aboutsummaryrefslogtreecommitdiff
path: root/core/dnsserver
diff options
context:
space:
mode:
Diffstat (limited to 'core/dnsserver')
-rw-r--r--core/dnsserver/config.go3
-rw-r--r--core/dnsserver/register.go1
-rw-r--r--core/dnsserver/server.go12
-rw-r--r--core/dnsserver/zdirectives.go1
4 files changed, 15 insertions, 2 deletions
diff --git a/core/dnsserver/config.go b/core/dnsserver/config.go
index 4007d830f..c34398b39 100644
--- a/core/dnsserver/config.go
+++ b/core/dnsserver/config.go
@@ -43,6 +43,9 @@ type Config struct {
// TLSConfig when listening for encrypted connections (gRPC, DNS-over-TLS).
TLSConfig *tls.Config
+ // TSIG secrets, [name]key.
+ TsigSecret map[string]string
+
// Plugin stack.
Plugin []plugin.Plugin
diff --git a/core/dnsserver/register.go b/core/dnsserver/register.go
index ad311d323..86ab5cea3 100644
--- a/core/dnsserver/register.go
+++ b/core/dnsserver/register.go
@@ -156,6 +156,7 @@ func (h *dnsContext) MakeServers() ([]caddy.Server, error) {
c.Debug = c.firstConfigInBlock.Debug
c.Stacktrace = c.firstConfigInBlock.Stacktrace
c.TLSConfig = c.firstConfigInBlock.TLSConfig
+ c.TsigSecret = c.firstConfigInBlock.TsigSecret
}
// we must map (group) each config to a bind address
diff --git a/core/dnsserver/server.go b/core/dnsserver/server.go
index ec056ba68..fff6ebc9c 100644
--- a/core/dnsserver/server.go
+++ b/core/dnsserver/server.go
@@ -44,6 +44,8 @@ type Server struct {
debug bool // disable recover()
stacktrace bool // enable stacktrace in recover error log
classChaos bool // allow non-INET class queries
+
+ tsigSecret map[string]string
}
// NewServer returns a new CoreDNS server and compiles all plugins in to it. By default CH class
@@ -54,6 +56,7 @@ func NewServer(addr string, group []*Config) (*Server, error) {
Addr: addr,
zones: make(map[string]*Config),
graceTimeout: 5 * time.Second,
+ tsigSecret: make(map[string]string),
}
// We have to bound our wg with one increment
@@ -73,6 +76,11 @@ func NewServer(addr string, group []*Config) (*Server, error) {
// set the config per zone
s.zones[site.Zone] = site
+ // copy tsig secrets
+ for key, secret := range site.TsigSecret {
+ s.tsigSecret[key] = secret
+ }
+
// compile custom plugin for everything
var stack plugin.Handler
for i := len(site.Plugin) - 1; i >= 0; i-- {
@@ -115,7 +123,7 @@ func (s *Server) Serve(l net.Listener) error {
ctx := context.WithValue(context.Background(), Key{}, s)
ctx = context.WithValue(ctx, LoopKey{}, 0)
s.ServeDNS(ctx, w, r)
- })}
+ }), TsigSecret: s.tsigSecret}
s.m.Unlock()
return s.server[tcp].ActivateAndServe()
@@ -129,7 +137,7 @@ func (s *Server) ServePacket(p net.PacketConn) error {
ctx := context.WithValue(context.Background(), Key{}, s)
ctx = context.WithValue(ctx, LoopKey{}, 0)
s.ServeDNS(ctx, w, r)
- })}
+ }), TsigSecret: s.tsigSecret}
s.m.Unlock()
return s.server[udp].ActivateAndServe()
diff --git a/core/dnsserver/zdirectives.go b/core/dnsserver/zdirectives.go
index bca217185..53168be86 100644
--- a/core/dnsserver/zdirectives.go
+++ b/core/dnsserver/zdirectives.go
@@ -34,6 +34,7 @@ var Directives = []string{
"any",
"chaos",
"loadbalance",
+ "tsig",
"cache",
"rewrite",
"header",
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-01 08:25:04 +0000