| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Avoid Go 1.20 test error by not attempting to close the testing temp
file unless there was an error in Read().
* Use a CreateTemp() to create unique test files.
* Defer the deletion of the temp file.
Woarkaround for: https://github.com/golang/go/issues/59938
Signed-off-by: SuperQ <superq@gmail.com>
|
|
Signed-off-by: cui fliter <imcusg@gmail.com>
|
|
|
|
|
|
For responses synthesized by known wildcard records, publish metadata containing the wildcard record name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: xuweiwei <xuweiwei_yewu@cmss.chinamobile.com>
|
|
* update all +build statements
Signed-off-by: MQasimSarfraz <syed.qasim.sarfraz@gmail.com>
* remove old +build style
Signed-off-by: MQasimSarfraz <syed.qasim.sarfraz@gmail.com>
|
|
Signed-off-by: xuweiwei <xuweiwei_yewu@cmss.chinamobile.com>
|
|
Signed-off-by: xuweiwei <xuweiwei_yewu@cmss.chinamobile.com>
|
|
While performing security scans there were several
issue raised as G304 (CWE-22): Potential file inclusion via variable.
As some files path are taken from user input, it is possible the
filepath passed by user may have unintended effect if not properly formed.
This fix add Clean to remove the security warning and address some
potential issue.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
Signed-off-by: xuweiwei <xuweiwei_yewu@cmss.chinamobile.com>
|
|
From RFC 1034 ...
Wildcard RRs do not apply:
[...]
When the query name or a name between the wildcard domain and
the query name is know to exist. For example, if a wildcard
RR has an owner name of "*.X", and the zone also contains RRs
attached to B.X, the wildcards would apply to queries for name
Z.X (presuming there is no explicit information for Z.X), but
not to B.X, A.B.X, or X.
Signed-off-by: xuweiwei <xuweiwei_yewu@cmss.chinamobile.com>
|
|
Signed-off-by: crliu3227 <liucongran327@163.com>
|
|
Automatically submitted.
|
|
Automatically submitted.
|
|
Signed-off-by: zounengren <zouyee1989@gmail.com>
|
|
SERVFAIL (#4863)
* write cname answer to client even if target lookup is servfail
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix existing unit test expectations
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
* plugin/file: fix wildcard CNAME answer
Signed-off-by: Yoshida <ykhr53@yokohei.com>
* plugin/file: fix synthesized CNAME answer
Signed-off-by: Yoshida <ykhr53@yokohei.com>
|
|
Signed-off-by: Sven Nebel <nebel.sven@gmail.com>
|
|
concrete records exist (#4599)" (#4633)
reverting as I don't want to release 1.8.4 with this enabled.
This reverts commit fbf3f07f469a99fcbb5985a41c260a3fad26f908.
|
|
records exist (#4599)
* plugin/file: Fix in wrong answers returned when wildcard and concrete records exist
Signed-off-by: Jason Du <xdu@infoblox.com>
* Remove superfluous change
Signed-off-by: Jason Du <xdu@infoblox.com>
* Re-implementation and new test case
If the domain's terminal is neither the matching wildcard, nor a domian directly
under the wildcard, return NXDOMAIN
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix empty non-terminal & add test case
Signed-off-by: Jason Du <xdu@infoblox.com>
* Cleanup
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix case on domain name with character before * and add more test cases
Signed-off-by: Jason Du <xdu@infoblox.com>
* Use different IPs for records in cornerCasesWildcard zone file
Signed-off-by: Jason Du <xdu@infoblox.com>
|
|
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* transfer: reply with refused
When the *transfer* plugin is not loaded and of the handlers will still
see the AXFR/IXFR request because it is not intercepted.
They need to reply with REFUSED in that case. Update file, auto and k8s
to do this. Add testcase in the file plugin.
Ideally *erratic* should be moved over as well, but maybe that's
*erratic*
This is a bug fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
* import path
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Watching TGI Kubernetes 147 and it helps to show a small zonefile
example in the documentation.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* Revert "make copies of RRs before returning them (#4409)"
This reverts commit 8b2ff6c3889e0c23dceef4b10a1b1de58e463cb9.
