Commit graph

63 commits

Author SHA1 Message Date
Zhizhen He
5de473da1c
fix: remove unnecessary conversion (#6258)
Signed-off-by: Zhizhen He <hezhizhen.yi@gmail.com>
2023-08-14 15:14:09 +02:00
Ondřej Benkovský
8c489bd400
replace reviewdog fully by golangci-lint (#6139)
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
2023-06-09 18:08:23 +02:00
jeremiejig
13e66918e3
plugin/dnssec: on delegation, sign DS or NSEC of no DS. (#5899)
* When returning NS for delegation point, we sign any DS Record or if not
  found we generate a NSEC proving absence of DS. This follow behaviour
  describe in rfc4035 (Section 3.1.4)
* DS request at apex behave as before.
* Fix edge case of requesting NSEC which prove that NSEC does not exist.

Signed-off-by: Jeremiejig <me@jeremiejig.fr>
2023-04-22 22:32:01 +02:00
Ondřej Benkovský
c2dbb7141a
add golangci-lint linter (#5499) 2022-07-10 11:06:33 -07:00
Yong Tang
c6709d930f
Fix security scans by cleaning up file path (#5185)
While performing security scans there were several
issue raised as G304 (CWE-22): Potential file inclusion via variable.
As some files path are taken from user input, it is possible the
filepath passed by user may have unintended effect if not properly formed.
This fix add Clean to remove the security warning and address some
potential issue.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2022-02-14 11:24:21 -05:00
Zou Nengren
5191959bd7
cleanup deprecated package io/ioutil (#4920)
Signed-off-by: zounengren <zouyee1989@gmail.com>
2021-10-13 09:30:31 +02:00
Miek Gieben
5f41d8eb1f
reverse zone: fix Normalize (#4621)
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.

Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.

This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.

Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.

Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).

Remove MustNormalize as it has no plugin users.

This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.

All in-tree plugins have been updated.

Signed-off-by: Miek Gieben <miek@miek.nl>
2021-05-17 13:19:54 -07:00
Keith Coleman
184d5e5214
check for two days of remaining validity (#4606)
Signed-off-by: Keith C <keith@fraudmarc.com>
2021-05-14 10:49:16 +02:00
Keith Coleman
611500b7d4
plugin/dnssec: interface type correction for periodicClean sig validity check (#4608)
Signed-off-by: Keith C <keith@fraudmarc.com>
2021-05-06 10:33:16 +02:00
Miek Gieben
13cef2ee09
plugin/dnssec: use entire RRset as key input (#4537)
* plugin/dnssec: use entire RRset as key input

This uses the entire rrset as input for the hash key; this is to detect
differences in the RRset and generate the correct signature.

As this would then lead to unbounded growth, we periodically (every 8h)
prune the cache of old entries. In theory we could rely on the random
eviction, but it seems nicer to do this in a maintannce loop so that we
remove the unused ones. This required adding a Walk function to the
plugin/pkg/cache.

Signed-off-by: Miek Gieben <miek@miek.nl>

* Update plugin/dnssec/cache.go

Co-authored-by: Chris O'Haver <cohaver@infoblox.com>

Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2021-04-05 06:45:28 -07:00
Miek Gieben
296222d613
plugin/dnssec: Change hash key input (#4372)
Make this vastly simpler and more efficient. Adding all the bytes and
then letting loose fnv doesn't add anything and may actually do the
wrong thing.

See: #3953
Fixes: #3953

Signed-off-by: Miek Gieben <miek@miek.nl>
2021-01-10 08:30:00 +01:00
Miek Gieben
b003d06003
For caddy v1 in our org (#4018)
* For caddy v1 in our org

This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.

For the coredns/caddy repo the following changes have been made:

* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release

Signed-off-by: Miek Gieben <miek@miek.nl>

* Fix imports

Signed-off-by: Miek Gieben <miek@miek.nl>

* Group coredns/caddy with out plugins

Signed-off-by: Miek Gieben <miek@miek.nl>

* remove this file

Signed-off-by: Miek Gieben <miek@miek.nl>

* Relax import ordering

github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.

