This PR adds limit to ioutil.ReadAll for DoH request body
so that it will not be subject to large requests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
PR 2938 hardens tls though there are other places that uses TLS
as well and setTLSDefaults are not invoked in other paths.
This PR hardens tls on all places.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
While performing security scans there were several
issue raised as G304 (CWE-22): Potential file inclusion via variable.
As some files path are taken from user input, it is possible the
filepath passed by user may have unintended effect if not properly formed.
This fix add Clean to remove the security warning and address some
potential issue.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* upstream lookups are done with original EDNS options
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
* fixup! upstream lookups are done with original EDNS options
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
* fix ipv6 case for cidr.Class
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add check and test case for invalid ipv6 cidr
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* net package is bad at detecting ipv6/ipv4
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* rename Class -> Split
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* deprecate normalize and mustnormalize
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add runtime warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* elaborate runtime warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* include caller info
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/dnssec: use entire RRset as key input
This uses the entire rrset as input for the hash key; this is to detect
differences in the RRset and generate the correct signature.
As this would then lead to unbounded growth, we periodically (every 8h)
prune the cache of old entries. In theory we could rely on the random
eviction, but it seems nicer to do this in a maintannce loop so that we
remove the unused ones. This required adding a Walk function to the
plugin/pkg/cache.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/dnssec/cache.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
To combat label cardinality explosions remove the type from metrics.
This was most severe in the histogram for request duration, remove it
there.
It's also highlighted difference between grpc and forward code, where
forward did use type and grpc didn't; getting rid of all that "fixes"
that discrepancy
Move monitor.go back into the vars directory and make it private again.
Also name it slightly better
Fixes: #4507
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/forward Add rcode and rtype to request_duration_seconds metric
Signed-off-by: Maxime Ginters <maxime.ginters@shopify.com>
* Control the cardinality of query type
Signed-off-by: Maxime Ginters <maxime.ginters@shopify.com>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
* revert de-dup
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* unit test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use roundrobin policy in test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* parse.HostPortorFile: return error when 0 found
Return an error when we haven't found any nameservers. This is the
alternative considered in #3735. It's also slighly less code to be
changing.
Replaces: #3741Closes: #3741#3735
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add extra test case here as well
Signed-off-by: Miek Gieben <miek@miek.nl>
Currently, when we access github.com with HTTP, it is redirected to HTTPS automatically. So this commit aims to replace http://github.com by https://github.com for security.
Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>
* plugin/pkg/up: make default intervals shorter
I think 15 min is too high, make this lower to react faster.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update README
Signed-off-by: Miek Gieben <miek@miek.nl>
Move exponential backoff initialization to Start()
Signed-off-by: RickyRajinder <singh.sangh@gmail.com>
Move comment
Increase max interval and update README
Remove trailing whitespace
Change Start() param name back to interval
Add a test for this as well as it's annoying to point out in every code
review.
Fix all the import paths that are flagged by this new test.
Fixes: #3634
Signed-off-by: Miek Gieben <miek@miek.nl>
1. The HostPortOrFile tests don't have any IPv6 tests. This adds some.
2. The HostPortOrFile breaks if any of the addresses have IPv6 zone
defined. ParseIP does not handle %zone anymore.
Signed-off-by: Brad P. Crochet <brad@redhat.com>
* create pkg/reuseport
Move the core server listening functions to a new package so plugins can
use them.
Also make *all* servers use the functions here; as only the udp/tcp
listeners where using SO_REUSEPORT (if available). This is the only
actual change in this PR; in it's core it's just a move of 2 files.
This can also be used to cleanup the dance we're doing now for
re-acquiring the sockets in e.g. the metrics plugins and the ready
plugin.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Also push a small doc update
Signed-off-by: Miek Gieben <miek@miek.nl>
When reloading we need to disable debug output when the debug plugin is
removed from the config file. Add a `Clear` function to pkg/log and use
it in the server server.
Add test case in pkg/log, for actuall check I manually checked the
output by sprinkling some debug statements in the startup and checking
with sending SIGUSR1.
Also clear up the comments in pkg/log to remove the text about time
stamping.
Fixes: #3035
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make request.Request smaller
This makes the request struct smaller and removes the pointer to the do
boolean (tri-bool) as size == 0 will indicate if we have cached it.
Family can be a int8 because it only carries 3 values, Size itself is
just a uint16 under the covers.
This is a more comprehensive fix than #3292Closes#3292
Signed-off-by: Miek Gieben <miek@miek.nl>
* cache: fix test
this now needs a valid response writter
Signed-off-by: Miek Gieben <miek@miek.nl>
journald timestamps, kubernetes timestamps, syslog timestamps. It seems
silly to add our own timestamps to the logging output as these external
ones *also* do it. Only when just running coredns this might be weird.
Remove the timestamping from pkg/log.
Remove test that tested for this.
Fixes: #3211
Signed-off-by: Miek Gieben <miek@miek.nl>
This can't be used in its current form; revert the entire PR.
Revert "fuzzing: allow setup function to be called (#3175)"
This reverts commit 62451fd3eb.
