Pass DNS Msg via context into TSIG Verify and Generate functions #1348

This allows server operators to pass data from the read decorators to the actual DNS handlers. An example use case where this is needed is when there is any proxying service between eyeball and DNS server. In order to preserve the client IP, the proxy server might have to use PROXY protocol v2. If you don't have a context you can read and see the client IPs in the decoraters but your handler will not know this information and therefore might not be able to do things like: 1. Block IPs 2. Verify TSIGs based off specific IP 3. Respond with TSIGs based off source IP 4. Respond with different answers based of IP location Apart from knowing the source IP, there is other situations where you might want to pass information parsed in the read decorators to the handler.

This gives the server operator a lot more flexibility as to how they manage the verification and generation of tsigs. The test TestServerRoundtripTsigProvider displays some of these possibilities. For example: 1. Establish a sync.RWMutex on the secret map so that secrets can be dynamically updated even after the server has been started. 2. Establish more granular secret maps. I.E to ensure that many zones can share TSIG names without collisions in the map. You could do other things like have zone specific verification or generation.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pass DNS Msg via context into TSIG Verify and Generate functions #1348

Pass DNS Msg via context into TSIG Verify and Generate functions #1348

Commits on Mar 11, 2022