The filtering of DNSSEC records in the cache plugin was not done
correctly. Also the change to introduced this bug didn't take into
account that the cache - by virtue of differentiating between DNSSEC and
no-DNSSEC - relied on not copying the data from the cache.
This change copies and then filters the data and factors the filtering
into a function that is used in two places (albeit with on ugly boolean
parameters to prevent copying things twice).
Add tests, do_test.go is moved to test/cache_test.go because the OPT
handing is done outside of the cache plugin. The core server re-attaches
the correct OPT when replying, so that makes for a better e2e test.
Added small unit test for filterRRslice and an explicit test that asks
for DNSSEC first and then plain, and vice versa to test cache behavior.
Fixes: #4146
Signed-off-by: Miek Gieben <miek@miek.nl>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
* cache: default to DNSSEC
This change does away with the DNS/DNSSEC distinction the cache
currently makes. Cache will always make coredns perform a DNSSEC query
and store that result. If a client just needs plain DNS, the DNSSEC
records are stripped from the response.
It should also be more memory efficient, because we store a reply once
and not one DNS and another for DNSSEC.
Fixes: #3836
Signed-off-by: Miek Gieben <miek@miek.nl>
* Change OPT RR when one is present in the msg.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Update plugin/cache/item.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Code review; fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update doc and set AD to false
Set Authenticated Data to false when DNSSEC was not wanted. Also update
the readme with the new behavior.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/trace: fix struct allignment
A 64 bit entity needs to be the first in a struct to make it work on 32
bit systems.
Fixes: #4111
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/erratic does makes the same mistake
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/forward: init ClientSessionCache in tls.Config
- ClientSessionCache may speed up a TLS handshake in upcoming connections
to the same TLS server
Signed-off-by: Ruslan Drozhdzh <rdrozhdzh@infoblox.com>
* add comment
Signed-off-by: Ruslan Drozhdzh <rdrozhdzh@infoblox.com>
* Enable debug globally if enabled in any server config
It was currently enabled only if the plugin debug
was enabled in the last server config of the Corefile.
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Add test and update debug's README
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Update README.md
Specify that serial must change for the zone file to be reloaded.
Signed-off-by: Grant Garrett-Grossman <grantlg2@illinois.edu>
* Update plugin/auto/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Grant Garrett-Grossman <grantlg2@illinois.edu>
Co-authored-by: Miek Gieben <miek@miek.nl>
* plugin/etcd: update documention
Make clear(er) how this plugin find records.
Fixes: #4048
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/etcd/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Update plugin/etcd/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Fix wildcard records issue in rout53 plugin
This PR tries to address 4035 where wild card records does not return
correctly in route53 plugin. The issue was that `strings.Index(s, substr string)`
expect substr to be a string but the code defines as char.
This PR fixes 4035.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Fix failed tests
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Improve gRPC Plugin when backend is not available
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
* Improve gRPC Plugin when backend is not available
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>
* tweak language
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* tweak language
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* typo
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
we hc every 0.5s, doing exp backoff will create a large gap in the
ability to re-use an upstream. Doing a exp. backoff up to (say) 3s,
isn't really exp backoff either.
Remove the wording from the documentation.
Signed-off-by: Miek Gieben <miek@miek.nl>
* revert de-dup
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* unit test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use roundrobin policy in test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* handle deletion tombstones in default processor
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix terminating pod exclusion
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Addresses a bug in the file plugin where SOA queries to zone delegations are
inappropriately returned the SOA for the delegating zone, and not a downward
referral to the delegated zone.
Here is an example of what I believe the expected downward referral in response
to a SOA query for a delegated zone should be (note that no SOA record is
returned):
~~~
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @k.root-servers.net. miek.nl. SOA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58381
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 7
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;miek.nl. IN SOA
;; AUTHORITY SECTION:
nl. 172800 IN NS ns1.dns.nl.
nl. 172800 IN NS ns2.dns.nl.
nl. 172800 IN NS ns3.dns.nl.
;; ADDITIONAL SECTION:
ns1.dns.nl. 172800 IN A 194.0.28.53
ns2.dns.nl. 172800 IN A 194.146.106.42
ns3.dns.nl. 172800 IN A 194.0.25.24
ns1.dns.nl. 172800 IN AAAA 2001:678:2c:0:194:0:28:53
ns2.dns.nl. 172800 IN AAAA 2001:67c:1010:10::53
ns3.dns.nl. 172800 IN AAAA 2001:678:20::24
~~~
See #3852 for the original fix.
Modified clouddns/route53 and removed the faulty tests there.
Signed-off-by: Miek Gieben <miek@miek.nl>
* mention remote IP requirement for autopath and metadata
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove whitespace
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* prevent panic in podWithIP
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add unit test, correct existing unit test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* unit tests make more sense this way
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
