fix(dns): Improve FCrDNS error handling and tests

btomaev · btomaev · commit 186f53501474 · 2025-11-27T01:14:30.000+03:00
The `VerifyFCrDNS` function previously ignored errors returned from reverse DNS lookups. This could lead to incorrect passes when a DNS failure (other than a simple 'not found') occurred. This change ensures that any error from a reverse lookup will cause the FCrDNS check to fail.

The test suite for FCrDNS has been updated to reflect this change. The mock DNS lookups now simulate both 'not found' errors and other generic DNS errors. The test cases have been updated to ensure that the function behaves correctly in both scenarios, resolving a situation where two test cases were effectively duplicates.
diff --git a/internal/dns/dns.go b/internal/dns/dns.go
@@ -107,8 +107,11 @@ func (d *Dns) VerifyFCrDNS(addr string, pattern *string) bool {
 	}
 	slog.Debug("DNS: performing FCrDNS lookup", "addr", addr, "pattern", patternVal)
 
-	var names []string
-	if names, _ = d.ReverseDNS(addr); len(names) == 0 {
+	names, err := d.ReverseDNS(addr)
+	if err != nil {
+		return false
+	}
+	if len(names) == 0 {
 		return pattern == nil // If no pattern specified, check is passed
 	}
 
diff --git a/internal/dns/dns_test.go b/internal/dns/dns_test.go
@@ -30,6 +30,8 @@ func mockLookupAddr(addr string) ([]string, error) {
 		return []string{"resolver1.opendns.com."}, nil
 	case "9.9.9.9":
 		return nil, &net.DNSError{Err: "no such host", Name: "9.9.9.9", IsNotFound: true}
+	case "1.2.3.4":
+		return nil, errors.New("unknown error")
 	default:
 		return nil, &net.DNSError{Err: "no such host", Name: addr, IsNotFound: true}
 	}
@@ -250,13 +252,14 @@ func TestDns_VerifyFCrDNS(t *testing.T) {
 		// Cases without pattern
 		{"valid no pattern", "8.8.8.8", nil, true},
 		{"valid partial no pattern", "1.1.1.1", nil, true},
-		{"invalid no pattern", "9.9.9.9", nil, false},
-		{"reverse lookup fails no pattern", "1.2.3.4", nil, false},
+		{"not found no pattern", "9.9.9.9", nil, true},
+		{"unknown error no pattern", "1.2.3.4", nil, false},
 
 		// Cases with pattern
 		{"valid match", "8.8.8.8", p(`.*\.google$`), true},
 		{"valid no match", "8.8.8.8", p(`\.com$`), false},
-		{"reverse lookup fails with pattern", "9.9.9.9", p(".*"), false},
+		{"not found with pattern", "9.9.9.9", p(".*"), false},
+		{"unknown error with pattern", "1.2.3.4", p(".*"), false},
 		{"invalid pattern", "8.8.8.8", p(`[`), false},
 	}
 	for _, tt := range tests {

Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,11 @@ func (d Dns) VerifyFCrDNS(addr string, pattern string) bool {`
`107`	`107`	`}`
`108`	`108`	`slog.Debug("DNS: performing FCrDNS lookup", "addr", addr, "pattern", patternVal)`
`109`	`109`
`110`		`- var names []string`
`111`		`- if names, _ = d.ReverseDNS(addr); len(names) == 0 {`
	`110`	`+ names, err := d.ReverseDNS(addr)`
	`111`	`+ if err != nil {`
	`112`	`+ return false`
	`113`	`+ }`
	`114`	`+ if len(names) == 0 {`
`112`	`115`	`return pattern == nil // If no pattern specified, check is passed`
`113`	`116`	`}`
`114`	`117`