Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-05-26 03:40:23 -04:00
Code Issues Packages Projects Releases Wiki Activity

plugin/file: canonicalize escape form in owner names (#8109)

Browse Source 
The miekg/dns zone parser preserves whichever text form the input
used for an escaped byte. RFC 1035 §5.1 lets the same byte appear
as \DDD (decimal) or \c (literal character), so a zone file
written with has\046dot.campus.edu. is stored under that literal
string. Incoming queries, by contrast, arrive on the wire and are
unpacked by miekg/dns into the canonical form has\.dot.campus.edu.
The two strings don't compare equal in the tree, so the record is
silently unreachable.

Pack-then-unpack the owner name on Insert so the stored key uses
the same canonical form as anything that comes off the wire. Only
runs when the name contains a backslash, so the common case is a
no-op string compare.

Fixes #8012

Signed-off-by: Charlie Tonneslan <cst0520@gmail.com>
This commit is contained in:
Charlie Tonneslan
2026-05-19 21:08:16 -04:00
committed by GitHub
parent 6f4be7103a
commit f4f767fb4e
2 changed files with 94 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
plugin/file/zone.go
View File

@@ -81,7 +81,7 @@ func (z *Zone) CopyWithoutApex() *Zone {
func (z *Zone) Insert(r dns.RR) error {
// r.Header().Name = strings.ToLower(r.Header().Name)
if r.Header().Rrtype != dns.TypeSRV {
r.Header().Name = strings.ToLower(r.Header().Name)
r.Header().Name = strings.ToLower(canonicalEscape(r.Header().Name))
}
switch h := r.Header().Rrtype; h {
@@ -212,3 +212,27 @@ func (z *Zone) getSOA() *dns.SOA {
defer z.RUnlock()
return z.SOA
}
// canonicalEscape normalizes the escape representation of name. RFC 1035
// §5.1 lets the same byte be written as \DDD (decimal) or \c (literal
// character), and miekg/dns's zone parser preserves whichever form
// appeared in the input. Wire format has no such freedom, so packing
// then unpacking yields the canonical text representation that incoming
// queries use. Without this, an owner name written as has\046dot.example.
// in a zone file is stored under that literal string and never matches a
// query for has\.dot.example., which is how the wire form unpacks.
func canonicalEscape(name string) string {
if !strings.ContainsRune(name, '\\') {
return name
}
buf := make([]byte, len(name)+1)
off, err := dns.PackDomainName(name, buf, 0, nil, false)
if err != nil {
return name
}
out, _, err := dns.UnpackDomainName(buf[:off], 0)
if err != nil {
return name
}
return out
}