* Fixing #5376 by adding a check to parse out Zone information
Signed-off-by: Tintin <samrath.sodi@gmail.com>
* using IndexByte instead of strings.Split()
Signed-off-by: Tintin <samrath.sodi@gmail.com>
* using plugin logger for logging parsing failure
Signed-off-by: Tintin <samrath.sodi@gmail.com>
* using var keywork instead of short declaration operator
Signed-off-by: Tintin <samrath.sodi@gmail.com>
* reordering imports
Signed-off-by: Tintin <samrath.sodi@gmail.com>
* Don't add OPT RR to non-EDNS0 queries
Signed-off-by: Patrick W. Healy <phealy@phealy.com>
Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com>
* Update plugin/bufsize/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* geoip: read source IP from EDNS0 subnet if provided
This patch implements EDNS backend processing (similar in powerdns: https://doc.powerdns.com/authoritative/settings.html#setting-edns-subnet-processing). This feature comes very handy to test whether your geo config is working properly.
Signed-off-by: Balazs Nagy <julsevern@gmail.com>
This PR adds an optional REFRESH_MODE parameter on the serve_stale configuration directive of the
cache plugin, which verifies that the upstream is still unavailable before returning stale entries.
Signed-off-by: Antoine Tollenaere <atollena@gmail.com>
* Update ACL plugin's README to capture the edge case
This PR adds a note in ACL plugin's README to capture the edge case
where source ip of the client may be different from the source ip
observed by coredns server (in situations such as Source NAT).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update plugin/acl/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update plugin/acl/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Previously we use io.LimitReader to limit the number of bytes
from http request. However, there is a subtle difference between
io.LimitReader and io.ReadAll as io.LimitReader will return
a Reader, not a ReadCloser. As such the behavior will actually
be difference in case of error handling (and when to close).
This PR changes io.LimitReader to http.MaxBytesReader
so that the behavior can be preserved (except the number of bytes).
See https://stackoverflow.com/a/52699702
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This PR adds additional doc in explaining credentials file field is optional,
in case user might be concerned to save an filename location in Corefile.
Technically since Corefile does not save plaintext secret for clouddns
(unlikely route53/azure), this is not too big of a concern, as far as I can see.
Still it is worth to pointing out in documentation.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update to avoid pseudo-random number
This PR update the usage of rand so that non-global seed is used.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add concurrency-safe random source
See https://stackoverflow.com/questions/48958886/how-to-create-a-thread-safe-rand-source
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This PR cldean up remaining left over of github.com/golang/protobuf in coredns,
as github.com/golang/protobuf has been deprecated.
Note the github.com/golang/protobuf is now only indirectly
used by external libraries. Manually updating coredns' dependency to futher clean up has been tried.
However, it was not possible as external library usages of github.com/golang/protobuf are too interleaved.
This PR fixes 4939.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This PR deprecates plaintext secret in Corefile for route53 plugin (`aws_access_key`).
Since using environmental variables of `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
have already been available, no other changes other than deprecation is needed.
This will avoid saving plaintext secret in Corefile which could be
of security concern.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
