* Use common TLS parsing routine for etcd
Change to use the new common routine, and update the docs to reflect
the different options for passing TLS configuration.
* Move middleware/tls to middleware/pkg/tls
This was put in the wrong place originally.
Create a small speedup running the tests:
PASS
ok github.com/miekg/coredns/test 10.329s
PASS
ok github.com/miekg/coredns/test 6.079s
Skip the etcd ones. Doing the middleware/*/*_test ones doesn't yield
any speedup as these are still done on a per directory basis.
Add deadline to break the connection. We use the default of 5 seconds.
After this the backend is marked unhealthy and not used for some time.
Fixes#467
* Add common TLS config routines
These routines can be used to load TLS configs based upon the
args in the Corefile.
* Add common routine for Corefile arg handling
Add the NewTLSConfigFromArgs routine so that you can just pass
in the Corefile args and get a tls.Config. This ensures the
parameters are handled consistently across middleware.
* Change to varargs style params
Change to use args ...string instead of []string. Add
documentation of what each call means.
This middleware allows playing with responses. Only one type is
implemented: it allows you to drop queries. I.e. withhold the response
from the client.
This checks if the next middleware to be called is nil, and if so returns
ServerFailure and an error. This makes the next calling more robust and
saves some lines of code.
Also prefix the error with the name of the middleware to aid in
debugging.
* middleware/httproxy: implement debug queries
Not too useful at the moment, but o-o.debug queries are supported
and return the Comment from dns.google.com.
Note that this is not always set.
* improve documentation
* Testing cleanups
This PR adds a middleware that talks to dns.google.com over HTTPS,
meaning all your DNS traffic is encrypted when traversing your ISP and
the internet.
The `dns.google.com` address is re-resolved every 30 seconds.
* middleware/proxy: config syntax cleanups
Allow port numbers to be used in the transfer statements and clean
up the proxy stanza parsing. Also allow, when specifying an upstream,
/etc/resolv.conf (or any other file) to be used for getting the upstream
nameserver.
Add tests and fix the documentation to make clear what is allowed.
* Fix the other upstream parse as well
Change the CI setup for K8s to be simpler. Now it just creates a
set of objects via a yaml file, making it very easy to modify
the tests.
Implement PTR for services.
Provide TTL examples for cache middleware. Fixes: #364
Add interaction docs to make non invalidation for cache middleware
clear. Cache might serve stale records. Fixes: #403
* When no records match, reply with NXDOMAIN
* Implement in IsNameError
* case for unexposed namespace. k8s integation tests
* Fix imports order. Lower case of err strs.
Up till now we would only chase 1 CNAME. Spec requires we will chase
all. This PR add support for this. Up to 8 CNAMEs are chased (this
could be longer, by just checking for cycles, but 8 seems enough for
now).
Also add RRSIG of the first CNAME for DNSSEC.
* middleware/cache: cache 0 will be capped at 5
cache 0 would return TTL=0 records, up that to the documented minimum of
5 seconds.
* middleware/cache: check for 0 TTL
Handle 0 TTL differently and return an error, we might need to
special case this in the future.
Be more explicit in the logs when a notify fails.
New notify error message looks like:
2016/11/07 18:21:42 [ERROR] Notify for zone "example.org." was not accepted by "8.8.8.8:53": rcode was "SERVFAIL"
Correctly pick up secondaries
When multiple secondary are specified make sure they are picked up.
Fixes#393#398
The watchers were still trying to process raw v1 objects which
failed to be added to the store. This meant new services and
namespaces created after CoreDNS started would not be discoverable.
Add a filter function that converts watch events with v1 objects
to events with api objects.
* add extra test
* middleware/auto: fix crash when calling empty handler
Don't call the next middleware, we should be auth. for this zone
getitng into this path we should respond with ServFail.
Fixes#388
