* plugin/file: Fix in wrong answers returned when wildcard and concrete records exist
Signed-off-by: Jason Du <xdu@infoblox.com>
* Remove superfluous change
Signed-off-by: Jason Du <xdu@infoblox.com>
* Re-implementation and new test case
If the domain's terminal is neither the matching wildcard, nor a domian directly
under the wildcard, return NXDOMAIN
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix empty non-terminal & add test case
Signed-off-by: Jason Du <xdu@infoblox.com>
* Cleanup
Signed-off-by: Jason Du <xdu@infoblox.com>
* Fix case on domain name with character before * and add more test cases
Signed-off-by: Jason Du <xdu@infoblox.com>
* Use different IPs for records in cornerCasesWildcard zone file
Signed-off-by: Jason Du <xdu@infoblox.com>
Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
* transfer: reply with refused
When the *transfer* plugin is not loaded and of the handlers will still
see the AXFR/IXFR request because it is not intercepted.
They need to reply with REFUSED in that case. Update file, auto and k8s
to do this. Add testcase in the file plugin.
Ideally *erratic* should be moved over as well, but maybe that's
*erratic*
This is a bug fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
* import path
Signed-off-by: Miek Gieben <miek@miek.nl>
* Revert "make copies of RRs before returning them (#4409)"
This reverts commit 8b2ff6c3889e0c23dceef4b10a1b1de58e463cb9.
* Document copying responses
See #4409 and the comments. This documents that issue, but doesn't
change the in-tree plugins just yet.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* pass through nxdomain results
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* return srvfail and nodata results
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* add test
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* cover more response cases
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* Speed up testing
* make notification run in the background, this recudes the test_readme
time from 18s to 0.10s
* reduce time for zone reload
* TestServeDNSConcurrent remove entirely. This took a whopping 58s for
... ? A few minutes staring didn't reveal wth it is actually testing.
Making values smaller revealed race conditions in the tests. Remove
entirely.
* Move many interval values to variables so we can reset them to short
values for the tests.
* test_large_axfr: make the zone smaller. The number used 64K has no
rational, make it 64/10 to speed up.
* TestProxyThreeWay: use client with shorter timeout
A few random tidbits in other tests.
Total time saved: 177s (almost 3m) - which makes it worthwhile again to
run the test locally:
this branch:
~~~
ok github.com/coredns/coredns/test 10.437s
cd plugin; time go t ./...
5,51s user 7,51s system 11,15s elapsed 744%CPU (
~~~
master:
~~~
ok github.com/coredns/coredns/test 35.252s
cd plugin; time go t ./...
157,64s user 15,39s system 50,05s elapsed 345%CPU ()
~~~
tests/ -25s
plugins/ -40s
This brings the total on 20s, and another 10s can be saved by fixing
dnstapio. Moving this to 5s would be even better, but 10s is also nice.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Also 0.01
Signed-off-by: Miek Gieben <miek@miek.nl>
sed -i 's/Also See/See Also/' plugin/**/README.md
Some plugins did already use 'See Also', so it's all consistent now.
Fixes: #4196
Signed-off-by: Miek Gieben <miek@miek.nl>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
Addresses a bug in the file plugin where SOA queries to zone delegations are
inappropriately returned the SOA for the delegating zone, and not a downward
referral to the delegated zone.
Here is an example of what I believe the expected downward referral in response
to a SOA query for a delegated zone should be (note that no SOA record is
returned):
~~~
; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @k.root-servers.net. miek.nl. SOA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58381
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 7
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;miek.nl. IN SOA
;; AUTHORITY SECTION:
nl. 172800 IN NS ns1.dns.nl.
nl. 172800 IN NS ns2.dns.nl.
nl. 172800 IN NS ns3.dns.nl.
;; ADDITIONAL SECTION:
ns1.dns.nl. 172800 IN A 194.0.28.53
ns2.dns.nl. 172800 IN A 194.146.106.42
ns3.dns.nl. 172800 IN A 194.0.25.24
ns1.dns.nl. 172800 IN AAAA 2001:678:2c:0:194:0:28:53
ns2.dns.nl. 172800 IN AAAA 2001:67c:1010:10::53
ns3.dns.nl. 172800 IN AAAA 2001:678:20::24
~~~
See #3852 for the original fix.
Modified clouddns/route53 and removed the faulty tests there.
Signed-off-by: Miek Gieben <miek@miek.nl>
Don't sign data we are not authoritative for. This adds an AuthWalk
which skips names we should not authoritative for. Adds a few tests to
check this is the case. Generates zones have been compared to
dnssec-signzone.
A number of changes have been made:
* don't add DS records to the apex
* NSEC TTL is the SOA's minttl value (copying bind9)
* Various cleanups
* signer struct was cleaned up: doesn't need ttl, nor expiration or
inception.
* plugin/sign: remove apex stuff from names()
This is never used because we will always have other types in the
apex, because we *ADD* them ourselves, before we sign (DNSKEY, CDS and
CDNSKEY).
Signed-off-by: Miek Gieben <miek@miek.nl>
Co-Authored-By: Chris O'Haver <cohaver@infoblox.com>
* Move to CODEOWNERS
No change in who own what; just a move to CODEOWNERS. This allows
dreck cleanups.
Added .dreck.yaml for alias and exec.
Fixes: #3486
Signed-off-by: Miek Gieben <miek@miek.nl>
* stickler bot
Signed-off-by: Miek Gieben <miek@miek.nl>
* sort the file
Signed-off-by: Miek Gieben <miek@miek.nl>
Caught my eye, we name things directive still, esp when talking about
the prometheus *plugin*. Rename everything that needs to be plugin to
'plugin'. Also make sure Metrics is a H2 section (not H1).