Signed-off-by: Miek Gieben <miek@miek.nl>

* Fix final import

Signed-off-by: Miek Gieben <miek@miek.nl>
2020-09-24 18:14:41 +02:00
Hu Shuai
e233f59ee8
Fix some typos in comments. (#4100)
Signed-off-by: Hu Shuai <hus.fnst@cn.fujitsu.com>
2020-09-01 09:10:45 +02:00
Zou Nengren
4166dcc2fe
using promauto package to ensure all created metrics are properly registered (#4025)
Signed-off-by: zounengren <zounengren@cmss.chinamobile.com>
2020-07-25 08:06:28 -07:00
Zou Nengren
87214a4c5c
introduce metric naming test (#3789)
* introduce metric naming test

Signed-off-by: zounengren <zounengren@cmss.chinamobile.com>

* Update metrics.go

Signed-off-by: zounengren <zounengren@cmss.chinamobile.com>
2020-03-31 08:07:36 +02:00
Miek Gieben
995179a6c6
presubmit: check import path ordering (#3636)
Add a test for this as well as it's annoying to point out in every code
review.
Fix all the import paths that are flagged by this new test.

Fixes: #3634

Signed-off-by: Miek Gieben <miek@miek.nl>
2020-01-30 09:19:26 +00:00
Miek Gieben
24176a97e6
Move to CODEOWNERS (#3489)
* Move to CODEOWNERS

No change in who own what; just a move to CODEOWNERS. This allows
dreck cleanups.

Added .dreck.yaml for alias and exec.

Fixes: #3486

Signed-off-by: Miek Gieben <miek@miek.nl>

* stickler bot

Signed-off-by: Miek Gieben <miek@miek.nl>

* sort the file

Signed-off-by: Miek Gieben <miek@miek.nl>
2019-11-29 13:17:05 +00:00
Euan Kemp
431c70e8b9 Correct some if/iff mixups (#3406)
This is a fixup for https://github.com/coredns/coredns/pull/3310 which
replaced some 'iff's with 'if' under the assumption they were typos.

I'm fairly confident they were "If and only if"
(https://en.wikipedia.org/wiki/If_and_only_if), which is commonly
shortened as "iff".

I've updated them to the full length 'if, and only if' for the sake of
readability.

Signed-off-by: Euan Kemp <euan@ngrok.com>
2019-10-29 09:38:56 -04:00
Sean Liao
9ccc736f68 plugin/dnssec, plugin/sign: ed25519 support (#3380)
* add ed25519 dnskey support

Signed-off-by: Sean Liao <seankhliao@gmail.com>

* fix ed25519 type assertion

Signed-off-by: Sean Liao <seankhliao@gmail.com>

* clean up whitespace

Signed-off-by: Sean Liao <seankhliao@gmail.com>
2019-10-16 07:32:11 +01:00
Miek Gieben
65458b2de2
Directive -> plugin (#3363)
Caught my eye, we name things directive still, esp when talking about
the prometheus *plugin*. Rename everything that needs to be plugin to
'plugin'. Also make sure Metrics is a H2 section (not H1).

Signed-off-by: Miek Gieben <miek@miek.nl>
2019-10-08 10:20:48 +01:00
Miek Gieben
dbd1c047cb
Run gostaticheck (#3325)
* Run gostaticheck

Run gostaticcheck on the codebase and fix almost all flagged items.

Only keep

* coremain/run.go:192:2: var appVersion is unused (U1000)
* plugin/chaos/setup.go:54:3: the surrounding loop is unconditionally terminated (SA4004)
* plugin/etcd/setup.go:103:3: the surrounding loop is unconditionally terminated (SA4004)
* plugin/pkg/replacer/replacer.go:274:13: argument should be pointer-like to avoid allocations (SA6002)
* plugin/route53/setup.go:124:28: session.New is deprecated: Use NewSession functions to create sessions instead. NewSession has the same functionality as New except an error can be returned when the func is called instead of waiting to receive an error until a request is made.  (SA1019)
* test/grpc_test.go:25:69: grpc.WithTimeout is deprecated: use DialContext and context.WithTimeout instead.  Will be supported throughout 1.x.  (SA1019)

The first one isn't true, as this is set via ldflags. The rest is
minor. The deprecation should be fixed at some point; I'll file some
issues.

