From 3a7a80f15f0180836077b4f63e504a659133adbb Mon Sep 17 00:00:00 2001
From: Eugene Bujak <hmage@hmage.net>
Date: Fri, 5 Oct 2018 07:31:56 +0300
Subject: [PATCH] coredns plugin -- fix SHOULD NOT HAPPEN spam when incoming
 request is for root servers

---
 coredns_plugin/coredns_plugin.go | 11 +++++++++--
 dnsfilter/dnsfilter.go           |  4 ++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/coredns_plugin/coredns_plugin.go b/coredns_plugin/coredns_plugin.go
index 0c321a4e..8af7601e 100644
--- a/coredns_plugin/coredns_plugin.go
+++ b/coredns_plugin/coredns_plugin.go
@@ -446,8 +446,15 @@ func (p *plug) serveDNSInternal(ctx context.Context, w dns.ResponseWriter, r *dn
 					return rcode, dnsfilter.Result{}, err
 				}
 				return rcode, result, err
+			case dnsfilter.FilteredInvalid:
+				// return NXdomain
+				rcode, err := p.writeNXdomain(ctx, w, r)
+				if err != nil {
+					return rcode, dnsfilter.Result{}, err
+				}
+				return rcode, result, err
 			default:
-				log.Printf("SHOULD NOT HAPPEN -- got unknown reason for filtering: %T %v %s", result.Reason, result.Reason, result.Reason.String())
+				log.Printf("SHOULD NOT HAPPEN -- got unknown reason for filtering host \"%s\": %v, %+v", host, result.Reason, result)
 			}
 		} else {
 			switch result.Reason {
@@ -457,7 +464,7 @@ func (p *plug) serveDNSInternal(ctx context.Context, w dns.ResponseWriter, r *dn
 			case dnsfilter.NotFilteredNotFound:
 				// do nothing, pass through to lower code
 			default:
-				log.Printf("SHOULD NOT HAPPEN -- got unknown reason for not filtering: %T %v %s", result.Reason, result.Reason, result.Reason.String())
+				log.Printf("SHOULD NOT HAPPEN -- got unknown reason for not filtering host \"%s\": %v, %+v", host, result.Reason, result)
 			}
 		}
 	}
diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index 41ca687e..3060b297 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -148,9 +148,9 @@ func (r Reason) Matched() bool {
 
 // CheckHost tries to match host against rules, then safebrowsing and parental if they are enabled
 func (d *Dnsfilter) CheckHost(host string) (Result, error) {
-	// sometimes DNS clients will try to resolve ".", which in turns transforms into "" when it reaches here
+	// sometimes DNS clients will try to resolve ".", which is a request to get root servers
 	if host == "" {
-		return Result{Reason: FilteredInvalid}, nil
+		return Result{Reason: NotFilteredNotFound}, nil
 	}
 	host = strings.ToLower(host)