| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Alejandro de Brito Fontes <aledbf@gmail.com>
|
|
Add a NativeHistogramBucketFactor parameter to the use of
`NewHistogramVec` in order to enable use of Prometheus Native
Histograms.
This will store automatically computed sparse buckets in CoreDNS.
If a compatible Prometeus requests native histograms this data will
returned instead of the static buckets.
The default factor of 1.05 should provide high quality resolution data.
Signed-off-by: SuperQ <superq@gmail.com>
|
|
Signed-off-by: Jeffrey Damick <jdamick@amazon.com>
Co-authored-by: Jeffrey Damick <jdamick@amazon.com>
|
|
* plugin/tls: respect the path specified by root plugin
Signed-off-by: Marius Kimmina <mar.kimmina@gmail.com>
* improve readme
Signed-off-by: Marius Kimmina <mar.kimmina@gmail.com>
---------
Signed-off-by: Marius Kimmina <mar.kimmina@gmail.com>
|
|
When packing the empty domain name, miekg/dns can end up creating
corrupt DNS messages. With some planned unpacking changes, this now
trips an error condition and causes these tests to fail. Correct this
by using the root domain explicitly as this gets correctly encoded on
the wire.
Signed-off-by: Tom Thorogood <me+github@tomthorogood.net>
|
|
Signed-off-by: SriHarshaBS001 <SriHarshaBS009@gmail.com>
|
|
(#6014)" (#6270)
This reverts commit 604a902e2c7e0317aecaa3666124079c75a31573.
|
|
* dnstap: add 'extra' field
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* dnstap: add setup_test for 'extra' field
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* udnstap: update document and test
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* dnstap: update setup_test for more coverage
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* dnstap: add TapMessageWithMetadata function to Dnstap
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* dnstap: adapt dnstap and forward plugins to use TapMessageWithMetadata
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* change TapMessageWithMetadata function
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* tab inconsistency fix
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* fix replacer to support empty state
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* add replacer test for empty status parameter
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* dnstap: update unit test for 'extra' field
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* clean up code
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* gofmt fix & static analysis fix
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
* dnstap: refactor
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
---------
Signed-off-by: chenyuheng <chenyuheng99@qq.com>
|
|
Signed-off-by: Zhizhen He <hezhizhen.yi@gmail.com>
|
|
* Fix typos and add todo to fix spelling of dnsutil.MaximumDefaulTTL
Signed-off-by: Zhizhen He <hezhizhen.yi@gmail.com>
|
|
Add DNS-over-QUIC server
Signed-off-by: jaehnri <joao.henri.cr@gmail.com>
Signed-off-by: João Henri <joao.henri.cr@gmail.com>
|
|
|
|
|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
|
|
* forward: continue waiting after malformed responses
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* clean up
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* clean up
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* move test to /test/. Add build tag.
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* install libpcap-dev for e2e tests
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* sudo the test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove stray err check
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* disable the test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* use -exec flag to run test binary as root
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* run new test by itself in a new workflow
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix test name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* only for udp
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove libpcap test workflow action
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* remove test, since it cant run in ci
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* and remove gopacket package
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
---------
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: cui fliter <imcusg@gmail.com>
|
|
Signed-off-by: vanceli <vanceli@tencent.com>
Signed-off-by: Vance Li <vncl@YingyingM1.local>
Co-authored-by: vanceli <vanceli@tencent.com>
|
|
* plugin/forward: Move Proxy into pkg/plugin/proxy, to allow forward.Proxy to be used outside of forward plugin.
Signed-off-by: Patrick Downey <patrick.downey@dioadconsulting.com>
|
|
This change avoids the hard coding of HTTPS, allowing flexibility in whether HTTP or HTTPS is used.
Signed-off-by: Sebastian Dahlgren <sebdah@fb.com>
|
|
|
|
* plugin/edns: remove truncating of question section on bad EDNS version
EDNS requests of "Unknown Version" removed the query section altogether.
Not sure why since this is not require (see [link](https://kb.isc.org/docs/edns-compatibility-dig-queries)
This cause issues with DNS solutions that uses this information (initial queried name, type and class) in order to route the response to the right client (e.g. PDNS).
The change here is to keep the inital query section as is.
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
* adding tests for edns0 version check
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
* adding tests for non-edns0 version check
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
|
|
* introduce new interface "dnsserver.Viewer", that allows a plugin implementing it to decide if a query should be routed into its server block.
