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment