CoreDNS is a DNS server that chains plugins
Find a file
Miek Gieben c466003a94
startup: add logo (#3230)
* startup: add logo

As discussed in #3225, lets add a little logo. This PR incorperates this
in the startup text. It also removes the logging output as this outputs
identical lines of text, but for no clear reason. This means --quiet now
means "no output on startup at all".

Currently it looks like this:

~~~
.:1053
   ______                ____  _   _______
  / ____/___  ________  / __ \/ | / / ___/	CoreDNS-1.6.2
 / /   / __ \/ ___/ _ \/ / / /  |/ /\__ \ 	linux/amd64, go1.12.9,
/ /___/ /_/ / /  /  __/ /_/ / /|  /___/ /
\____/\____/_/   \___/_____/_/ |_//____/
~~~

We have 2 lines extra on the right if we need to print more (no ideas
come to mind currently).

Signed-off-by: Miek Gieben <miek@miek.nl>

* Add distinct marker for grep and cut purposes

Signed-off-by: Miek Gieben <miek@miek.nl>
2019-08-30 15:12:17 +01:00
.circleci Add CircleCI for Integration testing (#2889) 2019-06-17 19:26:42 +01:00
.github Add CONTRIBUTING symlink (#2540) 2019-02-08 17:07:50 +00:00
.presubmit Update shebangs for environmentally finding Bash -- Compatibility update to provide support for platforms that do not ship Bash in their /bin (#2841) 2019-05-27 10:45:38 +01:00
core plugin/sign: a plugin that signs zone (#2993) 2019-08-29 15:41:59 +01:00
coremain startup: add logo (#3230) 2019-08-30 15:12:17 +01:00
man mechanical: run: go gen and make -f Makefile.doc (#3104) 2019-08-09 08:40:30 -07:00
notes notes: rebrand 1.7.0 as 1.6.3 (#3217) 2019-08-28 08:12:33 -07:00
pb Remove grpc watch functionality (#2549) 2019-02-11 14:46:53 +00:00
plugin plugin/file: rework outgoing axfr (#3227) 2019-08-30 13:47:27 +01:00
request fix mis-spelling in request.go (#3213) 2019-08-27 09:01:17 -04:00
test plugin/file: rework outgoing axfr (#3227) 2019-08-30 13:47:27 +01:00
.benchmark.sh Fix some minor typos (#2625) 2019-02-27 08:02:50 +00:00
.codecov.yml Increase codecov target requirement to 50% (from 40%) (#1344) 2018-01-03 14:48:39 +00:00
.dockerignore dockerignore: ignore .git (#1723) 2018-04-24 09:23:50 +01:00
.gitignore Add .gitignore files for Eclipse (#2627) 2019-02-27 01:07:45 -08:00
.stickler.yml Add stickler config (#2009) 2018-07-27 15:00:49 +01:00
.travis.yml Add Continuous Fuzzing Integration to Fuzzit (#3093) 2019-08-18 08:40:59 +00:00
ADOPTERS.md fix typo in ADOPTERS.md (#3181) 2019-08-23 06:50:54 +00:00
CODE-OF-CONDUCT.md Coredns follows the CNCF Code of Conduct (#2597) 2019-02-24 12:56:13 +00:00
CONTRIBUTING.md doc: formatting and point to plugin.md (#3107) 2019-08-12 18:24:57 +00:00
coredns.1.md Remove -cpu flag (#2793) 2019-07-03 20:12:51 +01:00
coredns.go plugin/chaos: add default list of authors (#2737) 2019-03-31 11:01:11 -07:00
corefile.5.md Doc update (#2792) 2019-04-22 05:38:40 +08:00
directives_generate.go Enhancement of external plugin enabling (#1392) 2018-01-15 21:54:10 +00:00
Dockerfile Docker: drop alpine (#1843) 2018-06-04 19:20:21 +01:00
go.mod plugin/sign: a plugin that signs zone (#2993) 2019-08-29 15:41:59 +01:00
go.sum plugin/sign: a plugin that signs zone (#2993) 2019-08-29 15:41:59 +01:00
GOVERNANCE.md Governance: Clarify definition of "Transparent and accessible" (#2300) 2018-11-13 23:24:56 +00:00
LICENSE Cleanups, removing Caddy name a bit more 2016-03-19 07:42:21 +00:00
Makefile Fuzz: fix forward build (#3200) 2019-08-26 09:33:20 +00:00
Makefile.doc docs: Makefile.release and Makefile.doc (#2926) 2019-06-26 11:18:03 +01:00
Makefile.fuzz Fuzz: fix forward build (#3200) 2019-08-26 09:33:20 +00:00
Makefile.release Bump version to 1.5.2 (#2969) 2019-07-03 19:47:38 +01:00
OWNERS stepdown from CoreDNS maintainer (#2861) 2019-06-03 16:21:05 -04:00
owners_generate.go fix mis-spelling in owners_generate.go (#3159) 2019-08-20 13:00:19 +00:00
plugin.cfg plugin/sign: a plugin that signs zone (#2993) 2019-08-29 15:41:59 +01:00
plugin.md doc: formatting and point to plugin.md (#3107) 2019-08-12 18:24:57 +00:00
README.md Update README.md (#3207) 2019-08-26 09:27:18 -07:00
SECURITY.md SECURITY.md to take advantage of GitHub features (#3206) 2019-08-26 09:13:07 -07:00

CoreDNS

Documentation Build Status fuzzit Code Coverage Docker Pulls Go Report Card CII Best Practices

CoreDNS is a DNS server/forwarder, written in Go, that chains plugins. Each plugin performs a (DNS) function.

CoreDNS is a Cloud Native Computing Foundation graduated project.

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. If some functionality is not provided out of the box you can add it by writing a plugin.

