DEVELOPMENT ENVIRONMENT

~liljamo/felu

ref: 0.2.0 felu/internal/dns/handle.go -rw-r--r-- 1.3 KiB
80794a24Jonni Liljamo feat: add RFC 2136 docs for lego 15 days ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

/*
 * Copyright (C) 2024 Jonni Liljamo <jonni@liljamo.com>
 *
 * This file is licensed under AGPL-3.0-or-later, see NOTICE and LICENSE for
 * more information.
 */

package dns

import (
	"log/slog"
	"time"

	"github.com/miekg/dns"
)

func handleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
	m := new(dns.Msg)
	m.SetReply(r)
	m.Compress = false
	m.SetEdns0(4096, true)

	requestWasValidTsig := false
	if r.IsTsig() != nil {
		slog.Debug("Request is TSIG")
		if w.TsigStatus() == nil {
			slog.Debug("TSIG is valid")
			requestWasValidTsig = true
			// NOTE: The first argument here is the keyname.
			m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.TSIG).Hdr.Name, dns.HmacSHA256, 300, time.Now().Unix())
		} else {
			slog.Error("TSIG error", slog.String("status", w.TsigStatus().Error()))
			// Stop processing the request if there was something wrong with TSIG.
			return
		}
	}

	switch r.Opcode {
	case dns.OpcodeQuery:
		parseQuery(m, r)
	case dns.OpcodeUpdate:
		if requestWasValidTsig {
			parseUpdate(m, r)
		} else {
			// Don't process updates if request wasn't tsig.
			// NOTE: I figured FORMERR was the best for this. Do you have any objections?
			m.SetRcode(r, dns.RcodeFormatError)
		}
	default:
		slog.Info("Unsupported Opcode", slog.String("type", dns.OpcodeToString[r.Opcode]))
		m.SetRcode(r, dns.RcodeNotImplemented)
	}

	w.WriteMsg(m)
}