net/dns/resolver: translate 5xx DoH server errors into SERVFAIL DNS responses

If a DoH server returns an HTTP server error, rather than a SERVFAIL within
a successful HTTP response, we should handle it in the same way as SERVFAIL.

Updates #13571

Signed-off-by: Nick Hill <mykola.khyl@gmail.com>
pull/13793/head
Nick Hill 2 months ago committed by Nick Khyl
parent 17335d2104
commit e7545f2eac

@ -487,6 +487,10 @@ func (f *forwarder) sendDoH(ctx context.Context, urlBase string, c *http.Client,
defer hres.Body.Close() defer hres.Body.Close()
if hres.StatusCode != 200 { if hres.StatusCode != 200 {
metricDNSFwdDoHErrorStatus.Add(1) metricDNSFwdDoHErrorStatus.Add(1)
if hres.StatusCode/100 == 5 {
// Translate 5xx HTTP server errors into SERVFAIL DNS responses.
return nil, fmt.Errorf("%w: %s", errServerFailure, hres.Status)
}
return nil, errors.New(hres.Status) return nil, errors.New(hres.Status)
} }
if ct := hres.Header.Get("Content-Type"); ct != dohType { if ct := hres.Header.Get("Content-Type"); ct != dohType {

Loading…
Cancel
Save