Don't hold on to the *first* wildcard you'll find, but keep searching,
there may be one even deeper in the tree.
Also add multi level wildcard test
Fixes#776
Fix transferring the zone from a master and the matching of notifies
to source and dst IP addresses.
Add `upstream` keyword as well, because it is needed for the same
reasons as in the *file* middlware.
Add some dire warning about upstream in the readme of both middlewares.
Out of band testing, hidden by net build tag was added. Integration
testing still needs to be setup.
* cleanup: go vet and golint run
Various cleanups trickered by go vet and golint.
* Fix tests and lowercase all errors
Lowercase all errors, some tests in kubernetes use errors from
kubernetes which do start with a capital letter.
* middleware/file: don't reload zone when SOA isn't changed
Give Parse an extra argument which is the SOA's serial, if > 0 we check
against the just parsed SOA and then just return.
Most notable use is in reload.go which is both used in the file and auto
middleware.
Fixes#415
* PR comments
* middleware/file: add DNSSEC support
Add tests for DNSSEC and check if everything is working.
* add signatures
* tweak
* Add DNSSEC signing tests for DNAME
* Just sign it all
When CoreDNS starts up and can't get a zone transfer going the Apex is
empty. This `nil` is then transformed into wireformat, which fails with
a nil pointer dereference in Go DNS.
In this case we should just return SERVFAIL, because we don't have any
info (yet). Note the lookup code returned NXDOMAIN, which is correct
from a lookup standpoint, but also invalidates every name in the future
loaded zone.
Anyway, look for an apex before doing the lookup and return SERVFAIL if
nothing is found.
Fixes#679
* Test DNAME handling
If the DNAME itself matches the QTYPE, and the owner name matches QNAME,
the relevant DNAME RR should be included in the answer section.
Other parts of RFC 6672 are not implemented yet and hence left untested.
* Implement the DNAME substitution
As specified in RFC 6672, a DNAME substitution is performed by replacing
the suffix labels of the name being sought matching the owner name of
the DNAME resource record with the string of labels in the RDATA field.
The matching labels end with the root label in all cases. Only whole
labels are replaced.
* Handle DNAME redirection
A CNAME RR is created on-the-fly for the DNAME redirection. Be aware
that we do not have all the edge cases covered yet.
* Test DNAME owner name matching the QNAME
A DNAME RR redirects DNS names subordinate to its owner name; the owner
name of a DNAME is NOT redirected itself.
* Ignore names next to and below a DNAME record
According to RFC 6672, resource records MUST NOT exist at any subdomain
of the owner of a DNAME RR. When loading a zone, those names below the
DNAME RR will be quietly ignored.
* Streamline DNAME processing
Instead of checking DNAMEs during lookup, we use a preloaded list of
DNAME RRs to streamline the process without any runtime performance
penalty:
* When loading the zone, keep a record of any DNAME RRs.
* If there aren't any DNAMEs in the zone, just do the lookup as usual.
* Only when the zone has one or more DNAME records, we look for the
matching DNAME and ignore confronting subdomain(s) in the process.
* Make it easier to trace back through test errors
* Make DNAME handling part of lookup routine
DNAME processing is invoked only if the zone has at least one DNAME RR.
* Put DNAME resolution inside the searching of a hit
We can drop some of the other ideas; we don't need to track if we
have DNAMEs in the zone it just follows naturally from the current
lookup code.
See also: #664
* middleware/file: correctly parse the stanza
Parsing the file stanza would give precedence to 'transfer' and ignore
other bits if it wasn't specified.
This change fixes the parsing. The actually external CNAME retrieval is
working fine (once the upstream is correctly parsed).
This wasn't caught in tests, because we lack a parsing test for this.
Fixes#657
* Add tests
By defining and using an proxy.Exchanger interface we make the proxy
more generic and we can then fold back httproxy into proxy.
This overrides #463 and #473 and should make futures extensions rather
trivial
* Add docs that talk about `protocol` and how to set it.
* middleware/proxy: rename New to NewLookup
It's used as a Lookup mechanism not as a completely new proxy,
reflect that in the name.
