FindZoneByFqdn fixes from lego
This commit is contained in:
Brian Hardy
parent
33210637fd
commit
e52aefb34a
@ -8,7 +8,6 @@ import (
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/miekg/dns"
|
||||
"golang.org/x/net/publicsuffix"
|
||||
)
|
||||
|
||||
type preCheckDNSFunc func(fqdn, value string) (bool, error)
|
||||
@ -129,7 +128,7 @@ func dnsQuery(fqdn string, rtype uint16, nameservers []string, recursive bool) (
|
||||
|
||||
if err == dns.ErrTruncated {
|
||||
tcp := &dns.Client{Net: "tcp", Timeout: DNSTimeout}
|
||||
// If the TCP request suceeds, the err will reset to nil
|
||||
// If the TCP request succeeds, the err will reset to nil
|
||||
in, _, err = tcp.Exchange(m, ns)
|
||||
}
|
||||
|
||||
@ -177,10 +176,6 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
|
||||
labelIndexes := dns.Split(fqdn)
|
||||
for _, index := range labelIndexes {
|
||||
domain := fqdn[index:]
|
||||
// Give up if we have reached the TLD
|
||||
if isTLD(domain) {
|
||||
break
|
||||
}
|
||||
|
||||
in, err := dnsQuery(domain, dns.TypeSOA, nameservers, true)
|
||||
if err != nil {
|
||||
@ -195,6 +190,13 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
|
||||
|
||||
// Check if we got a SOA RR in the answer section
|
||||
if in.Rcode == dns.RcodeSuccess {
|
||||
|
||||
// CNAME records cannot/should not exist at the root of a zone.
|
||||
// So we skip a domain when a CNAME is found.
|
||||
if dnsMsgContainsCNAME(in) {
|
||||
continue
|
||||
}
|
||||
|
||||
for _, ans := range in.Answer {
|
||||
if soa, ok := ans.(*dns.SOA); ok {
|
||||
zone := soa.Hdr.Name
|
||||
@ -208,10 +210,12 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) {
|
||||
return "", fmt.Errorf("Could not find the start of authority")
|
||||
}
|
||||
|
||||
func isTLD(domain string) bool {
|
||||
publicsuffix, _ := publicsuffix.PublicSuffix(UnFqdn(domain))
|
||||
if publicsuffix == UnFqdn(domain) {
|
||||
return true
|
||||
// dnsMsgContainsCNAME checks for a CNAME answer in msg
|
||||
func dnsMsgContainsCNAME(msg *dns.Msg) bool {
|
||||
for _, ans := range msg.Answer {
|
||||
if _, ok := ans.(*dns.CNAME); ok {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
@ -36,10 +36,10 @@ var findZoneByFqdnTests = []struct {
|
||||
fqdn string
|
||||
zone string
|
||||
}{
|
||||
{"mail.google.com.", "google.com."}, // domain is a CNAME
|
||||
{"foo.google.com.", "google.com."}, // domain is a non-existent subdomain
|
||||
// TODO: work out why this test doesn't work
|
||||
//{"example.com.ac.", "ac."}, // domain is a eTLD
|
||||
{"mail.google.com.", "google.com."}, // domain is a CNAME
|
||||
{"foo.google.com.", "google.com."}, // domain is a non-existent subdomain
|
||||
{"example.com.ac.", "ac."}, // domain is a eTLD
|
||||
{"cross-zone-example.assets.sh.", "assets.sh."}, // domain is a cross-zone CNAME
|
||||
}
|
||||
|
||||
var checkAuthoritativeNssTests = []struct {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user