Signed-off-by: Miek Gieben <miek@miek.nl>

* Make sure to plug in the plugins

import the plugins, that file that did this was removed, put it in the
reload test as this requires an almost complete coredns server.

Signed-off-by: Miek Gieben <miek@miek.nl>
2019-10-01 07:41:29 +01:00
xieyanker
9a5e4fa1a0 fix mis-spelling (#3310)
Signed-off-by: xieyanker <xjsisnice@gmail.com>
2019-09-26 13:19:45 +01:00
li mengyang
50bac4d3c3 fix: delete unused var and const (#3294)
Signed-off-by: hwdef <hwdef97@gmail.com>
2019-09-24 07:06:37 +01:00
Miek Gieben
004c5fca9d
all: simply registering plugins (#3287)
Abstract the caddy call and make it simpler.

See #3261 for some part of the discussion.

Go from:

~~~ go
func init() {
       caddy.RegisterPlugin("any", caddy.Plugin{
               ServerType: "dns",
               Action:     setup,
       })
}
~~~

To:

~~~ go
func init() { plugin.Register("any", setup) }
~~~

This requires some external documents in coredns.io to be updated as
well; the old way still works, so it's backwards compatible.

Signed-off-by: Miek Gieben <miek@miek.nl>
2019-09-20 08:02:30 +01:00
Cricket Liu
b156e0440f Making dnssec's README consistent with other plugins' READMEs (#3252) 2019-09-08 08:26:06 +01:00
Yong Tang
f8bba51f84
Update Caddy to 1.0.1, and update import path (#2961)
* Update Caddy to 1.0.1, and update import path

This fix updates caddy to 1.0.1 and also
updates the import path to github.com/caddyserver/caddy

This fix fixes 2959

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

* Also update plugin.cfg

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

* Update and bump zplugin.go

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2019-07-03 09:04:47 +08:00
DO ANH TUAN
1fe66443a7 Remove unused test case (#2562) 2019-02-17 08:31:58 +00:00
Nguyen Quang Huy
8d09cb243f Fix some typos (#2560)
* Fix some typos

Corect some words for reading more easily

* Update NOERROR response code

NOERROR is a response code so I revert the typo checking for it
2019-02-17 08:31:12 +00:00
Miek Gieben
725becd134
Stop importing testing in the main binary (#2479)
* Stop importing testing in the main binary

Stop importing "testing" into the main binary:

* test/helpers.go imported it; remote that and change function signature
* update all tests that use this

Signed-off-by: Miek Gieben <miek@miek.nl>

* Drop import testing from metrics plugin

Signed-off-by: Miek Gieben <miek@miek.nl>

* more fiddling

Signed-off-by: Miek Gieben <miek@miek.nl>
2019-01-19 11:23:13 +00:00
Miek Gieben
fc667b98e0
Fix EDNS0 compliance (#2357)
* Fix EDNS0 compliance

Do SizeAndDo in the server (ScrubWriter) and remove all uses of this
from the plugins. Also *always* do it. This is to get into compliance
for https://dnsflagday.net/.

The pkg/edns0 now exports the EDNS0 options we understand; this is
exported to allow plugins add things there. The *rewrite* plugin used
this to add custom EDNS0 option codes that the server needs to
understand.

This also needs a new release of miekg/dns because it triggered a
race-condition that was basicly there forever.

