bfaf9e0aec
* core: add listening for other protocols
Allow CoreDNS to listen for TLS request coming over port 853. This can
be enabled with `tls://` in the config file.
Implement listening for grps:// as well.
a Corefile like:
~~~
. tls://.:1853 {
whoami
tls
}
~~~
Means we listen on 1853 for tls requests, the `tls` config item allows
configuration for TLS parameters. We *might* be tempted to use Caddy's
Let's Encrypt implementation here.
* Refactor coredns/grpc into CoreDNS
This makes gRPC a first class citizen in CoreDNS. Add defines as being
just another server.
* some cleanups
* unexport the servers
* Move protobuf dir
* Hook up TLS properly
* Fix test
* listen for TLS as well. README updates
* disable test, fix package
* fix test
* Fix tests
* Fix remaining test
* Some tests
* Make the test work
* Add grpc test from #580
* fix crash
* Fix tests
* Close conn
* README cleanups
* README
* link RFC
85 lines
2 KiB
Go
85 lines
2 KiB
Go
package dnsserver
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
// serverTLS represents an instance of a TLS-over-DNS-server.
|
|
type serverTLS struct {
|
|
*Server
|
|
}
|
|
|
|
// NewTLSServer returns a new CoreDNS TLS server and compiles all middleware in to it.
|
|
func NewServerTLS(addr string, group []*Config) (*serverTLS, error) {
|
|
|
|
s, err := NewServer(addr, group)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &serverTLS{Server: s}, nil
|
|
}
|
|
|
|
// Serve implements caddy.TCPServer interface.
|
|
func (s *serverTLS) Serve(l net.Listener) error {
|
|
s.m.Lock()
|
|
|
|
// Only fill out the TCP server for this one.
|
|
s.server[tcp] = &dns.Server{Listener: l, Net: "tcp-tls", Handler: dns.HandlerFunc(func(w dns.ResponseWriter, r *dns.Msg) {
|
|
ctx := context.Background()
|
|
s.ServeDNS(ctx, w, r)
|
|
})}
|
|
s.m.Unlock()
|
|
|
|
return s.server[tcp].ActivateAndServe()
|
|
}
|
|
|
|
// ServePacket implements caddy.UDPServer interface.
|
|
func (s *serverTLS) ServePacket(p net.PacketConn) error { return nil }
|
|
|
|
// Listen implements caddy.TCPServer interface.
|
|
func (s *serverTLS) Listen() (net.Listener, error) {
|
|
// The *tls* middleware must make sure that multiple conflicting
|
|
// TLS configuration return an error: it can only be specified once.
|
|
tlsConfig := new(tls.Config)
|
|
for _, conf := range s.zones {
|
|
// Should we error if some configs *don't* have TLS?
|
|
tlsConfig = conf.TLSConfig
|
|
}
|
|
|
|
var (
|
|
l net.Listener
|
|
err error
|
|
)
|
|
|
|
if tlsConfig == nil {
|
|
l, err = net.Listen("tcp", s.Addr[len(TransportTLS+"://"):])
|
|
} else {
|
|
l, err = tls.Listen("tcp", s.Addr[len(TransportTLS+"://"):], tlsConfig)
|
|
}
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return l, nil
|
|
}
|
|
|
|
// ListenPacket implements caddy.UDPServer interface.
|
|
func (s *serverTLS) ListenPacket() (net.PacketConn, error) { return nil, nil }
|
|
|
|
// OnStartupComplete lists the sites served by this server
|
|
// and any relevant information, assuming Quiet is false.
|
|
func (s *serverTLS) OnStartupComplete() {
|
|
if Quiet {
|
|
return
|
|
}
|
|
|
|
for zone, config := range s.zones {
|
|
fmt.Println(TransportTLS + "://" + zone + ":" + config.Port)
|
|
}
|
|
}
|