From ce7ae4399373bc2312a3cd66e4c3451667cc7805 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Mon, 28 Oct 2024 21:55:49 +0200
Subject: [PATCH] feat: handle CAA queries (poorly)

---
 internal/dns/query.go | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/internal/dns/query.go b/internal/dns/query.go
index 58c3946..e6e00e3 100644
--- a/internal/dns/query.go
+++ b/internal/dns/query.go
@@ -31,6 +31,8 @@ func parseQuery(m *dns.Msg, r *dns.Msg) {
 		case dns.TypeAAAA:
 			// NOTE: Stub
 			m.SetRcode(r, dns.RcodeNameError)
+		case dns.TypeCAA:
+			handleCAARecord(&q, m, r)
 		case dns.TypeCNAME:
 			// NOTE: This is stubbed like this to make things like lego not shit themselves if they get NOTIMP.
 			m.SetRcode(r, dns.RcodeNameError)
@@ -79,6 +81,35 @@ func handleARecord(q *dns.Question, m *dns.Msg, r *dns.Msg) {
 	}
 }
 
+func handleCAARecord(q *dns.Question, m *dns.Msg, r *dns.Msg) {
+	qName := strings.ToLower(q.Name)
+
+	// FIXME: Figure out how CAA actually works I guess, currently this is just
+	//        a carbron copy of handleNSRecord
+	ns := &dns.NS{
+		Hdr: dns.RR_Header{Name: q.Name, Rrtype: dns.TypeNS, Class: dns.ClassINET, Ttl: 86400},
+		Ns:  config.FeluConfig.Domain,
+	}
+
+	// "Root" Domain NS.
+	if qName == config.FeluConfig.Domain {
+		m.Answer = append(m.Answer, ns)
+		return
+	}
+
+	if index := strings.IndexByte(qName, '.'); index >= 0 {
+		// FIXME: other way of checking that the domain exists
+		_, err := db.FetchDomainARecord(qName[:index])
+		if err != nil {
+			m.SetRcode(r, dns.RcodeNameError)
+		} else {
+			m.Answer = append(m.Answer, ns)
+		}
+	} else {
+		m.SetRcode(r, dns.RcodeNameError)
+	}
+}
+
 func handleNSRecord(q *dns.Question, m *dns.Msg, r *dns.Msg) {
 	qName := strings.ToLower(q.Name)
 
-- 
2.44.1