* Document copying responses
See #4409 and the comments. This documents that issue, but doesn't
change the in-tree plugins just yet.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Automatically submitted.
|
|
An apex only zone returns the wrong answer, document this by adding a
test.
Closes: #4374
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* pass through nxdomain results
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* return srvfail and nodata results
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* cover more response cases
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
These are found with: `pcregrep -M "}\n\n}" **/*.go`
Sometimes a unneeded newline is inserted, remove those.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* Speed up testing
* make notification run in the background, this recudes the test_readme
time from 18s to 0.10s
* reduce time for zone reload
* TestServeDNSConcurrent remove entirely. This took a whopping 58s for
... ? A few minutes staring didn't reveal wth it is actually testing.
Making values smaller revealed race conditions in the tests. Remove
entirely.
* Move many interval values to variables so we can reset them to short
values for the tests.
* test_large_axfr: make the zone smaller. The number used 64K has no
rational, make it 64/10 to speed up.
* TestProxyThreeWay: use client with shorter timeout
A few random tidbits in other tests.
Total time saved: 177s (almost 3m) - which makes it worthwhile again to
run the test locally:
this branch:
~~~
ok github.com/coredns/coredns/test 10.437s
cd plugin; time go t ./...
5,51s user 7,51s system 11,15s elapsed 744%CPU (
~~~
master:
~~~
ok github.com/coredns/coredns/test 35.252s
cd plugin; time go t ./...
157,64s user 15,39s system 50,05s elapsed 345%CPU ()
~~~
tests/ -25s
plugins/ -40s
This brings the total on 20s, and another 10s can be saved by fixing
dnstapio. Moving this to 5s would be even better, but 10s is also nice.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Also 0.01
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
sed -i 's/Also See/See Also/' plugin/**/README.md
Some plugins did already use 'See Also', so it's all consistent now.
Fixes: #4196
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* Implement notifies for transfer plugin (#3972)
* Fix notifies in transfer plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make it compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Port more plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* golint
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix notifies in transfer plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make it compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Port more plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* golint
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests
Signed-off-by: Miek Gieben <miek@miek.nl>
* really fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
* Implement ixfr fallback and unify file and auto for transfering
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add transfer tests
copied and modified from #3452
Signed-off-by: Miek Gieben <miek@miek.nl>
* Test correct selection of plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* add upstream back in
Signed-off-by: Miek Gieben <miek@miek.nl>
* Implement ixfr fallback and unify file and auto for transfering
Signed-off-by: Miek Gieben <miek@miek.nl>
* fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
* properly merge
Signed-off-by: Miek Gieben <miek@miek.nl>
* Remove plugin/kubernetes/setup_transfer_test.go
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Co-authored-by: Miek Gieben <miek@miek.nl>
|
|
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Signed-off-by: Hu Shuai <hus.fnst@cn.fujitsu.com>
|
|
This reverts commit 68f1dd5ddf0451cc3a1b24a72c2965b8d896ffba.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
* Fix notifies in transfer plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make it compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Port more plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* golint
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix notifies in transfer plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* Make it compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Port more plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* golint
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix tests
Signed-off-by: Miek Gieben <miek@miek.nl>
* really fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
* Implement ixfr fallback and unify file and auto for transfering
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add transfer tests
copied and modified from #3452
Signed-off-by: Miek Gieben <miek@miek.nl>
* Test correct selection of plugin
Signed-off-by: Miek Gieben <miek@miek.nl>
* add upstream back in
Signed-off-by: Miek Gieben <miek@miek.nl>
* Implement ixfr fallback and unify file and auto for transfering
Signed-off-by: Miek Gieben <miek@miek.nl>
* fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
* properly merge
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Addresses a bug in the file plugin where SOA queries to zone delegations are
inappropriately returned the SOA for the delegating zone, and not a downward
referral to the delegated zone.
