-p is the default flag in DNS software for setting the port, we use
'dns.port' because of preventing clashes with other caddy software
users. This is no longer an issue, so we can do what we want here.
Add -p to works like -dns.port.
(this PR includes generated manpage, but that shouldn't matter too much)
Signed-off-by: Miek Gieben <miek@miek.nl>
This was found by fuzzing.
We need to make this a fully qualified domain name to catch all errors
in dnsserver/register.go and not later when plugin.Normalize() is called again on these
strings, with the prime difference being that the domain name is fully
qualified. This was found by fuzzing where "ȶ" is deemed OK, but "ȶ." is
not (might be a bug in miekg/dns actually). But here we were checking ȶ,
which is OK, and later we barf in ȶ. leading to "index out of range".
Added a tests and check manually if it would crash with the current code
(yes), and fail with an error in this PR (yes).
Signed-off-by: Miek Gieben <miek@miek.nl>
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
* core: fix v4 non-octet reverse zones
This fixes the reverse zones handling. Add expanstion of the reverse
notation to all octet boundary subnets and add those to the config - just as if
they were directly typed in the config.
This takes inspiration from #4501, but that (even with DCO!!) seems to
be just using https://github.com/apparentlymart/go-cidr/ so use that
instead - I think a minor function is still needed that one is copied
from #4501.
Also sort the zones we are listing on startup - caught in this PR
because of the expanded zones being not listed next to each other.
This also removes the need for FilterFunc from the config, so this is
now gone as well, making the whole thing slightly more efficient.
Add couple of reverse unit tests and a e2e test that queries for the
correct (and incorrect) reverse zones and checks the reply.
Closes: #4501Fixes: #2779
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add more test cases
Add test from origin bug report: #2779
Signed-off-by: Miek Gieben <miek@miek.nl>
* Rebase and fix conflicts
Signed-off-by: Miek Gieben <miek@miek.nl>
without TLS you can't have a functioning DoH server as no client will be
able to talk to it. Make this a fatal failure.
Add some extra docs on how to start a DoH capable server.
Signed-off-by: Miek Gieben <miek@miek.nl>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
* Enable debug globally if enabled in any server config
It was currently enabled only if the plugin debug
was enabled in the last server config of the Corefile.
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Add test and update debug's README
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Add dns64 plugin
Add external plugin to core in-tree.
* Pull code from upstream: https://github.com/serverwentdown/dns64
* Update docs.
Signed-off-by: Ben Kochie <superq@gmail.com>
* Make dns64 consistent.
Signed-off-by: Ben Kochie <superq@gmail.com>
* Cleanup README
Signed-off-by: Ben Kochie <superq@gmail.com>
* Cleanup minor issues.
Signed-off-by: Ben Kochie <superq@gmail.com>
* Remove proxy method.
Signed-off-by: Ben Kochie <superq@gmail.com>
* dns64: big cleanup
* Make the code a bit more idiomatic
* Add tests
* use proper Upstream API
Signed-off-by: Casey Callendrello <c1@caseyc.net>
Signed-off-by: Ben Kochie <superq@gmail.com>
* A little more clenaup
* Fix some docs.
* Use the correct plugin register method.
* Cleanup some review items.
Signed-off-by: Ben Kochie <superq@gmail.com>
* Add metrics counter for DNS64 translations
Add a basic counter of how many DNS64 translations have been completed.
Signed-off-by: Ben Kochie <superq@gmail.com>
* Add DNSSEC bug link
Signed-off-by: Ben Kochie <superq@gmail.com>
* Test cleanup
Signed-off-by: Ben Kochie <superq@gmail.com>
* dns64: more test cleanup
Signed-off-by: Casey Callendrello <c1@caseyc.net>
Co-authored-by: Casey Callendrello <c1@caseyc.net>
* create pkg/reuseport
Move the core server listening functions to a new package so plugins can
use them.
Also make *all* servers use the functions here; as only the udp/tcp
listeners where using SO_REUSEPORT (if available). This is the only
actual change in this PR; in it's core it's just a move of 2 files.
This can also be used to cleanup the dance we're doing now for
re-acquiring the sockets in e.g. the metrics plugins and the ready
plugin.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Also push a small doc update
Signed-off-by: Miek Gieben <miek@miek.nl>
When reloading we need to disable debug output when the debug plugin is
removed from the config file. Add a `Clear` function to pkg/log and use
it in the server server.
Add test case in pkg/log, for actuall check I manually checked the
output by sprinkling some debug statements in the startup and checking
with sending SIGUSR1.
Also clear up the comments in pkg/log to remove the text about time
stamping.
Fixes: #3035
Signed-off-by: Miek Gieben <miek@miek.nl>
When there is no Corefile found we load the default. Add the log plugin
to it, so you can see queries actually landing in CoreDNS.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add plugin ACL for source ip filtering
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Allow all arguments to be optional and support multiple qtypes in a single policy
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Add newline before third party imports
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Use camel instead of underscore in method name
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Start with an upper case letter in t.Errorf()
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Use the qtype parse logic in miekg/dns
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Use third party trie implementation as the ip filter
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Update based on rdrozhdzh's comment
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Change the type of action to int
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Add IPv6 support
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Update plugin.cfg
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Remove file functionality
Signed-off-by: An Xiao <hac@zju.edu.cn>
* Update
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Update README
Signed-off-by: Xiao An <hac@zju.edu.cn>
* remove comments
Signed-off-by: Xiao An <hac@zju.edu.cn>
* update
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Update dependency
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Update
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Update test
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Add OWNERS
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Refactor shouldBlock and skip useless check
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Introduce ActionNone
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Update label name
Signed-off-by: Xiao An <hac@zju.edu.cn>
* Avoid capitalizing private types
Signed-off-by: Xiao An <hac@zju.edu.cn>
* plugin/sign: a plugin that signs zones
Sign is a plugin that signs zone data (on disk). The README.md details
what exactly happens to should be accurate related to the code.
