By checking state.Do() were are checking if the request had DO, but
we are _always_ adding Do now - do we need to save the DO from the
ORIGINAL request, which must be done in the ResponseWriter.
Also skip OPT records in filterDNSSEC as we can't set the TTL on those
records, this prevents writing a number to OPT's MBZ.
Note none of the tests have changed and still PASS. This is due to
the fact that CoreDNSServerAndPorts isn't a full server as we start in
main, it lacks the scrubwriter for instance. This is not bad per se, but
should be documented in the test code.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/dnstap: various cleanups
A recent issue made me look into this plugin, I suspect various other
cleanups (hopefully deletion of code) can be made as well
Remove identical functions ToClientQuery etc, and just use tap.Message
as the base type in plugin. Keep msg/ for a few helper functions that
may proof useful.
This remove the whole test directory as we will just check the things we
are interested in which gives much better feedback and keeps that code
closer together.
tapwr dir is also not needed, writer_test.go was just duplicating the
tests already done. This moves writer.go to the top directory.
Make the only user of dnstap, the forward plugin, use the newer code
also remove the test, a better test there would be a full e2e test to
see the correct thing happens.
Cleanup the Tapper interface and move it to dnstapio where it belongs,
remove higher level interfaces that are not used. This remove
dnstap.Tapper and dnstap.IORoutines.
Use the standard mechanism for getting access to a plugin and remove
shuffling the plugin into the context.
Signed-off-by: Miek Gieben <miek@miek.nl>
* use opts to get the correct proto
Signed-off-by: Miek Gieben <miek@miek.nl>
* Various fixes
Signed-off-by: Miek Gieben <miek@miek.nl>
* Remove bad addr test, as dnstap is only called from within coredns where these fields have been preparsed
Signed-off-by: Miek Gieben <miek@miek.nl>
* dnstap: remove saving the error
all these fields have been preparsed, no need for dnstap to be pedantic
and check (and save!) this error again.
Simplifies it a bit more.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/forward/dnstap.go
Co-authored-by: Ruslan Drozhdzh <30860269+rdrozhdzh@users.noreply.github.com>
* Code review
Signed-off-by: Miek Gieben <miek@miek.nl>
* add back in preferUDP
Signed-off-by: Miek Gieben <miek@miek.nl>
* nit
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-authored-by: Ruslan Drozhdzh <30860269+rdrozhdzh@users.noreply.github.com>
* plugins/auto: allow fallthrough if no zone match
this is a solution to #3033
Signed-off-by: Macks <macksme@outlook.com>
* plugin/auto.go remove whitespace
Signed-off-by: Macks <macksme@outlook.com>
* Add proto and client-ip trace tags
Signed-off-by: Adam Malcontenti-Wilson <amalcontenti-wilson@zendesk.com>
* Commit my own suggestion
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-authored-by: Adam Malcontenti-Wilson <amalcontenti-wilson@zendesk.com>
The filtering of DNSSEC records in the cache plugin was not done
correctly. Also the change to introduced this bug didn't take into
account that the cache - by virtue of differentiating between DNSSEC and
no-DNSSEC - relied on not copying the data from the cache.
This change copies and then filters the data and factors the filtering
into a function that is used in two places (albeit with on ugly boolean
parameters to prevent copying things twice).
Add tests, do_test.go is moved to test/cache_test.go because the OPT
handing is done outside of the cache plugin. The core server re-attaches
the correct OPT when replying, so that makes for a better e2e test.
Added small unit test for filterRRslice and an explicit test that asks
for DNSSEC first and then plain, and vice versa to test cache behavior.
Fixes: #4146
Signed-off-by: Miek Gieben <miek@miek.nl>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
* cache: default to DNSSEC
This change does away with the DNS/DNSSEC distinction the cache
currently makes. Cache will always make coredns perform a DNSSEC query
and store that result. If a client just needs plain DNS, the DNSSEC
records are stripped from the response.
It should also be more memory efficient, because we store a reply once
and not one DNS and another for DNSSEC.
Fixes: #3836
Signed-off-by: Miek Gieben <miek@miek.nl>
* Change OPT RR when one is present in the msg.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Update plugin/cache/item.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Code review; fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update doc and set AD to false
Set Authenticated Data to false when DNSSEC was not wanted. Also update
the readme with the new behavior.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/trace: fix struct allignment
A 64 bit entity needs to be the first in a struct to make it work on 32
bit systems.
Fixes: #4111
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/erratic does makes the same mistake
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/forward: init ClientSessionCache in tls.Config
- ClientSessionCache may speed up a TLS handshake in upcoming connections
to the same TLS server
Signed-off-by: Ruslan Drozhdzh <rdrozhdzh@infoblox.com>
* add comment
Signed-off-by: Ruslan Drozhdzh <rdrozhdzh@infoblox.com>
* Enable debug globally if enabled in any server config
It was currently enabled only if the plugin debug
was enabled in the last server config of the Corefile.
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Add test and update debug's README
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Update README.md
Specify that serial must change for the zone file to be reloaded.
Signed-off-by: Grant Garrett-Grossman <grantlg2@illinois.edu>
* Update plugin/auto/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Grant Garrett-Grossman <grantlg2@illinois.edu>
Co-authored-by: Miek Gieben <miek@miek.nl>
* plugin/etcd: update documention
Make clear(er) how this plugin find records.
Fixes: #4048
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/etcd/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Update plugin/etcd/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Fix wildcard records issue in rout53 plugin
This PR tries to address 4035 where wild card records does not return
correctly in route53 plugin. The issue was that `strings.Index(s, substr string)`
expect substr to be a string but the code defines as char.
This PR fixes 4035.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Fix failed tests
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Improve gRPC Plugin when backend is not available
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
* Improve gRPC Plugin when backend is not available
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
* tweak language
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* tweak language
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* typo
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
we hc every 0.5s, doing exp backoff will create a large gap in the
ability to re-use an upstream. Doing a exp. backoff up to (say) 3s,
isn't really exp backoff either.
Remove the wording from the documentation.
Signed-off-by: Miek Gieben <miek@miek.nl>
* revert de-dup
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* unit test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use roundrobin policy in test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* handle deletion tombstones in default processor
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix terminating pod exclusion
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
