Skip to content

Commit

Permalink
net/dns/resolver: translate 5xx DoH server errors into SERVFAIL DNS r…
Browse files Browse the repository at this point in the history 
…esponses

If a DoH server returns an HTTP server error, rather than a SERVFAIL within
a successful HTTP response, we should handle it in the same way as SERVFAIL.

Updates tailscale#13571

Signed-off-by: Nick Hill <mykola.khyl@gmail.com>
  • Loading branch information
@nickkhyl
nickkhyl committed Oct 11, 2024
1 parent 17335d2 commit e7545f2
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/dns/resolver/forwarder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,10 @@ func (f *forwarder) sendDoH(ctx context.Context, urlBase string, c *http.Client,
defer hres.Body.Close()
if hres.StatusCode != 200 {
metricDNSFwdDoHErrorStatus.Add(1)
if hres.StatusCode/100 == 5 {
// Translate 5xx HTTP server errors into SERVFAIL DNS responses.
return nil, fmt.Errorf("%w: %s", errServerFailure, hres.Status)
}
return nil, errors.New(hres.Status)
}
if ct := hres.Header.Get("Content-Type"); ct != dohType {
Expand Down

0 comments on commit e7545f2

Please sign in to comment.