From e85fbfc5dfe4f1f71f25926281d9a73eb612b998 Mon Sep 17 00:00:00 2001
From: Markus Wennrich <markus.wennrich@f-i-ts.de>
Date: Wed, 18 Feb 2026 12:12:02 +0100
Subject: [PATCH] fix: add rlock() for fqdnToEntry map

closes: https://github.com/metal-stack/firewall-controller/issues/210
---
 pkg/dns/dnscache.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/dns/dnscache.go b/pkg/dns/dnscache.go
index 4e922f0d..0747c97a 100644
--- a/pkg/dns/dnscache.go
+++ b/pkg/dns/dnscache.go
@@ -169,7 +169,9 @@ func newDNSCache(ctx context.Context, dns string, ipv4Enabled, ipv6Enabled bool,
 
 // writeStateToConfigmap writes the whole DNS cache to the state configmap
 func (c *DNSCache) writeStateToConfigmap() error {
+	c.RLock()
 	s, err := yaml.Marshal(c.fqdnToEntry)
+	c.RUnlock()
 	if err != nil {
 		return err
 	}
@@ -261,6 +263,8 @@ func (c *DNSCache) getSetsForFQDN(fqdn firewallv1.FQDNSelector) (result []firewa
 }
 
 func (c *DNSCache) getSetsForRendering(fqdns []firewallv1.FQDNSelector) (result []RenderIPSet) {
+	c.RLock()
+	defer c.RUnlock()
 	for n, e := range c.fqdnToEntry {
 		var matched bool
 		for _, fqdn := range fqdns {