From 19e1fcc242d36fb6383da8d5de4f4616335287eb Mon Sep 17 00:00:00 2001 From: Pavithra Ramesh Date: Mon, 3 Dec 2018 14:27:39 -0800 Subject: [PATCH] Remove 'norecurse' flag in dns tests. dnsmasq 2.79 introduced a change to respond to all norecurse queries with ServFail. This is to prevent cache snooping where an adversary can figure out if a particular hostname has been looked up or not. These tests do not need the norecurse flag, hence removing it. --- test/e2e/network/dns_common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/e2e/network/dns_common.go b/test/e2e/network/dns_common.go index ca1dc35283d..c93c431a3cd 100644 --- a/test/e2e/network/dns_common.go +++ b/test/e2e/network/dns_common.go @@ -22,9 +22,9 @@ import ( "strings" "time" + "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" @@ -494,7 +494,7 @@ func createProbeCommand(namesToResolve []string, hostEntries []string, ptrLookup // createTargetedProbeCommand returns a command line that performs a DNS lookup for a specific record type func createTargetedProbeCommand(nameToResolve string, lookup string, fileNamePrefix string) (string, string) { fileName := fmt.Sprintf("%s_udp@%s", fileNamePrefix, nameToResolve) - probeCmd := fmt.Sprintf("dig +short +tries=12 +norecurse %s %s > /results/%s", nameToResolve, lookup, fileName) + probeCmd := fmt.Sprintf("dig +short +tries=12 %s %s > /results/%s", nameToResolve, lookup, fileName) return probeCmd, fileName }