Don't sign data we are not authoritative for. This adds an AuthWalk
which skips names we should not authoritative for. Adds a few tests to
check this is the case. Generates zones have been compared to
dnssec-signzone.
A number of changes have been made:
* don't add DS records to the apex
* NSEC TTL is the SOA's minttl value (copying bind9)
* Various cleanups
* signer struct was cleaned up: doesn't need ttl, nor expiration or
inception.
* plugin/sign: remove apex stuff from names()
This is never used because we will always have other types in the
apex, because we *ADD* them ourselves, before we sign (DNSKEY, CDS and
CDNSKEY).
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-Authored-By: Chris O'Haver <cohaver@infoblox.com>
* Move to CODEOWNERS
No change in who own what; just a move to CODEOWNERS. This allows
dreck cleanups.
Added .dreck.yaml for alias and exec.
Fixes: #3486
Signed-off-by: Miek Gieben <miek@miek.nl>
* stickler bot
Signed-off-by: Miek Gieben <miek@miek.nl>
* sort the file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix reloading in plugin/pprof.
Reloading the server without changing the listen address results in an
error because Startup is called for newly set up plugins before Shutdown
is called for the old ones.
Signed-off-by: Gonzalo Paniagua Javier <gonzalo.mono@gmail.com>
* Use pkg/reuseport when listening.
Use coredns' newly added reuseport.
Signed-off-by: Gonzalo Paniagua Javier <gonzalo.mono@gmail.com>
* Revert go.{mod,sum} changes.
Signed-off-by: Gonzalo Paniagua Javier <gonzalo.mono@gmail.com>
* create pkg/reuseport
Move the core server listening functions to a new package so plugins can
use them.
Also make *all* servers use the functions here; as only the udp/tcp
listeners where using SO_REUSEPORT (if available). This is the only
actual change in this PR; in it's core it's just a move of 2 files.
This can also be used to cleanup the dance we're doing now for
re-acquiring the sockets in e.g. the metrics plugins and the ready
plugin.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Also push a small doc update
Signed-off-by: Miek Gieben <miek@miek.nl>
Run 'go generate' and 'make -f Makefile.doc' to generate the chaos
plugin author list and update the manual pages.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/reload/README.md: Fix the syntax of the link to the Go
documentation for duration values.
Signed-off-by: Miciah Dashiel Butler Masters <mmasters@redhat.com>
This is a fixup for https://github.com/coredns/coredns/pull/3310 which
replaced some 'iff's with 'if' under the assumption they were typos.
I'm fairly confident they were "If and only if"
(https://en.wikipedia.org/wiki/If_and_only_if), which is commonly
shortened as "iff".
I've updated them to the full length 'if, and only if' for the sake of
readability.
Signed-off-by: Euan Kemp <euan@ngrok.com>
When reloading we need to disable debug output when the debug plugin is
removed from the config file. Add a `Clear` function to pkg/log and use
it in the server server.
Add test case in pkg/log, for actuall check I manually checked the
output by sprinkling some debug statements in the startup and checking
with sending SIGUSR1.
Also clear up the comments in pkg/log to remove the text about time
stamping.
Fixes: #3035
Signed-off-by: Miek Gieben <miek@miek.nl>
* add ed25519 dnskey support
Signed-off-by: Sean Liao <seankhliao@gmail.com>
* fix ed25519 type assertion
Signed-off-by: Sean Liao <seankhliao@gmail.com>
* clean up whitespace
Signed-off-by: Sean Liao <seankhliao@gmail.com>
Caught my eye, we name things directive still, esp when talking about
the prometheus *plugin*. Rename everything that needs to be plugin to
'plugin'. Also make sure Metrics is a H2 section (not H1).
Signed-off-by: Miek Gieben <miek@miek.nl>
For now metric is measure only for headless services. Informer has been slighlty
refactored, so the code can measure latency without storing extra fields on
Endpoint struct.
Signed-off-by: Janek Łukaszewicz <janluk@google.com>
Suggestions from code review
Co-Authored-By: Chris O'Haver <cohaver@infoblox.com>
* Make request.Request smaller
This makes the request struct smaller and removes the pointer to the do
boolean (tri-bool) as size == 0 will indicate if we have cached it.
Family can be a int8 because it only carries 3 values, Size itself is
just a uint16 under the covers.
This is a more comprehensive fix than #3292Closes#3292
Signed-off-by: Miek Gieben <miek@miek.nl>
* cache: fix test
this now needs a valid response writter
Signed-off-by: Miek Gieben <miek@miek.nl>
Don't perform this code in the init, this allocated 1 megabyte of memory
even if you don't use the plugin. Looks to be only there for testing,
adding a comment to reflect that.
Fixes#3342
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/clouddns: remove initialization from init
Init should just call the plugin.Register with a setup function.
Fixes: #3343
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix placement for var f
Signed-off-by: Miek Gieben <miek@miek.nl>
* Move map to array
The map was not needed move to an array, see #1941 for the original
idea. That of course didn't apply anymore; make a super minimal change
to implements the idea from #1941
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add total count
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/forward: may Yield not block
Yield may block when we're super busy with creating (and looking) for
connection. Set a small timeout on Yield, to skip putting the connection
back in the queue.
Use persistentConn troughout the socket handling code to be more
consistent.
Signed-off-by: Miek Gieben <miek@miek.nl>
Dont do
Signed-off-by: Miek Gieben <miek@miek.nl>
* Set used in Yield
This gives one central place where we update used in the persistConns
Signed-off-by: Miek Gieben <miek@miek.nl>
* Run gostaticheck
Run gostaticcheck on the codebase and fix almost all flagged items.
Only keep
* coremain/run.go:192:2: var appVersion is unused (U1000)
* plugin/chaos/setup.go:54:3: the surrounding loop is unconditionally terminated (SA4004)
* plugin/etcd/setup.go:103:3: the surrounding loop is unconditionally terminated (SA4004)
* plugin/pkg/replacer/replacer.go:274:13: argument should be pointer-like to avoid allocations (SA6002)
* plugin/route53/setup.go:124:28: session.New is deprecated: Use NewSession functions to create sessions instead. NewSession has the same functionality as New except an error can be returned when the func is called instead of waiting to receive an error until a request is made. (SA1019)
* test/grpc_test.go:25:69: grpc.WithTimeout is deprecated: use DialContext and context.WithTimeout instead. Will be supported throughout 1.x. (SA1019)
The first one isn't true, as this is set via ldflags. The rest is
minor. The deprecation should be fixed at some point; I'll file some
issues.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make sure to plug in the plugins
import the plugins, that file that did this was removed, put it in the
reload test as this requires an almost complete coredns server.
Signed-off-by: Miek Gieben <miek@miek.nl>
Remove all these uses and just make them work on caddy.Controller. Also
don't export parsing functions as their should be private to the plugin.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/reload: reflow documentation
For some reason these we're all bullets points, which made for awkward
reading.
Signed-off-by: Miek Gieben <miek@miek.nl>
* typo
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/reload/README.md
Co-Authored-By: Michael Grosser <development@stp-ip.net>
Abstract the caddy call and make it simpler.
See #3261 for some part of the discussion.
Go from:
~~~ go
func init() {
caddy.RegisterPlugin("any", caddy.Plugin{
ServerType: "dns",
Action: setup,
})
}
~~~
To:
~~~ go
func init() { plugin.Register("any", setup) }
~~~
This requires some external documents in coredns.io to be updated as
well; the old way still works, so it's backwards compatible.
Signed-off-by: Miek Gieben <miek@miek.nl>