See:
* https://github.com/miekg/dns/issues/857
* https://github.com/miekg/dns/pull/859

Running a test instance and pointing the https://ednscomp.isc.org/ednscomp
to it shows the tests are now fixed:

~~~
EDNS Compliance Tester
Checking: 'miek.nl' as at 2018-12-01T17:53:15Z

miek.nl. @147.75.204.203 (drone.coredns.io.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok
miek.nl. @2604:1380:2002:a000::1 (drone.coredns.io.): dns=ok edns=ok edns1=ok edns@512=ok ednsopt=ok edns1opt=ok do=ok ednsflags=ok docookie=ok edns512tcp=ok optlist=ok

All Ok
Codes
ok - test passed.
~~~

Signed-off-by: Miek Gieben <miek@miek.nl>

Signed-off-by: Miek Gieben <miek@miek.nl>

* typos in comments

Signed-off-by: Miek Gieben <miek@miek.nl>
2018-12-06 21:18:11 +00:00
Sandeep Rajan
c3d69bec31 fix formatting (#2302) 2018-11-13 16:46:48 -05:00
Manuel Stocker
4b1b0ec9e6 Use filepath when manipulating file paths (#2221)
Automatically submitted.
2018-10-21 13:59:37 +00:00
Manuel Stocker
cf04223718 plugin/dnssec: Add support for KSK/ZSK split key setups (#2196)
* plugin/dnssec: Add support for KSK/ZSK split key setups

* plugin/dnssec: Update README to document split ZSK/KSK operation
2018-10-20 16:35:59 +01:00
Manuel Stocker
3cef6674e9 plugin/dnssec: Add root support (#2195) 2018-10-13 18:49:55 +01:00
Francois Tur
f9bdd382dd Ensure Re-register of metrics variables after a reload (#2080)
* - ensure plugins that use prometheus.MustRegister, re-register after reload
- removing once.Do on the startup function was simplest way to do it.

* - fix underscored names (advice of bot)

* - tune existing UT for reload, and add a test verifying failing reload does not prevent correct registering for metrics

* - ensure different ports for tests that can run in same time ..
2018-09-19 02:11:24 -07:00
Francois Tur
4c6c9d4b27 Move cache Keys to 64bit for a better dispersion and lower collision frequency (#2077)
* - change Key for cache to 64bits.

* - change Key for cache to 64bits.
2018-08-31 14:26:43 -07:00
Miek Gieben
ba1efee4f1
Default to scrubbing replies in the server (#2012)
Every plugin needs to deal with EDNS0 and should call Scrub to make a
message fit the client's buffer. Move this functionality into the server
and wrapping the ResponseWriter into a ScrubWriter that handles these
bits for us. Result:

Less code and faster, because multiple chained plugins could all be
calling scrub and SizeAndDo - now there is just one place.

Most tests in file/* and dnssec/* needed adjusting because in those unit
tests you don't see OPT RRs anymore. The DNSSEC signer was also looking
at the returned OPT RR to see if it needed to sign - as those are now
added by the server (and thus later), this needed to change slightly.

Scrub itself still exist (for backward compat reasons), but has been
made a noop. Scrub has been renamed to scrub as it should not be used by
external plugins.

Fixes: #2010

Signed-off-by: Miek Gieben <miek@miek.nl>
2018-08-29 12:26:22 +01:00
Miek Gieben
f3134da45e
Clean up tests logging (#1979)
* Clean up tests logging

This cleans up the travis logs so you can see the failures better.

Older tests in tests/ would call log.SetOutput(ioutil.Discard) in
a haphazard way. This add log.Discard and put an `init` function in each
package's dir (no way to do this globally). The cleanup in tests/ is
clear.

All plugins also got this init function to have some uniformity and kill
any (future) logging there in the tests as well.

There is a one-off in pkg/healthcheck because that does log.

Signed-off-by: Miek Gieben <miek@miek.nl>

* bring back original log_test.go

Signed-off-by: Miek Gieben <miek@miek.nl>

* suppress logging here as well

Signed-off-by: Miek Gieben <miek@miek.nl>
2018-07-19 16:23:06 +01:00
Miek Gieben
22c0b30d5f presubmit: Check errorf as well (#1845)
Uppercase all these test errors as well. And extend the presubmit to
check for these in the future. Also do a slightly smarter grep to only
get t.<something>. as (because dump regexp) this also grep over non test
files.
2018-06-02 11:48:39 -07:00
Miek Gieben
643550eabe presubmit: check for uppercase (#1774)
Another thing we can test automatically, we sorta settled on using an
uppercase letter in in t.Log and t.Fatal calls.

