aboutsummaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorGravatar Chris O'Haver <cohaver@infoblox.com> 2022-06-27 15:48:34 -0400
committerGravatar GitHub <noreply@github.com> 2022-06-27 15:48:34 -0400
commit68e141eff28d2b0d6331684ef153d76902b4001c (patch)
tree32921a733b6851b8cabaef84d34fae27e5bc27e7 /core
parent64885950cc8ab59d26ae1df56e94a9f43e439787 (diff)
downloadcoredns-68e141eff28d2b0d6331684ef153d76902b4001c.tar.gz
coredns-68e141eff28d2b0d6331684ef153d76902b4001c.tar.zst
coredns-68e141eff28d2b0d6331684ef153d76902b4001c.zip
plugin/tsig: new plugin TSIG (#4957)
* expose tsig secrets via dnsserver.Config * add tsig plugin Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Diffstat (limited to 'core')
-rw-r--r--core/dnsserver/config.go3
-rw-r--r--core/dnsserver/register.go1
-rw-r--r--core/dnsserver/server.go12
-rw-r--r--core/dnsserver/zdirectives.go1
-rw-r--r--core/plugin/zplugin.go1
5 files changed, 16 insertions, 2 deletions
diff --git a/core/dnsserver/config.go b/core/dnsserver/config.go
index 4007d830f..c34398b39 100644
--- a/core/dnsserver/config.go
+++ b/core/dnsserver/config.go
@@ -43,6 +43,9 @@ type Config struct {
// TLSConfig when listening for encrypted connections (gRPC, DNS-over-TLS).
TLSConfig *tls.Config
+ // TSIG secrets, [name]key.
+ TsigSecret map[string]string
+
// Plugin stack.
Plugin []plugin.Plugin
diff --git a/core/dnsserver/register.go b/core/dnsserver/register.go
index ad311d323..86ab5cea3 100644
--- a/core/dnsserver/register.go
+++ b/core/dnsserver/register.go
@@ -156,6 +156,7 @@ func (h *dnsContext) MakeServers() ([]caddy.Server, error) {
c.Debug = c.firstConfigInBlock.Debug
c.Stacktrace = c.firstConfigInBlock.Stacktrace
c.TLSConfig = c.firstConfigInBlock.TLSConfig
+ c.TsigSecret = c.firstConfigInBlock.TsigSecret
}
// we must map (group) each config to a bind address
diff --git a/core/dnsserver/server.go b/core/dnsserver/server.go
index ec056ba68..fff6ebc9c 100644
--- a/core/dnsserver/server.go
+++ b/core/dnsserver/server.go
@@ -44,6 +44,8 @@ type Server struct {
debug bool // disable recover()
stacktrace bool // enable stacktrace in recover error log
classChaos bool // allow non-INET class queries
+
+ tsigSecret map[string]string
}
// NewServer returns a new CoreDNS server and compiles all plugins in to it. By default CH class
@@ -54,6 +56,7 @@ func NewServer(addr string, group []*Config) (*Server, error) {
Addr: addr,
zones: make(map[string]*Config),
graceTimeout: 5 * time.Second,
+ tsigSecret: make(map[string]string),
}
// We have to bound our wg with one increment
@@ -73,6 +76,11 @@ func NewServer(addr string, group []*Config) (*Server, error) {
// set the config per zone
s.zones[site.Zone] = site
+ // copy tsig secrets
+ for key, secret := range site.TsigSecret {
+ s.tsigSecret[key] = secret
+ }
+
// compile custom plugin for everything
var stack plugin.Handler
for i := len(site.Plugin) - 1; i >= 0; i-- {
@@ -115,7 +123,7 @@ func (s *Server) Serve(l net.Listener) error {
ctx := context.WithValue(context.Background(), Key{}, s)
ctx = context.WithValue(ctx, LoopKey{}, 0)
s.ServeDNS(ctx, w, r)
- })}
+ }), TsigSecret: s.tsigSecret}
s.m.Unlock()
return s.server[tcp].ActivateAndServe()
@@ -129,7 +137,7 @@ func (s *Server) ServePacket(p net.PacketConn) error {
ctx := context.WithValue(context.Background(), Key{}, s)
ctx = context.WithValue(ctx, LoopKey{}, 0)
s.ServeDNS(ctx, w, r)
- })}
+ }), TsigSecret: s.tsigSecret}
s.m.Unlock()
return s.server[udp].ActivateAndServe()
diff --git a/core/dnsserver/zdirectives.go b/core/dnsserver/zdirectives.go
index bca217185..53168be86 100644
--- a/core/dnsserver/zdirectives.go
+++ b/core/dnsserver/zdirectives.go
@@ -34,6 +34,7 @@ var Directives = []string{
"any",
"chaos",
"loadbalance",
+ "tsig",
"cache",
"rewrite",
"header",
diff --git a/core/plugin/zplugin.go b/core/plugin/zplugin.go
index a9167eeaf..45bfb5415 100644
--- a/core/plugin/zplugin.go
+++ b/core/plugin/zplugin.go
@@ -52,5 +52,6 @@ import (
_ "github.com/coredns/coredns/plugin/tls"
_ "github.com/coredns/coredns/plugin/trace"
_ "github.com/coredns/coredns/plugin/transfer"
+ _ "github.com/coredns/coredns/plugin/tsig"
_ "github.com/coredns/coredns/plugin/whoami"
)