* add new plugin "view", that uses the new interface to enable a user to define expression based conditions that must be met for a query to be routed to its server block.
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
add log listener interface
Signed-off-by: xh4n3 <xyn1016@gmail.com>
|
|
|
|
Previously we use io.LimitReader to limit the number of bytes
from http request. However, there is a subtle difference between
io.LimitReader and io.ReadAll as io.LimitReader will return
a Reader, not a ReadCloser. As such the behavior will actually
be difference in case of error handling (and when to close).
This PR changes io.LimitReader to http.MaxBytesReader
so that the behavior can be preserved (except the number of bytes).
See https://stackoverflow.com/a/52699702
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
|
|
* update all +build statements
Signed-off-by: MQasimSarfraz <syed.qasim.sarfraz@gmail.com>
* remove old +build style
Signed-off-by: MQasimSarfraz <syed.qasim.sarfraz@gmail.com>
|
|
* Update to avoid pseudo-random number
This PR update the usage of rand so that non-global seed is used.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add concurrency-safe random source
See https://stackoverflow.com/questions/48958886/how-to-create-a-thread-safe-rand-source
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
This PR adds limit to ioutil.ReadAll for DoH request body
so that it will not be subject to large requests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
PR 2938 hardens tls though there are other places that uses TLS
as well and setTLSDefaults are not invoked in other paths.
This PR hardens tls on all places.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
While performing security scans there were several
issue raised as G304 (CWE-22): Potential file inclusion via variable.
As some files path are taken from user input, it is possible the
filepath passed by user may have unintended effect if not properly formed.
This fix add Clean to remove the security warning and address some
potential issue.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
|
|
Convert "no nameservers found" error on parse.HostPortOrFile() to an
exported var for use with `errors.Is()`.
Signed-off-by: SuperQ <superq@gmail.com>
|
|
|
|
Signed-off-by: zounengren <zouyee1989@gmail.com>
|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
* upstream lookups are done with original EDNS options
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
* fixup! upstream lookups are done with original EDNS options
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
* rename files to better convey build inclusion reason
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
This reverts commit 4a34e8b8979f23a77000ad6580051b06d2e97508.
|
|
|
|
Signed-off-by: Ondrej Benkovsky <ondrej.benkovsky@wandera.com>
|
|
Signed-off-by: coredns[bot] <bot@bot.coredns.io>
|
|
* fix ipv6 case for cidr.Class
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add check and test case for invalid ipv6 cidr
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* net package is bad at detecting ipv6/ipv4
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* rename Class -> Split
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
* deprecate normalize and mustnormalize
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add runtime warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* elaborate runtime warning
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* include caller info
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* plugin/dnssec: use entire RRset as key input
This uses the entire rrset as input for the hash key; this is to detect
differences in the RRset and generate the correct signature.
As this would then lead to unbounded growth, we periodically (every 8h)
prune the cache of old entries. In theory we could rely on the random
eviction, but it seems nicer to do this in a maintannce loop so that we
remove the unused ones. This required adding a Walk function to the
plugin/pkg/cache.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/dnssec/cache.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Frank Riley <fhriley@gmail.com>
|
|
To combat label cardinality explosions remove the type from metrics.
This was most severe in the histogram for request duration, remove it
there.
It's also highlighted difference between grpc and forward code, where
forward did use type and grpc didn't; getting rid of all that "fixes"
that discrepancy
Move monitor.go back into the vars directory and make it private again.
Also name it slightly better
Fixes: #4507
Signed-off-by: Miek Gieben <miek@miek.nl>
|
|
* plugin/forward Add rcode and rtype to request_duration_seconds metric
Signed-off-by: Maxime Ginters <maxime.ginters@shopify.com>
* Control the cardinality of query type
Signed-off-by: Maxime Ginters <maxime.ginters@shopify.com>
|
Manuel Alejandro de Brito Fontes
Ben Kochie
jdamick
Marius Kimmina
Tom Thorogood
Sri Harsha
Chris O'Haver
Yuheng
Zhizhen He
João Henri
Pat Downey
Eng Zer Jun
Ondřej Benkovský
junhwong
cui fliter
Vancl
Sebastian Dahlgren
Rich
Ben Kaplan
Shane Xie
Yong Tang
Qasim Sarfraz
Wu Shuang
Zou Nengren
Manuel Rüger
Ondřej Benkovský
coredns[bot]
Miek Gieben
Frank Riley
Maxime Ginters