Signs are signed with a CSK, resigning and first time signing is all
handled by *sign* plugin.
Logging with a test zone looks something like this:
~~~ txt
[INFO] plugin/sign: Signing "miek.nl." because open plugin/sign/testdata/db.miek.nl.signed: no such file or directory
[INFO] plugin/sign: Signed "miek.nl." with key tags "59725" in 11.670985ms, saved in "plugin/sign/testdata/db.miek.nl.signed". Next: 2019-07-20T15:49:06.560Z
[INFO] plugin/file: Successfully reloaded zone "miek.nl." in "plugin/sign/testdata/db.miek.nl.signed" with serial 1563636548
[INFO] plugin/sign: Signing "miek.nl." because resign was: 10m0s ago
[INFO] plugin/sign: Signed "miek.nl." with key tags "59725" in 2.055895ms, saved in "plugin/sign/testdata/db.miek.nl.signed". Next: 2019-07-20T16:09:06.560Z
[INFO] plugin/file: Successfully reloaded zone "miek.nl." in "plugin/sign/testdata/db.miek.nl.signed" with serial 1563637748
~~~
Signed-off-by: Miek Gieben <miek@miek.nl>
* Adjust readme and remove timestamps
Signed-off-by: Miek Gieben <miek@miek.nl>
* Comment on the newline
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/sign/README.md
Co-Authored-By: Michael Grosser <development@stp-ip.net>
* Add plugin for Azure DNS
Signed-off-by: darshanime <deathbullet@gmail.com>
* Rename AzureDNS plugin to Azure
Signed-off-by: darshanime <deathbullet@gmail.com>
* remove upstream from azure syntax
Signed-off-by: darshanime <deathbullet@gmail.com>
* Rename azure plugin block keynames
Signed-off-by: darshanime <deathbullet@gmail.com>
* Normalize zone name before lookup in zones
Signed-off-by: darshanime <deathbullet@gmail.com>
* Update import path for caddy
Signed-off-by: darshanime <deathbullet@gmail.com>
* normalize azure zone name only if required
Signed-off-by: darshanime <deathbullet@gmail.com>
* Add support for MX, SRV, TXT, records
Signed-off-by: darshanime <deathbullet@gmail.com>
* Add specs for new record types
Signed-off-by: darshanime <deathbullet@gmail.com>
* Use sequential updates for zones
Signed-off-by: darshanime <deathbullet@gmail.com>
* Add OWNERS file for azure plugin
Signed-off-by: darshanime <deathbullet@gmail.com>
* Rename imports for third party packages
Signed-off-by: darshanime <deathbullet@gmail.com>
* Capitalize values in README
Signed-off-by: darshanime <deathbullet@gmail.com>
* Shorten keys for azure plugin config
Signed-off-by: darshanime <deathbullet@gmail.com>
* Fixup readme for azure plugin
Signed-off-by: darshanime <deathbullet@gmail.com>
These are too hidden now. They increase the issue-load, because people
don't see them.
Add log.Errorf in the core/dnsserver recover routine.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update Caddy to 1.0.1, and update import path
This fix updates caddy to 1.0.1 and also
updates the import path to github.com/caddyserver/caddy
This fix fixes 2959
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Also update plugin.cfg
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update and bump zplugin.go
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add server instance to the context in ServerTLS and ServerHTTPS
The problem with the current code is that there's no way to get the server instance inside a plugin.
Because of that "metrics" plugin sets empty "server" label for requests served over TLS or HTTPS.
* use s.Server instead of s
* Added server to the context of grpc requests
* pkg/log: fix data race on d
Wrap d in a mutex to prevent data race. This makes is slower, but this
is a debugging aid anyway. It's not used normally.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests compilation
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add any plugin
This adds the any plugin, a plain copy of coredns/any documented here
https://coredns.io/explugins/any/ as an external plugin.
Fixes: #2785
Signed-off-by: Miek Gieben <miek@miek.nl>
* Stickler bot nit
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/cancel: add context cancelation plugin
Per review comments on #2704, move this into a plugin that gets called.
Add the most minimal plugin, tests and documenation.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/cache: add timeout option
review feedback: add option to set custom timeout.
Signed-off-by: Miek Gieben <miek@miek.nl>
* spelling
Signed-off-by: Miek Gieben <miek@miek.nl>
* Don't double report metrics on error
When there is an error use a different function to report the metrics,
in case the plugin chain handled the request the metrics are already
reported.
Fixes: #2717
Signed-off-by: Miek Gieben <miek@miek.nl>
* Compile again
Signed-off-by: Miek Gieben <miek@miek.nl>
* more
Signed-off-by: Miek Gieben <miek@miek.nl>
* Remove server addr from the context
This was added twice, just leave the server which also holds the
address.
Conflicts with #2719 but should be easy to fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
* doesn't need server context
Signed-off-by: Miek Gieben <miek@miek.nl>
The server handles this case no need to also do it in the log plugin.
Means DefaultErrorFunc can be private to the dnsserver and is now
renamed to just errorFunc
Fixes: #2715
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/grpc: New gRPC plugin
* some changes after the first review:
- remove healthcheck. gRPC already has this implicitly implemented
- some naming and stetic changes
- fix some comments
- other minor fixes
* plugin/grpc: New gRPC plugin
* some changes after the first review:
- remove healthcheck. gRPC already has this implicitly implemented
- some naming and stetic changes
- fix some comments
- other minor fixes
* add OWNERS file and change plugin order
* remove Rcode checker