Signed-off-by: Miek Gieben <miek@miek.nl>
Abstract the caddy call and make it simpler.
See #3261 for some part of the discussion.
Go from:
~~~ go
func init() {
caddy.RegisterPlugin("any", caddy.Plugin{
ServerType: "dns",
Action: setup,
})
}
~~~
To:
~~~ go
func init() { plugin.Register("any", setup) }
~~~
This requires some external documents in coredns.io to be updated as
well; the old way still works, so it's backwards compatible.
Signed-off-by: Miek Gieben <miek@miek.nl>
This reloader didn't close the openened file handle. Add a close. Can't
use `defer` because this is in a endless loop.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/file: respond correctly to IXFR message
Respond with a sing SOA record to an IXFR request if the SOA serials
match.
The added test fails on the current code with:
~~~
=== RUN TestIxfrResponse
--- FAIL: TestIxfrResponse (0.00s)
secondary_test.go:122: Expected answer section with single RR
FAIL
exit status 1
~~~
And obviously passes with the new code. This should cut down on the
weird number of zone transfers that I was seeing. At some point IXFR
support might be cool.
Fixes: #3176
Signed-off-by: Miek Gieben <miek@miek.nl>
* reuse code
Signed-off-by: Miek Gieben <miek@miek.nl>
* Sligtht tweaks
Signed-off-by: Miek Gieben <miek@miek.nl>
This can't be used in its current form; revert the entire PR.
Revert "fuzzing: allow setup function to be called (#3175)"
This reverts commit 62451fd3eb68cef5dcdafe6e4228f08cf52d84fc.
* fuzz: use gofuzz build tag instead of fuzz
Since go-fuzz does not support Go modules yet, vendor dependencies.
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* fuzz: avoid vendoring code for go-fuzz
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Various fixes to make things less flaky:
* kubernetes: put klog.SetOutput in the setup function, not in the init
function to see if that helps
* file: make z.Expired a boolean instead of a pointer to a boolean
* test: fix TestSecondaryZoneTransfer test, which wasn't actually
testing in the right way. It's more right now, but may still be racy
(race introduced because a file's lazy loading of zones)
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix corefile usage
* plugin/file: allow README.md testing
Allow readme testing for the file plugin and fix bugs that where found:
* the reader wasn't reset when re-reading the same io.reader for a
different origin.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update test/example_test.go
Co-Authored-By: Michael Grosser <development@stp-ip.net>
* plugin/file: simplify locking
Simplify the locking, remove the reloadMu and just piggyback on the
other lock for accessing content, which assumes things can be move
underneath.
Copy the Apex and Zone to new vars to make sure the pointer isn't
updated from under us.
The releadMu isn't need at all, the time.Ticker firing while we're
reading means we will just miss that tick and get it on the next go.
Add rrutil subpackage and put some more generic functions in there, that
are now used from file and the tree package. This removes some
duplication.
Rename additionalProcessing that didn't actually do that to
externalLookup, because that's what being done at some point.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/file/lookup.go
Co-Authored-By: Michael Grosser <development@stp-ip.net>
After calling NewZone the number of records should be zero, but due to
how zone.All() was implemented so empty RRs would be added. This then
fails the == 0 check in xfr.go and put nil in the slice, this then
subsequently panics on the Len().
Fix this making All() smarter when adding records. Added little test to
enfore this.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/file: Rename do to walk, cleanup and document
* This renames Do to Walk to be more inline with Go standards. Also make
it return an error instead of a bool.
Also give give walk access to rrs. Alternatively e.m could be
exported, but just access the map of rrs should work as well. Another
alternative would be adding a whole bunch of helper functions, but
those need grab and return the data. Just having access to the rrs
should be easiest for most Walks.
* It adds Type and TypeForWildcard to show the different functions
* *Removes* the identical RR check when inserting; this was only done
for A, AAAA and MX and not finished; removed under the mantra garbage
in garbage out.
* Reuses Types to return all the types in an *tree.Elem
Signed-off-by: Miek Gieben <miek@miek.nl>
* better comments
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/file: fix setting ReloadInterval
The reload interval was only correctly set if there was an extra
block for the file. Move this down to set up.
Add test case that fails before, but now works.
Signed-off-by: Miek Gieben <miek@miek.nl>
* layout and use Errorf
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/file: make non-existent file non-fatal
If the zone file being loaded doesn't exist *and* reload is enabled,
just wait the file to pop up in the normal Reload routine.
If reload is set to 0s; we keep this a fatal error on startup. Aslo fix
the ticker in z.Reload(): remove the per second ticks and just use the
reload interval for the ticker.
Brush up the documentation a bit as well.
Fixes: #2951
Signed-off-by: Miek Gieben <miek@miek.nl>
* Stickler and test compile
Signed-off-by: Miek Gieben <miek@miek.nl>
* Remove there too
Signed-off-by: Miek Gieben <miek@miek.nl>
* Cant README test these because zone files dont exist
Signed-off-by: Miek Gieben <miek@miek.nl>
* file: close correctlty after AXFR
Don't hijack, but wait for the writes to be done and then savely close
the connection.
Fixes: #2929
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update comment
Signed-off-by: Miek Gieben <miek@miek.nl>
* file: close correctlty after AXFR (#2943)
apply
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update Caddy to 1.0.1, and update import path
This fix updates caddy to 1.0.1 and also
updates the import path to github.com/caddyserver/caddy
This fix fixes 2959
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Also update plugin.cfg
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update and bump zplugin.go
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
`upstream` is not needed as a setting; just set if unconditionally and
remove all documentation and tests for it.
At some point we want remove the hanlding for `upstream` as well and
error out on seeing it.
Signed-off-by: Miek Gieben <miek@miek.nl>