Don't sign data we are not authoritative for. This adds an AuthWalk
which skips names we should not authoritative for. Adds a few tests to
check this is the case. Generates zones have been compared to
dnssec-signzone.
A number of changes have been made:
* don't add DS records to the apex
* NSEC TTL is the SOA's minttl value (copying bind9)
* Various cleanups
* signer struct was cleaned up: doesn't need ttl, nor expiration or
inception.
* plugin/sign: remove apex stuff from names()
This is never used because we will always have other types in the
apex, because we *ADD* them ourselves, before we sign (DNSKEY, CDS and
CDNSKEY).
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-Authored-By: Chris O'Haver <cohaver@infoblox.com>
* plugin/file: simplify locking
Simplify the locking, remove the reloadMu and just piggyback on the
other lock for accessing content, which assumes things can be move
underneath.
Copy the Apex and Zone to new vars to make sure the pointer isn't
updated from under us.
The releadMu isn't need at all, the time.Ticker firing while we're
reading means we will just miss that tick and get it on the next go.
Add rrutil subpackage and put some more generic functions in there, that
are now used from file and the tree package. This removes some
duplication.
Rename additionalProcessing that didn't actually do that to
externalLookup, because that's what being done at some point.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/file/lookup.go
Co-Authored-By: Michael Grosser <development@stp-ip.net>
* plugin/file: Rename do to walk, cleanup and document
* This renames Do to Walk to be more inline with Go standards. Also make
it return an error instead of a bool.
Also give give walk access to rrs. Alternatively e.m could be
exported, but just access the map of rrs should work as well. Another
alternative would be adding a whole bunch of helper functions, but
those need grab and return the data. Just having access to the rrs
should be easiest for most Walks.
* It adds Type and TypeForWildcard to show the different functions
* *Removes* the identical RR check when inserting; this was only done
for A, AAAA and MX and not finished; removed under the mantra garbage
in garbage out.
* Reuses Types to return all the types in an *tree.Elem
Signed-off-by: Miek Gieben <miek@miek.nl>
* better comments
Signed-off-by: Miek Gieben <miek@miek.nl>
Currently, there are some links that we access with **HTTP**, it is
redirected to **HTTPS** automatically. So this commit aims to
replace **http://...** by **https://...** for security.
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>
* Stop importing testing in the main binary
Stop importing "testing" into the main binary:
* test/helpers.go imported it; remote that and change function signature
* update all tests that use this
Signed-off-by: Miek Gieben <miek@miek.nl>
* Drop import testing from metrics plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* more fiddling
Signed-off-by: Miek Gieben <miek@miek.nl>
* Rename middleware to plugin
first pass; mostly used 'sed', few spots where I manually changed
text.
This still builds a coredns binary.
* fmt error
* Rename AddMiddleware to AddPlugin
* Readd AddMiddleware to remain backwards compat
