libnetwork: reply SERVFAIL if DNS forwarding fails
Fixes moby/moby issue 44575 Signed-off-by: Cory Snider <csnider@mirantis.com>
This commit is contained in:
Cory Snider
parent
9cf8c4f689
commit
e6258e6590
2 changed files with 37 additions and 16 deletions
|
|
@ -408,15 +408,14 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
|
|||
resp = createRespMsg(query)
|
||||
} else {
|
||||
resp = r.forwardExtDNS(proto, maxSize, query)
|
||||
if resp == nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// The backend doesn't support proxying DNS requests.
|
||||
resp = new(dns.Msg).SetRcode(query, dns.RcodeServerFailure)
|
||||
}
|
||||
|
||||
if resp == nil {
|
||||
// We were unable to get an answer from any of the upstream DNS
|
||||
// servers or the backend doesn't support proxying DNS requests.
|
||||
resp = new(dns.Msg).SetRcode(query, dns.RcodeServerFailure)
|
||||
}
|
||||
if err = w.WriteMsg(resp); err != nil {
|
||||
logrus.WithError(err).Errorf("[resolver] failed to write response")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -417,17 +417,39 @@ func (noopDNSBackend) NdotsSet() bool { return false }
|
|||
|
||||
func (noopDNSBackend) HandleQueryResp(name string, ip net.IP) {}
|
||||
|
||||
func TestReplySERVFAILOnInternalError(t *testing.T) {
|
||||
defer redirectLogrusTo(t)
|
||||
func TestReplySERVFAIL(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
q *dns.Msg
|
||||
proxyDNS bool
|
||||
}{
|
||||
{
|
||||
name: "InternalError",
|
||||
q: new(dns.Msg).SetQuestion("_sip._tcp.example.com.", dns.TypeSRV),
|
||||
},
|
||||
{
|
||||
name: "ProxyDNS=false",
|
||||
q: new(dns.Msg).SetQuestion("example.com.", dns.TypeA),
|
||||
},
|
||||
{
|
||||
name: "ProxyDNS=true", // No extDNS servers configured -> no answer from any upstream
|
||||
q: new(dns.Msg).SetQuestion("example.com.", dns.TypeA),
|
||||
proxyDNS: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range cases {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
defer redirectLogrusTo(t)
|
||||
|
||||
rsv := NewResolver("", false, badSRVDNSBackend{}).(*resolver)
|
||||
w := &tstwriter{}
|
||||
q := new(dns.Msg).SetQuestion("_sip._tcp.example.com.", dns.TypeSRV)
|
||||
rsv.ServeDNS(w, q)
|
||||
resp := w.GetResponse()
|
||||
checkNonNullResponse(t, resp)
|
||||
t.Log("Response: ", resp.String())
|
||||
checkDNSResponseCode(t, resp, dns.RcodeServerFailure)
|
||||
rsv := NewResolver("", tt.proxyDNS, badSRVDNSBackend{}).(*resolver)
|
||||
w := &tstwriter{}
|
||||
rsv.ServeDNS(w, tt.q)
|
||||
resp := w.GetResponse()
|
||||
checkNonNullResponse(t, resp)
|
||||
t.Log("Response: ", resp.String())
|
||||
checkDNSResponseCode(t, resp, dns.RcodeServerFailure)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
type badSRVDNSBackend struct{ noopDNSBackend }
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue