luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

config: do not allow an ANY address as DNS recursor

This commit is contained in:
Frank Schroeder 2017-10-20 20:00:45 +02:00 committed by Frank Schröder
parent 19cc7db779
commit 6df6ac03b7
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/config/builder.go
View File

@ -726,6 +726,11 @@ func (b *Builder) Validate(rt RuntimeConfig) error {
return fmt.Errorf("DNS address cannot be a unix socket") return fmt.Errorf("DNS address cannot be a unix socket")
} }
} }
for _, a := range rt.DNSRecursors {
if ipaddr.IsAny(a) {
return fmt.Errorf("DNS recursor address cannot be 0.0.0.0, :: or [::]")
}
}
if rt.Bootstrap && !rt.ServerMode { if rt.Bootstrap && !rt.ServerMode {
return fmt.Errorf("'bootstrap = true' requires 'server = true'") return fmt.Errorf("'bootstrap = true' requires 'server = true'")
} }

9
agent/config/runtime_test.go
View File

@ -1463,6 +1463,15 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
hcl: []string{`advertise_addr_wan = "::"`}, hcl: []string{`advertise_addr_wan = "::"`},
err: "Advertise WAN address cannot be 0.0.0.0, :: or [::]", err: "Advertise WAN address cannot be 0.0.0.0, :: or [::]",
}, },
{
desc: "recursors any",
flags: []string{
`-data-dir=` + dataDir,
},
json: []string{`{ "recursors": ["::"] }`},
hcl: []string{`recursors = ["::"]`},
err: "DNS recursor address cannot be 0.0.0.0, :: or [::]",
},
{ {
desc: "dns_config.udp_answer_limit invalid", desc: "dns_config.udp_answer_limit invalid",
flags: []string{ flags: []string{