diff --git a/README.md b/README.md index 64b780b..6f87ebb 100644 --- a/README.md +++ b/README.md @@ -70,20 +70,20 @@ linux/amd64, go1.14.2, $ $ dig @127.0.0.1 -p 5353 _wireguard._udp.example.com. PTR +noall +answer +additional -_wireguard._udp.example.com. 0 IN PTR YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA====._wireguard._udp.example.com. -_wireguard._udp.example.com. 0 IN PTR WMRID55V4ENHXQX2JSTYOYVKICJ5PIHKB2TR7R42SMIU3T5L4I5Q====._wireguard._udp.example.com. +_wireguard._udp.example.com. 0 IN PTR yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. +_wireguard._udp.example.com. 0 IN PTR wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. $ -$ dig @127.0.0.1 -p 5353 YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA====._wireguard._udp.example.com. SRV +noall +answer +additional -yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. 0 IN SRV 0 0 7777 YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA====.example.com. -YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA====.example.com. 0 IN A 203.0.113.1 +$ dig @127.0.0.1 -p 5353 yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. SRV +noall +answer +additional +yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====._wireguard._udp.example.com. 0 IN SRV 0 0 7777 yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====.example.com. +yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha====.example.com. 0 IN A 203.0.113.1 $ -$ dig @127.0.0.1 -p 5353 WMRID55V4ENHXQX2JSTYOYVKICJ5PIHKB2TR7R42SMIU3T5L4I5Q====._wireguard._udp.example.com. SRV +noall +answer +additional -wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. 0 IN SRV 0 0 8888 WMRID55V4ENHXQX2JSTYOYVKICJ5PIHKB2TR7R42SMIU3T5L4I5Q====.example.com. -WMRID55V4ENHXQX2JSTYOYVKICJ5PIHKB2TR7R42SMIU3T5L4I5Q====.example.com. 0 IN A 198.51.100.1 +$ dig @127.0.0.1 -p 5353 wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. SRV +noall +answer +additional +wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====._wireguard._udp.example.com. 0 IN SRV 0 0 8888 wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====.example.com. +wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q====.example.com. 0 IN A 198.51.100.1 $ -$ echo YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA==== | base32 -d | base64 +$ echo yutrled535igkl7bdlerl6m4vjxsxm3uqqpl4nmsn27mt56ad4ha==== | base32 -d | base64 xScVkH3fUGUv4RrJFfmcqm8rs3SEHr41km6+yffAHw4= -$ echo WMRID55V4ENHXQX2JSTYOYVKICJ5PIHKB2TR7R42SMIU3T5L4I5Q==== | base32 -d | base64 +$ echo wmrid55v4enhxqx2jstyoyvkicj5pihkb2tr7r42smiu3t5l4i5q==== | base32 -d | base64 syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js= ``` diff --git a/wgsd.go b/wgsd.go index 20fcfed..a63529e 100644 --- a/wgsd.go +++ b/wgsd.go @@ -87,7 +87,7 @@ func (p *WGSD) ServeDNS(ctx context.Context, w dns.ResponseWriter, Ttl: 0, }, Ptr: fmt.Sprintf("%s.%s%s", - base32.StdEncoding.EncodeToString(peer.PublicKey[:]), + strings.ToLower(base32.StdEncoding.EncodeToString(peer.PublicKey[:])), spPrefix, p.zone), }) } @@ -115,7 +115,7 @@ func (p *WGSD) ServeDNS(ctx context.Context, w dns.ResponseWriter, Weight: 0, Port: uint16(endpoint.Port), Target: fmt.Sprintf("%s.%s", - strings.ToUpper(pubKey), p.zone), + strings.ToLower(pubKey), p.zone), }) w.WriteMsg(m) // nolint: errcheck return dns.RcodeSuccess, nil @@ -148,7 +148,7 @@ func getHostRR(pubKey, zone string, endpoint *net.UDPAddr) dns.RR { if endpoint == nil || endpoint.IP == nil { return nil } - name := fmt.Sprintf("%s.%s", strings.ToUpper(pubKey), zone) + name := fmt.Sprintf("%s.