CoreDNS can listen for DNS requests coming in over UDP/TCP (go'old DNS), TLS (RFC 7858), also called DoT, DNS over HTTP/2 - DoH - (RFC 8484) and gRPC (not a standard).

Currently CoreDNS is able to:

  • Serve zone data from a file; both DNSSEC (NSEC only) and DNS are supported (file and auto).
  • Retrieve zone data from primaries, i.e., act as a secondary server (AXFR only) (secondary).
  • Sign zone data on-the-fly (dnssec).
  • Load balancing of responses (loadbalance).
  • Allow for zone transfers, i.e., act as a primary server (file).
  • Automatically load zone files from disk (auto).
  • Caching of DNS responses (cache).
  • Use etcd as a backend (replacing SkyDNS) (etcd).
  • Use k8s (kubernetes) as a backend (kubernetes).
  • Serve as a proxy to forward queries to some other (recursive) nameserver (forward).
  • Provide metrics (by using Prometheus) (metrics).
  • Provide query (log) and error (errors) logging.
  • Integrate with cloud providers (route53).
  • Support the CH class: version.bind and friends (chaos).
  • Support the RFC 5001 DNS name server identifier (NSID) option (nsid).
  • Profiling support (pprof).
  • Rewrite queries (qtype, qclass and qname) (rewrite and template).
  • Block ANY queries (any).

And more. Each of the plugins is documented. See coredns.io/plugins for all in-tree plugins, and coredns.io/explugins for all out-of-tree plugins.

Compilation from Source

To compile CoreDNS, we assume you have a working Go setup. See various tutorials if you don’t have that already configured.

First, make sure your golang version is 1.12 or higher as go mod support is needed. See here for go mod details. Then, check out the project and run make to compile the binary:

$ git clone https://github.com/coredns/coredns
$ cd coredns
$ make

This should yield a coredns binary.

Compilation with Docker

CoreDNS requires Go to compile. However, if you already have docker installed and prefer not to setup a Go environment, you could build CoreDNS easily:

$ docker run --rm -i -t -v $PWD:/v -w /v golang:1.12 make

The above command alone will have coredns binary generated.

Examples

When starting CoreDNS without any configuration, it loads the whoami plugin and starts listening on port 53 (override with -dns.port), it should show the following:

.:53
2016/09/18 09:20:50 [INFO] CoreDNS-001
CoreDNS-001

Any query sent to port 53 should return some information; your sending address, port and protocol used.

If you have a Corefile without a port number specified it will, by default, use port 53, but you can override the port with the -dns.port flag:

./coredns -dns.port 1053, runs the server on port 1053.

Start a simple proxy. You'll need to be root to start listening on port 53.

Corefile contains:

.:53 {
    forward . 8.8.8.8:53
    log
}

Just start CoreDNS: ./coredns. Then just query on that port (53). The query should be forwarded to 8.8.8.8 and the response will be returned. Each query should also show up in the log which is printed on standard output.

Serve the (NSEC) DNSSEC-signed example.org on port 1053, with errors and logging sent to standard output. Allow zone transfers to everybody, but specifically mention 1 IP address so that CoreDNS can send notifies to it.

example.org:1053 {
    file /var/lib/coredns/example.org.signed {
        transfer to *
        transfer to 2001:500:8f::53
    }
    errors
    log
}

Serve example.org on port 1053, but forward everything that does not match example.org to a recursive nameserver and rewrite ANY queries to HINFO.

.:1053 {
    rewrite ANY HINFO
    forward . 8.8.8.8:53

    file /var/lib/coredns/example.org.signed example.org {
        transfer to *
        transfer to 2001:500:8f::53
    }
    errors
    log
}

IP addresses are also allowed. They are automatically converted to reverse zones:

10.0.0.0/24 {
    whoami
}

Means you are authoritative for 0.0.10.in-addr.arpa..

This also works for IPv6 addresses. If for some reason you want to serve a zone named 10.0.0.0/24 add the closing dot: 10.0.0.0/24. as this also stops the conversion.

This even works for CIDR (See RFC 1518 and 1519) addressing, i.e. 10.0.0.0/25, CoreDNS will then check if the in-addr request falls in the correct range.

Listening on TLS (DoT) and for gRPC? Use:

tls://example.org grpc://example.org {
    whoami
}

And for DNS over HTTP/2 (DoH) use:

https://example.org {
    whoami
}

Specifying ports works in the same way:

grpc://example.org:1443 {
    # ...
}

When no transport protocol is specified the default dns:// is assumed.

Community

We're most active on Github (and Slack):

More resources can be found:

Contribution guidelines

If you want to contribute to CoreDNS, be sure to review the contribution guidelines.

Deployment

Examples for deployment via systemd and other use cases can be found in the deployment repository.

Deprecation Policy

When there is a backwards incompatible change in CoreDNS the following process is followed:

  • Release x.y.z: Announce that in the next release we will make backward incompatible changes.
  • Release x.y+1.0: Increase the minor version and set the patch version to 0. Make the changes, but allow the old configuration to be parsed. I.e. CoreDNS will start from an unchanged Corefile.
  • Release x.y+1.1: Increase the patch version to 1. Remove the lenient parsing, so CoreDNS will not start if those features are still used.

E.g. 1.3.1 announce a change. 1.4.0 a new release with the change but backward compatible config. And finally 1.4.1 that removes the config workarounds.

Security

Security Audit

A third party security audit was performed by Cure53, you can see the full report here.

Reporting security vulnerabilities

If you find a security vulnerability or any security related issues, please DO NOT file a public issue, instead send your report privately to security@coredns.io. Security reports are greatly appreciated and we will publicly thank you for it.

Please consult security vulnerability disclosures and security fix and release process document