* plugin/dnssec: check validityperiod of RRSIGs
Somehow we missed implementing this. If a sig a retrieved from the
cache, but not valid anymore, regenerate it instead of server invalid
signatures.
Fixes#1378
* drop from cache after 3/4 validity
* six days means 6 days
* Improve plugin/cache metrics
* Add coredns_cache_prefetch_total metric to track number of prefetches.
* Remove unnecessary Cache.get() call which would incorrectly increment
cache counters.
* Initialize all counters and gauges at zero.
* Allow prefetching of a single request per ttl
The original implementation didn't allow prefetching queries which are
only requested once during the duration of a TTL. The minimum amount of
queries which had to be seen was therefore capped at 2.
This change also implements a real prefetch test. The existing test was
a noop and always passed regardless of any prefetch implementation.
* Fix prefetching for items with a short TTL
The default prefetch threshold (percentage) is 10% of the lifetime of a
cache item. With the previous implementation, this disabled prefetching
for all items with a TTL < 10s (the resulting percentage would be 0, at
which point a cached item is already discarded).
This change uses a time based threshold calculation and ensures that
a prefetch is triggered at a TTL of 1 at the latest.
* Fix wrong duration reporting of cached responses
The logging and metrics plugins (among others) included the duration of
a cache prefetch in the request latency of client request. This change
fixes this wrong reporting and executes the prefetch request in a
goroutine in the background.
This fix is an enhancement of external plugin enabling.
Previously, it was already able to build a customerized
coredns with plugins enabled selectively, without changing
coredns source code. However, all default plugins are
actually bundled because of the import rule:
```
"github.com/coredns/coredns/coremain"
```
The issue is best described with the following:
```
root@localhost:/go/src/github.com/coredns/coredns/sample# cat sample.go
package main
import (
_ "github.com/coredns/forward"
"github.com/coredns/coredns/coremain"
"github.com/coredns/coredns/core/dnsserver"
)
var directives = []string{
"forward",
"startup",
"shutdown",
}
func init() {
dnsserver.Directives = directives
}
func main() {
coremain.Run()
}
root@localhost:/go/src/github.com/coredns/coredns/sample#
root@localhost:/go/src/github.com/coredns/coredns/sample# go build -v sample.go
root@localhost:/go/src/github.com/coredns/coredns/sample# ./sample -plugins
root@localhost:/go/src/github.com/coredns/coredns/sample# ./sample -plugins
Server types:
dns
Caddyfile loaders:
flag
default
Other plugins:
dns.auto
dns.autopath
dns.bind
dns.cache
dns.chaos
dns.debug
dns.dnssec
dns.dnstap
dns.erratic
dns.errors
dns.etcd
dns.federation
dns.file
dns.forward
dns.health
dns.hosts
dns.kubernetes
dns.loadbalance
dns.log
dns.nsid
dns.pprof
dns.prometheus
dns.proxy
dns.reverse
dns.rewrite
dns.root
dns.route53
dns.secondary
dns.template
....
```
This fix moves zplugins.go to a different package/directory so that
it is possible to "only import plugins as needed".
The following is the new output after this fix:
```
root@localhost:/go/src/github.com/coredns/coredns/sample# ./sample -plugins
Server types:
dns
Caddyfile loaders:
flag
default
Other plugins:
dns.forward
dns.prometheus
shutdown
startup
root@localhost:/go/src/github.com/coredns/coredns/sample#
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update vendor
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add route53 plugin
This fix adds route53 plugin so that it is possible to
query route53 record through CoreDNS.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The original ServergRPC.Listen() method returns a tls.Listener
when tls protocol is specified. Unfortunate, tls.Listener
does not implement the caddy.Listener interface that is
needed for graceful restart to work.
The change is to have the ServergRPC.Listen() method returns the
inner net.Listener instead. The creation of the tls.Listener
is deferred to the ServergRPC.Serve() method.
The cache plugin always returned a minimum TTL of 5 seconds, regardless
of the actual TTL of the records. A cache is not authoritative for the
record TTL and should not extend it.