%s", strings.ToLower(pubKey), zone) switch { case endpoint.IP.To4() != nil: return &dns.A{ diff --git a/wgsd_test.go b/wgsd_test.go new file mode 100644 index 0000000..a8124fd --- /dev/null +++ b/wgsd_test.go @@ -0,0 +1,142 @@ +package wgsd + +import ( + "bytes" + "context" + "encoding/base32" + "fmt" + "net" + "strings" + "testing" + + "github.com/coredns/coredns/plugin/pkg/dnstest" + "github.com/coredns/coredns/plugin/test" + "github.com/miekg/dns" + "golang.zx2c4.com/wireguard/wgctrl/wgtypes" +) + +type mockClient struct { + peers []wgtypes.Peer +} + +func (m *mockClient) Device(d string) (*wgtypes.Device, error) { + return &wgtypes.Device{ + Name: d, + Peers: m.peers, + }, nil +} + +func base32EqualsPubKey(t *testing.T, b32 string, pubKey wgtypes.Key) bool { + got, err := base32.StdEncoding.DecodeString(strings.ToUpper(b32)) + if err != nil { + t.Fatalf("error decoding base32 string: %v", err) + } + return bytes.Equal(pubKey[:], got) +} + +func TestWGSD(t *testing.T) { + key1 := [32]byte{} + key1[0] = 1 + peer1 := wgtypes.Peer{ + Endpoint: &net.UDPAddr{ + IP: net.ParseIP("1.1.1.1"), + Port: 1, + }, + PublicKey: key1, + } + peer1b32 := strings.ToLower(base32.StdEncoding.EncodeToString(peer1.PublicKey[:])) + key2 := [32]byte{} + key2[0] = 2 + peer2 := wgtypes.Peer{ + Endpoint: &net.UDPAddr{ + IP: net.ParseIP("::2"), + Port: 2, + }, + PublicKey: key2, + } + peer2b32 := strings.ToLower(base32.StdEncoding.EncodeToString(peer2.PublicKey[:])) + p := &WGSD{ + Next: test.ErrorHandler(), + client: &mockClient{ + peers: []wgtypes.Peer{peer1, peer2}, + }, + zone: "example.com.", + device: "wg0", + } + + testCases := []test.Case{ + test.Case{ + Qname: "_wireguard._udp.example.com.", + Qtype: dns.TypePTR, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.PTR(fmt.Sprintf("_wireguard._udp.example.com. 0 IN PTR %s._wireguard._udp.example.com.", peer1b32)), + test.PTR(fmt.Sprintf("_wireguard._udp.example.com. 0 IN PTR %s._wireguard._udp.example.com.", peer2b32)), + }, + }, + test.Case{ + Qname: fmt.Sprintf("%s._wireguard._udp.example.com.", peer1b32), + Qtype: dns.TypeSRV, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.SRV(fmt.Sprintf("%s._wireguard._udp.example.com. 0 IN SRV 0 0 1 %s.example.com.", peer1b32, peer1b32)), + }, + Extra: []dns.RR{ + test.A(fmt.Sprintf("%s.example.com. 0 IN A %s", peer1b32, peer1.Endpoint.IP.String())), + }, + }, + test.Case{ + Qname: fmt.Sprintf("%s._wireguard._udp.example.com.", peer2b32), + Qtype: dns.TypeSRV, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.SRV(fmt.Sprintf("%s._wireguard._udp.example.com. 0 IN SRV 0 0 2 %s.example.com.", peer2b32, peer2b32)), + }, + Extra: []dns.RR{ + test.AAAA(fmt.Sprintf("%s.example.com. 0 IN AAAA %s", peer2b32, peer2.Endpoint.IP.String())), + }, + }, + test.Case{ + Qname: fmt.Sprintf("%s.example.com.", peer1b32), + Qtype: dns.TypeA, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.A(fmt.Sprintf("%s.example.com. 0 IN A %s", peer1b32, peer1.Endpoint.IP.String())), + }, + }, + test.Case{ + Qname: fmt.Sprintf("%s.example.com.", peer2b32), + Qtype: dns.TypeAAAA, + Rcode: dns.RcodeSuccess, + Answer: []dns.RR{ + test.AAAA(fmt.Sprintf("%s.example.com. 0 IN AAAA %s", peer2b32, peer2.Endpoint.IP.String())), + }, + }, + } + for _, tc := range testCases { + t.Run(fmt.Sprintf("%s %s", tc.Qname, dns.TypeToString[tc.Qtype]), func(t *testing.T) { + m := tc.Msg() + rec := dnstest.NewRecorder(&test.ResponseWriter{}) + ctx := context.TODO() + _, err := p.ServeDNS(ctx, rec, m) + if err != nil { + t.Errorf("Expected no error, got %v", err) + return + } + resp := rec.Msg + if err := test.Header(tc, resp); err != nil { + t.Error(err) + return + } + if err := test.Section(tc, test.Answer, resp.Answer); err != nil { + t.Error(err) + } + if err := test.Section(tc, test.Ns, resp.Ns); err != nil { + t.Error(err) + } + if err := test.Section(tc, test.Extra, resp.Extra); err != nil { + t.Error(err) + } + }) + } +}