Let's just check for this.
2018-05-07 23:47:25 +02:00
Miek Gieben
85f549b529
plugin/dnssec: add per server metrics (#1743)
* plugin/dnssec: add per server metrics

final plugin.

Fixes #1696 #1492 #1189

* Move cache cap into handler so we can access the server label

* Remove cache-capacity from it entirely
2018-04-27 19:37:31 +01:00
Miek Gieben
12b2ff9740
Use logging (#1718)
* update docs

* plugins: use plugin specific logging

Hooking up pkg/log also changed NewWithPlugin to just take a string
instead of a plugin.Handler as that is more flexible and for instance
the Root "plugin" doesn't implement it fully.

Same logging from the reload plugin:

.:1043
2018/04/22 08:56:37 [INFO] CoreDNS-1.1.1
2018/04/22 08:56:37 [INFO] linux/amd64, go1.10.1,
CoreDNS-1.1.1
linux/amd64, go1.10.1,
2018/04/22 08:56:37 [INFO] plugin/reload: Running configuration MD5 = ec4c9c55cd19759ea1c46b8c45742b06
2018/04/22 08:56:54 [INFO] Reloading
2018/04/22 08:56:54 [INFO] plugin/reload: Running configuration MD5 = 9e2bfdd85bdc9cceb740ba9c80f34c1a
2018/04/22 08:56:54 [INFO] Reloading complete

* update docs

* better doc
2018-04-22 21:40:33 +01:00
Miek Gieben
0930eb8beb
all: fix plugin import ordering (#1717)
Got a bit messed up with stb lib "context" usage.
2018-04-22 08:34:35 +01:00
Miek Gieben
8722336fff
global: move to context (#1699)
* global: move to context

Move from golang.org/x/net/context to std lib's context.

Change done with:

for i in $(grep -l '/context' **/*.go); do sed -e 's|golang.org/x/net/context|context|' -i $i; echo $i; done
for i in **/*.go; do goimports -w $i; done

* drop from dns.pb.go as well
2018-04-20 11:01:06 +01:00
Miek Gieben
26d1432ae6
Update all plugins to use plugin/pkg/log (#1694)
* Update all plugins to use plugin/pkg/log

I wish this could have been done with sed. Alas manually changed all
callers to use the new plugin/pkg/log package.

* Error -> Info

* Add docs to debug plugin as well
2018-04-19 07:41:56 +01:00
Miek Gieben
2338120f5b
plugin/metrics: add MustRegister function (#1648)
This registers the Collectors iff the metrics plugin has been loaded.
Safes a bunch of code in each and every plugin's setup code.
2018-04-01 13:58:13 +01:00
Miek Gieben
27f58d8dc6
logging: Don't use PrintF when not needed (#1599)
These log print don't have any verbs, so just use plain Print
2018-03-09 20:42:27 +00:00
Miek Gieben
f697b33283
return an error for multiple use of some plugins (#1559)
* plugins: Return error for multiple use of some

Return plugin.ErrOnce when a plugin that doesn't support it, is called
mutliple times.

This now adds it for: cache, dnssec, errors, forward, hosts, nsid.
And changes it slightly in kubernetes, pprof, reload, root.

* more tests
2018-02-28 18:16:05 -08:00
Miek Gieben
fd7abd9849
Add OWNERS file (#1486)
This should have everyone, but the process was quite manual. The rename
from middleware -> plugin also meant I had to do some extra digging on
who actually submitted the PR. I also double checked the current list of
people with commit access.

Every plugin now has an OWNERS, except *reverse*. I'll file a bug for
that.
2018-02-08 10:55:51 +00:00
Miek Gieben
cb3190bab1
plugin/dnssec: fix blacklies for NXDOMAIN (#1399)
* plugin/dnssec: filter bitmap also for NXDOMAIN responses

We change nxdomain to nodata, so at the point when we receive the
reply it can be nxdomain or nodata. In both cases we should filter the
nsec bitmap.

Change the code and add explicit tests for this.

* More tests
2018-01-18 13:07:23 +00:00