Drop queries in root doamin when ndots is set

Signed-off-by: Santhosh Manohar <santhosh@docker.com>
2022-11-09 12:21:53 -05:00 · 2016-09-09 21:45:03 -07:00 · 2016-09-09 21:45:03 -07:00 · db9a7021ac
commit db9a7021ac
parent 146551e922
3 changed files with 44 additions and 2 deletions
--- a/libnetwork/resolver.go
+++ b/libnetwork/resolver.go
@ -325,6 +325,21 @@ func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
 		return
 	}

+	// If the user sets ndots > 0 explicitly and the query is
+	// in the root domain don't forward it out. We will return
+	// failure and let the client retry with the search domain
+	// attached
+	if resp == nil {
+		switch query.Question[0].Qtype {
+		case dns.TypeA:
+			fallthrough
+		case dns.TypeAAAA:
+			if r.sb.ndotsSet && !strings.Contains(strings.TrimSuffix(name, "."), ".") {
+				resp = createRespMsg(query)
+			}
+		}
+	}
+
 	proto := w.LocalAddr().Network()
 	maxSize := 0
 	if proto == "tcp" {
--- a/libnetwork/sandbox.go
+++ b/libnetwork/sandbox.go
@ -86,6 +86,7 @@ type sandbox struct {
 	isStub             bool
 	inDelete           bool
 	ingress            bool
+	ndotsSet           bool
 	sync.Mutex
 }

--- a/libnetwork/sandbox_dns_unix.go
+++ b/libnetwork/sandbox_dns_unix.go
@ -8,6 +8,8 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"strconv"
+	"strings"

 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/libnetwork/etchosts"
@ -313,8 +315,32 @@ func (sb *sandbox) rebuildDNS() error {
 	// external v6 DNS servers has to be listed in resolv.conf
 	dnsList = append(dnsList, resolvconf.GetNameservers(currRC.Content, types.IPv6)...)

-	// Resolver returns the options in the format resolv.conf expects
-	dnsOptionsList = append(dnsOptionsList, sb.resolver.ResolverOptions()...)
+	// If the user config and embedded DNS server both have ndots option set,
+	// remember the user's config so that unqualified names not in the docker
+	// domain can be dropped.
+	resOptions := sb.resolver.ResolverOptions()
+
+dnsOpt:
+	for _, resOpt := range resOptions {
+		if strings.Contains(resOpt, "ndots") {
+			for _, option := range dnsOptionsList {
+				if strings.Contains(option, "ndots") {
+					parts := strings.Split(option, ":")
+					if len(parts) != 2 {
+						return fmt.Errorf("invalid ndots option %v", option)
+					}
+					if num, err := strconv.Atoi(parts[1]); err != nil {
+						return fmt.Errorf("invalid number for ndots option %v", option)
+					} else if num > 0 {
+						sb.ndotsSet = true
+						break dnsOpt
+					}
+				}
+			}
+		}
+	}
+
+	dnsOptionsList = append(dnsOptionsList, resOptions...)

 	_, err = resolvconf.Build(sb.config.resolvConfPath, dnsList, dnsSearchList, dnsOptionsList)
 	return err