| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Vico Chu <vico24826@gmail.com>
Signed-off-by: Vico Chu <vico24826@gmail.com>
|
|
|
|
* Drop obsolete client-go auth plugins
The OpenStack plugin is no longer available, even in version 0.24.4 of
client-go; see
https://github.com/kubernetes/client-go/blob/v0.24.4/plugin/pkg/client/auth/openstack/openstack_stub.go
It is replaced by the client-keystone-auth credential plugin. The
plugin has been entirely removed in client-go 0.26.0, which breaks the
build when any other dependency pulls in client-go 0.26.0 or later.
The GCP plugin is deprecated in K8s 1.22+ and unavailable in 1.26+
(although it is still stubbed in client-go 0.26.0). Is it replaced by
the gke-gcloud-auth-plugin credential plugin.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
* Update plugin/kubernetes/setup.go
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
|
|
plugin/kubernetes: fix NXDOMAIN/NOERROR responses for TXT queries
Signed-off-by: Laurence Robinson <laurence_robinson@live.co.uk>
Co-authored-by: Laurence Robinson <laurence.robinson@deshaw.com>
|
|
* add glsb example
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
* plugin/edns: remove truncating of question section on bad EDNS version
EDNS requests of "Unknown Version" removed the query section altogether.
Not sure why since this is not require (see [link](https://kb.isc.org/docs/edns-compatibility-dig-queries)
This cause issues with DNS solutions that uses this information (initial queried name, type and class) in order to route the response to the right client (e.g. PDNS).
The change here is to keep the inital query section as is.
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
* adding tests for edns0 version check
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
* adding tests for non-edns0 version check
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
Signed-off-by: Ben Kaplan <ben.kaplan@redis.com>
|
|
* fix multiple dnstap plugins behavior
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Both block and filter actions write responses to the client based upon
the source IP address of the UDP packet containing the query. An
attacker spoofing the source IP address to that of their target, can
elicit a response to be sent to the victim host, known as DNS
Reflection. If an attacker is able to elicit a large response from a
relatively small query, with a spoofed source IP address, they are able
to increase the amount of data sent to the victim, known as DNS
Amplification. Scaling this from one to many queries allows an attacker
to perform an effective Denial of Service (DoS) attack against their
target.
Adding the drop action enables CoreDNS to ignore queries of a given
type or network range from being processed and a response written,
where an operator knows ahead of time, should not originate or be
destined to.
Signed-off-by: rsclarke <hey@rsclarke.dev>
Signed-off-by: rsclarke <hey@rsclarke.dev>
|
|
(#5671)
Signed-off-by: Grant Spence <gspence@redhat.com>
Signed-off-by: Grant Spence <gspence@redhat.com>
|
|
Signed-off-by: Miciah Masters <miciah.masters@gmail.com>
Signed-off-by: Miciah Masters <miciah.masters@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
* plugin/template : add support for extended DNS errors
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Signed-off-by: Erik Johansson <ejohansson@spotify.com>
Signed-off-by: Erik Johansson <ejohansson@spotify.com>
|
|
* plugin/template: Add parseInt template function
Signed-off-by: Erik Johansson <ejohansson@spotify.com>
|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Signed-off-by: coredns[bot] <bot@bot.coredns.io>
|
|
* introduce new interface "dnsserver.Viewer", that allows a plugin implementing it to decide if a query should be routed into its server block.
* add new plugin "view", that uses the new interface to enable a user to define expression based conditions that must be met for a query to be routed to its server block.
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
document unimplemented secondary tsig; clarify plugin description
|
|
Signed-off-by: Krzysztof Narkiewicz <knarkiewicz@bloomberg.net>
Signed-off-by: Krzysztof Narkiewicz <knarkiewicz@bloomberg.net>
Co-authored-by: Krzysztof Narkiewicz <knarkiewicz@bloomberg.net>
|
|
* Added identity and version support to dnstap plugin
Signed-off-by: Daniel Jolly <code@danieljolly.com>
* Added missing commas
Signed-off-by: Daniel Jolly <code@danieljolly.com>
* Moved byte slice conversions to setup rather than handler.
Fixed indentation issue.
Signed-off-by: Daniel Jolly <code@danieljolly.com>
* Improved setup config parsing and added tests to detect various configurations
Signed-off-by: Daniel Jolly <code@danieljolly.com>
Signed-off-by: Daniel Jolly <code@danieljolly.com>
Co-authored-by: Daniel Jolly <code@danieljolly.com>
|
|
Signed-off-by: coredns[bot] <bot@bot.coredns.io>
|
|
*add option for resolving headless Services without external IPs in k8s_external
Signed-off-by: Tomas Kohout <tomas.kohout1995@gmail.com>
|
|
* chore: remove duplicate word in comments
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
* auto go mod tidy
Signed-off-by: coredns[bot] <bot@bot.coredns.io>
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
Signed-off-by: coredns[bot] <bot@bot.coredns.io>
Co-authored-by: coredns[bot] <bot@bot.coredns.io>
|
|
(#5508)
|
|
* plugin/forward: convert the specified domain of health_check to Fqdn
* plugin/forward: update readme for health check
Signed-off-by: vanceli <vanceli@tencent.com>
|
|
* Add PTR records to supported types
Signed-off-by: Alex Bulatov <xbulat@gmail.com>
* Add extra line
Signed-off-by: Alex Bulatov <xbulat@gmail.com>
* Fix title
Signed-off-by: Alex Bulatov <xbulat@gmail.com>
Signed-off-by: Alex Bulatov <xbulat@gmail.com>
|
|
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
* add cache disable options
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
* plugin/acl : add support for Extended DNS Errors
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
* fixup! plugin/acl : add support for Extended DNS Errors
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
|
|
* enable multiple declarations of forward plugin
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
add log listener interface
Signed-off-by: xh4n3 <xyn1016@gmail.com>
|
|
* reset readiness plugins list on startup
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: coredns[bot] <bot@bot.coredns.io>
|
|
|
|
(#5460)
* plugin/trace : make zipkin HTTP reporter more configurable using Corefile
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
|
|
For responses synthesized by known wildcard records, publish metadata containing the wildcard record name
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
* Exclude External IP addresses from being added to the existing kubernetes' plugin IP->Service index
* Add support for PTR requests on External IPs of Services to the k8s_external plugin
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
|
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
|
Vico Chu
Rich
Stephen Kitt
LAMRobinson
Chris O'Haver
Ben Kaplan
rsclarke
Grant Spence
Miciah Dashiel Butler Masters
Yong Tang
Ondřej Benkovský
Erik Johansson
coredns[bot]
Chris Narkiewicz
Daniel Jolly
TomasKohout
Abirdcfly
AndreasHuber-CH
Vancl
Alex
Christoph Heer
Shane Xie