* Set maxfails to 3 by default when looking up names.
Most of the changes have been copied
from https://github.com/johnbelamaric/coredns/pull/1/files
This checks if the next middleware to be called is nil, and if so returns
ServerFailure and an error. This makes the next calling more robust and
saves some lines of code.
Also prefix the error with the name of the middleware to aid in
debugging.
* middleware/proxy: config syntax cleanups
Allow port numbers to be used in the transfer statements and clean
up the proxy stanza parsing. Also allow, when specifying an upstream,
/etc/resolv.conf (or any other file) to be used for getting the upstream
nameserver.
Add tests and fix the documentation to make clear what is allowed.
* Fix the other upstream parse as well
Up till now we would only chase 1 CNAME. Spec requires we will chase
all. This PR add support for this. Up to 8 CNAMEs are chased (this
could be longer, by just checking for cycles, but 8 seems enough for
now).
Also add RRSIG of the first CNAME for DNSSEC.
Be more explicit in the logs when a notify fails.
New notify error message looks like:
2016/11/07 18:21:42 [ERROR] Notify for zone "example.org." was not accepted by "8.8.8.8:53": rcode was "SERVFAIL"
Correctly pick up secondaries
When multiple secondary are specified make sure they are picked up.
Fixes#393#398
* add extra test
* middleware/auto: fix crash when calling empty handler
Don't call the next middleware, we should be auth. for this zone
getitng into this path we should respond with ServFail.
Fixes#388
A NSEC record is need to deny any other name that might exist.
Also don't blindly perform the interface conversion when getting
glue for NS records as they now may include RRSIG - also add tests
for that.
Fix the delegation handling in the *file* and *dnssec* middleware.
Refactor tests a bit and show that they are failling.
Add a Tree printer, cleanups and tests.
Fix wildcard test - should get no answer from empty-non-terminal
When a file is moved into position we should also reload the zones'
content.
This also fixes deadlock bug in the locking, a reload would block any
further lookups.
* middleware/metrics: add more metrics
middleware/cache:
Add metrics for number of elements in the cache. Also export the total
size. Update README to detail the new metrics.
middleware/metrics
Move metrics into subpackage called "vars". This breaks the import
cycle and is cleaner. This allows vars.Report to be used in the
the dnsserver to log refused queries.
middleware/metrics: tests
Add tests to the metrics framework. The metrics/test subpackage allows
scraping of the local server. Do a few test scrape of the metrics that
are defined in the metrics middleware.
This also allows metrics integration tests to check if the caching and
dnssec middleware export their metrics correctly.
* update README
* typos
* fix tests
The DS record is handled specially in the server ServeDNS mux, but there
was no code that actually called the correct middleware handler chain
when encountering a DS.
This PR fixes that behavoir, additonal bugs has been files to look into
how we are handling delegation (secure and non-secure ones).
Add auto-load middleware that automatically picks up zones.
Every X seconds it will scan for new zones.
Add tests and documentation.
Make 'make test' use -race.
In the file middleware, if there are multiple zone files under a single root zone, watchers are only invoked on the last element of `zones.Names`. This is caused by loop override on the variable `n`.
This issue can be fixed by passing zone object, which calls reload watcher directly.
This PR adds the *root* middleware that specifies a path where
all zone file (the *file* middleware is the only consumer now) can
be found. It works the same as in Caddy.
Documentation can be found in the README.md of the middleware.
Fixes#307
This still needs cleanup, but this is a first pass the cleans some
cruft and documents our style (in middleware.md) and makes all the
docs match that style.
Rename: positive -> success
negative -> denial
There is a third (unused category) which is error. Start using these
new in the caching middleware and later in the logging middleware.
* Add a setup test for middleware/file
This fix adds a setup test for middleware/file so that there is
a basic coverage for the Corefile processing of middleware/file.
This fix is related to 308 (Will look into it).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* middleware/file: use helper function for test
Fixup setup_test.go and use the test.TempFile function to make things
somewhat shorter.
Use clean up the use of testing.T in TempFile - it is not used.
