* plugin/header: run go gen and small doc updates
Run go gen to enable the new plugin, this should fix the CI failures.
Small tweaks to the docs.
Signed-off-by: Miek Gieben <miek@miek.nl>
* another typo
Signed-off-by: Miek Gieben <miek@miek.nl>
* gofmt
Signed-off-by: Miek Gieben <miek@miek.nl>
* Create geoip plugin
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update plugin/geoip/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update plugin/geoip/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update plugin/geoip/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Move DBFILE bullet below example
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update plugin/geoip/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Remove plugin name test case
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Remove languages option
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update free database link
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Remove last language bits
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Use 127.0.0.1 as probing IP
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update plugin/geoip/geoip.go
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Update plugin/geoip/geoip.go
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Use relative path for fixtures dir
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Set names with default string zero value
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Remove unused db types
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Remove non city databases in testdata
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Remove create databases main
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Fix metadata label format test case
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Fix import path block
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* go fmt after changes
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Tidy up go.mod and go.sum
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
* Add plugin to CODEOWNERS
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
Co-authored-by: Miek Gieben <miek@miek.nl>
* when no response is written, fallback to status of next plugin in prometheus plugin
Signed-off-by: Ondrej Benkovsky <ondrej.benkovsky@wandera.com>
* fixup! when no response is written, fallback to status of next plugin in prometheus plugin
Signed-off-by: Ondrej Benkovsky <ondrej.benkovsky@wandera.com>
* unset AD bit when client DO is 0
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add flag check to existing tests
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix ipv6 case for cidr.Class
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add check and test case for invalid ipv6 cidr
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* net package is bad at detecting ipv6/ipv4
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* rename Class -> Split
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
The health endpoint histogram has a large amount of cardinality for a
simple endpoint. Introduce a new "Slim" set of buckets for `/health` to
reduce the metrics load on large deployments. Especially those that have
per-node DNS caching services.
Add a metric to count internal health check failures rather than use the
timeout value as side effect monitor of the check error. This avoids
incorrectly recording the timeout value if there is an error that is not
a timeout (ex. refused)
Signed-off-by: SuperQ <superq@gmail.com>
* deprecate normalize and mustnormalize
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add runtime warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* elaborate runtime warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* include caller info
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* trap unsupported FROM cidr notations
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* make is a warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
This was found by fuzzing.
We need to make this a fully qualified domain name to catch all errors
in dnsserver/register.go and not later when plugin.Normalize() is called again on these
strings, with the prime difference being that the domain name is fully
qualified. This was found by fuzzing where "ȶ" is deemed OK, but "ȶ." is
not (might be a bug in miekg/dns actually). But here we were checking ȶ,
which is OK, and later we barf in ȶ. leading to "index out of range".
Added a tests and check manually if it would crash with the current code
(yes), and fail with an error in this PR (yes).
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/file: Fix in wrong answers returned when wildcard and concrete records exist
Signed-off-by: Jason Du <xdu@infoblox.com>
* Remove superfluous change
Signed-off-by: Jason Du <xdu@infoblox.com>
* Re-implementation and new test case
If the domain's terminal is neither the matching wildcard, nor a domian directly
under the wildcard, return NXDOMAIN
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix empty non-terminal & add test case
Signed-off-by: Jason Du <xdu@infoblox.com>
* Cleanup
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix case on domain name with character before * and add more test cases
Signed-off-by: Jason Du <xdu@infoblox.com>
* Use different IPs for records in cornerCasesWildcard zone file
Signed-off-by: Jason Du <xdu@infoblox.com>
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
* support v1 and v1beta1 endpointslice
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* update comments
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix SOA response for non-apex queries
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* handle mixed case
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* do full string compare
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/rewrite: streamline the ResponseRule handling.
The functionality of a response rule is now completely encapsulated behind
a `ResponseRule` interface. This significantly simplifies the complete
processing flow, it enables more flexible response handling and it is possible
to eliminate lots of state flags, ifs and switches.
Based on the new flexibility the pull request also enables to support a
response name rewrite for all name rewrite types.
To be compatible, an explicit `answer auto` option is added to support
a best effort response rewrite (name and value).
Additionally now all name rewrite rules support additional name and value
reponse rewrite options.
Using this feature it is also possible now to rewrite a complete sub domain
hierarchy to a single domain name combined with a correct rewrite (#2389).
Signed-off-by: Uwe Krueger <uwe.krueger@sap.com>
* revert policy
Signed-off-by: Uwe Krueger <uwe.krueger@sap.com>
Co-authored-by: Miek Gieben <miek@miek.nl>
* plugin/dnssec: use entire RRset as key input
This uses the entire rrset as input for the hash key; this is to detect
differences in the RRset and generate the correct signature.
As this would then lead to unbounded growth, we periodically (every 8h)
prune the cache of old entries. In theory we could rely on the random
eviction, but it seems nicer to do this in a maintannce loop so that we
remove the unused ones. This required adding a Walk function to the
plugin/pkg/cache.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/dnssec/cache.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
