diff options
author | 2022-06-27 15:48:34 -0400 | |
---|---|---|
committer | 2022-06-27 15:48:34 -0400 | |
commit | 68e141eff28d2b0d6331684ef153d76902b4001c (patch) | |
tree | 32921a733b6851b8cabaef84d34fae27e5bc27e7 /core | |
parent | 64885950cc8ab59d26ae1df56e94a9f43e439787 (diff) | |
download | coredns-68e141eff28d2b0d6331684ef153d76902b4001c.tar.gz coredns-68e141eff28d2b0d6331684ef153d76902b4001c.tar.zst coredns-68e141eff28d2b0d6331684ef153d76902b4001c.zip |
plugin/tsig: new plugin TSIG (#4957)
* expose tsig secrets via dnsserver.Config
* add tsig plugin
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
Diffstat (limited to 'core')
-rw-r--r-- | core/dnsserver/config.go | 3 | ||||
-rw-r--r-- | core/dnsserver/register.go | 1 | ||||
-rw-r--r-- | core/dnsserver/server.go | 12 | ||||
-rw-r--r-- | core/dnsserver/zdirectives.go | 1 | ||||
-rw-r--r-- | core/plugin/zplugin.go | 1 |
5 files changed, 16 insertions, 2 deletions
diff --git a/core/dnsserver/config.go b/core/dnsserver/config.go index 4007d830f..c34398b39 100644 --- a/core/dnsserver/config.go +++ b/core/dnsserver/config.go @@ -43,6 +43,9 @@ type Config struct { // TLSConfig when listening for encrypted connections (gRPC, DNS-over-TLS). TLSConfig *tls.Config + // TSIG secrets, [name]key. + TsigSecret map[string]string + // Plugin stack. Plugin []plugin.Plugin diff --git a/core/dnsserver/register.go b/core/dnsserver/register.go index ad311d323..86ab5cea3 100644 --- a/core/dnsserver/register.go +++ b/core/dnsserver/register.go @@ -156,6 +156,7 @@ func (h *dnsContext) MakeServers() ([]caddy.Server, error) { c.Debug = c.firstConfigInBlock.Debug c.Stacktrace = c.firstConfigInBlock.Stacktrace c.TLSConfig = c.firstConfigInBlock.TLSConfig + c.TsigSecret = c.firstConfigInBlock.TsigSecret } // we must map (group) each config to a bind address diff --git a/core/dnsserver/server.go b/core/dnsserver/server.go index ec056ba68..fff6ebc9c 100644 --- a/core/dnsserver/server.go +++ b/core/dnsserver/server.go @@ -44,6 +44,8 @@ type Server struct { debug bool // disable recover() stacktrace bool // enable stacktrace in recover error log classChaos bool // allow non-INET class queries + + tsigSecret map[string]string } // NewServer returns a new CoreDNS server and compiles all plugins in to it. By default CH class @@ -54,6 +56,7 @@ func NewServer(addr string, group []*Config) (*Server, error) { Addr: addr, zones: make(map[string]*Config), graceTimeout: 5 * time.Second, + tsigSecret: make(map[string]string), } // We have to bound our wg with one increment @@ -73,6 +76,11 @@ func NewServer(addr string, group []*Config) (*Server, error) { // set the config per zone s.zones[site.Zone] = site + // copy tsig secrets + for key, secret := range site.TsigSecret { + s.tsigSecret[key] = secret + } + // compile custom plugin for everything var stack plugin.Handler for i := len(site.Plugin) - 1; i >= 0; i-- { @@ -115,7 +123,7 @@ func (s *Server) Serve(l net.Listener) error { ctx := context.WithValue(context.Background(), Key{}, s) ctx = context.WithValue(ctx, LoopKey{}, 0) s.ServeDNS(ctx, w, r) - })} + }), TsigSecret: s.tsigSecret} s.m.Unlock() return s.server[tcp].ActivateAndServe() @@ -129,7 +137,7 @@ func (s *Server) ServePacket(p net.PacketConn) error { ctx := context.WithValue(context.Background(), Key{}, s) ctx = context.WithValue(ctx, LoopKey{}, 0) s.ServeDNS(ctx, w, r) - })} + }), TsigSecret: s.tsigSecret} s.m.Unlock() return s.server[udp].ActivateAndServe() diff --git a/core/dnsserver/zdirectives.go b/core/dnsserver/zdirectives.go index bca217185..53168be86 100644 --- a/core/dnsserver/zdirectives.go +++ b/core/dnsserver/zdirectives.go @@ -34,6 +34,7 @@ var Directives = []string{ "any", "chaos", "loadbalance", + "tsig", "cache", "rewrite", "header", diff --git a/core/plugin/zplugin.go b/core/plugin/zplugin.go index a9167eeaf..45bfb5415 100644 --- a/core/plugin/zplugin.go +++ b/core/plugin/zplugin.go @@ -52,5 +52,6 @@ import ( _ "github.com/coredns/coredns/plugin/tls" _ "github.com/coredns/coredns/plugin/trace" _ "github.com/coredns/coredns/plugin/transfer" + _ "github.com/coredns/coredns/plugin/tsig" _ "github.com/coredns/coredns/plugin/whoami" ) |