Here is an example of what I believe the expected downward referral in response
to a SOA query for a delegated zone should be (note that no SOA record is
returned):
~~~
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @k.root-servers.net. miek.nl. SOA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58381
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 7
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;miek.nl. IN SOA
;; AUTHORITY SECTION:
nl. 172800 IN NS ns1.dns.nl.
nl. 172800 IN NS ns2.dns.nl.
nl. 172800 IN NS ns3.dns.nl.
;; ADDITIONAL SECTION:
ns1.dns.nl. 172800 IN A 194.0.28.53
ns2.dns.nl. 172800 IN A 194.146.106.42
ns3.dns.nl. 172800 IN A 194.0.25.24
ns1.dns.nl. 172800 IN AAAA 2001:678:2c:0:194:0:28:53
ns2.dns.nl. 172800 IN AAAA 2001:67c:1010:10::53
ns3.dns.nl. 172800 IN AAAA 2001:678:20::24
~~~
See #3852 for the original fix.
Modified clouddns/route53 and removed the faulty tests there.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Don't sign data we are not authoritative for. This adds an AuthWalk
which skips names we should not authoritative for. Adds a few tests to
check this is the case. Generates zones have been compared to
dnssec-signzone.
A number of changes have been made:
* don't add DS records to the apex
* NSEC TTL is the SOA's minttl value (copying bind9)
* Various cleanups
* signer struct was cleaned up: doesn't need ttl, nor expiration or
inception.
* plugin/sign: remove apex stuff from names()
This is never used because we will always have other types in the
apex, because we *ADD* them ourselves, before we sign (DNSKEY, CDS and
CDNSKEY).
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-Authored-By: Chris O'Haver <cohaver@infoblox.com>
|
|
* Move to CODEOWNERS
No change in who own what; just a move to CODEOWNERS. This allows
dreck cleanups.
Added .dreck.yaml for alias and exec.
Fixes: #3486
Signed-off-by: Miek Gieben <miek@miek.nl>
* stickler bot
Signed-off-by: Miek Gieben <miek@miek.nl>
* sort the file
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Caught my eye, we name things directive still, esp when talking about
the prometheus *plugin*. Rename everything that needs to be plugin to
'plugin'. Also make sure Metrics is a H2 section (not H1).
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Signed-off-by: utrehubenka <utrehubenka@infoblox.com>
|
|
TrimPrefix re-assign to former variable
Signed-off-by: Guangming Wang <guangming.wang@daocloud.io>
|
|
Signed-off-by: Guangming Wang <guangming.wang@daocloud.io>
|
|
Abstract the caddy call and make it simpler.
See #3261 for some part of the discussion.
Go from:
~~~ go
func init() {
caddy.RegisterPlugin("any", caddy.Plugin{
ServerType: "dns",
Action: setup,
})
}
~~~
To:
~~~ go
func init() { plugin.Register("any", setup) }
~~~
This requires some external documents in coredns.io to be updated as
well; the old way still works, so it's backwards compatible.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* plugin/file: rework outgoing axfr
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
* Actually properly test xfr
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix test
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
Say once that we've sent notifies, instead of for every upstream
primary.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
This reloader didn't close the openened file handle. Add a close. Can't
use `defer` because this is in a endless loop.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* plugin/file: respond correctly to IXFR message
Respond with a sing SOA record to an IXFR request if the SOA serials
match.
The added test fails on the current code with:
~~~
=== RUN TestIxfrResponse
--- FAIL: TestIxfrResponse (0.00s)
secondary_test.go:122: Expected answer section with single RR
FAIL
exit status 1
~~~
And obviously passes with the new code. This should cut down on the
weird number of zone transfers that I was seeing. At some point IXFR
support might be cool.
Fixes: #3176
Signed-off-by: Miek Gieben <miek@miek.nl>
* reuse code
Signed-off-by: Miek Gieben <miek@miek.nl>
* Sligtht tweaks
Signed-off-by: Miek Gieben <miek@miek.nl>
|
Ondřej Benkovský
Ben Kochie
cui fliter
Yong Tang
Chris O'Haver
xuweiwei
Qasim Sarfraz
LiuCongran
gomakesix
Zou Nengren
Kohei Yoshida
Sven Nebel
Miek Gieben
Jason Du
Hu Shuai
Uladzimir Trehubenka
Guangming Wang