The changes in this fix have:
1. checkout master branch of dependencies (non-branch will trigger an error with go get -u)
2. go get -u
3. checkout specific versioon (not necessary a branch).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix fixes version fetched from `go get` so
that versions are guarded.
github.com/mholt/caddy v0.10.10
github.com/miekg/dns v1.0.3
github.com/prometheus/client_golang v0.8.0
golang.org/x/net release-branch.go1.9 (branch)
golang.org/x/text e19ae1496984b1c655b8044a65c0300a3c878dd3
This fix fixes 1368.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* plugin/health: add 'overloaded metrics'
Query our on health endpoint and record (and export as a metric) the
time it takes. The Get has a 5s timeout, that, when reached, will set
the metric duration to 5s. The actually call "I'm I overloaded" is left
to an external entity.
* README
* golint and govet
* and the tests
* Align plugin/template usage and syntax with other plugins
* Use new fallthrough logic in plugin/template
* Use zone name normalization for plugin/template
* Test fallthrough parsing in plugin/template
* Rework scoping of match checks
Most matches are not plugin global but per template. The plugin does only a
very rough check while detailed checks are done per-template.
Per template checks include:
- Zones
- Class/Type
- Regex
- Fallthrough
* Remove trailing `.` from fully qualified domain names
* Register template metrics with zone/class/type instead of regex
* Remove trailing fqdn dot from multiple testcases
* Add a template plugin
The template plugin matches the incoming query by class, type and regex
and templates a response with go templates.
* Fix go style errors
* Fix template README example
* Fix corefile example in plugin/template
* Clarify plugin/template/README.md
Add more details and external links where needed.
* Fix code issues in plugin/template
* Add template metrics
* Add section and template to template plugin metrics
* Fix style / remove extra newline on go imports
* Fix typo in plugin/template/README.md
* Update README.md
I've change the format a bit in a PR that I merged yesterday.
* Add authority section to plugin/template
* Fix naming of incoming query name in plugin/template/README.md
* Fix doc syntax in plugin/template/README.md
* Add authority section to plugin/template/README.md config overview
* Add metric labels to plugin/template/README.md metrics section
* Use request.Request to pass state to the template matcher
* Add pkg/fall for Fallthrough
Move this into it's own package to facilitate tests. Important bug
was fixed: make the names fully qualified.
Add fall package to hosts, reverse, etcd, and fix kubernetes and any
tests. The k8s tests are still as-is, might need a future cleanup.
This is probably the first in a series to fix "crazy" pod queries.
If the namespace doesn't exist return NXDOMAIN.
It might be worth extending this 1:1 to findServices as well.
* Add manual pages
Generate manual pages from the README and extend README with Name and
Description sections.
The generation requires 'ronn' which may not be available. Just check in
all generated manual pages.
It looks like our code coverage is above 50% now. Let's
make it a requirement to prevent it from regress.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* plugin/dnssec: implement shotgun from CloudFlare
Put a whole bunch of types in the NSEC bitmap and remove the one that's
being asked for.
Add more records for queries to the apex, SOA, DNSKEY, MX.
* Update k8s client-go to v6.0.0
This fix updates k8s client-go to v6.0.0 as CoreDNS is supported
in 1.9 and v6.0.0 is the recommended version.
There are quite some massive changes that need to be made:
1. k8s.io/client-go/pkg/api/v1 has been changed to k8s.io/api/v1 (repo changed from `client-go` to `api`)
2. kubernetes.Clientset adds one extra layer, so that `kubernetes.Clientset.Services()` and like has been changed to `kubernetes.Clientset.CoreV1().Services()`
Also, we have to stick with specific commits of `k8s.io/apimachinery` and the newly introduced `k8s.io/api`
because go dep still could not figure out the right version to fetch.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update vendor with `dep ensure --update` and `dep prune`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
After initial startup, see if prometheus is loaded and if so, register
our metrics with it.
Stop doing the init() func and just use the sync.Once so we don't double
registrer our metrics.
This leave most of the code intact, but we need to stop vendoring
prometheus, because, again, plugins what want to use it. Not vendoring
prometheus makes my forward metrics show up again. Code looks bit
convoluted, but works:
~~~
c.OnStartup(func() error {
once.Do(func() {
m := dnsserver.GetConfig(c).Handler("prometheus")
if m == nil {
return
}
if x, ok := m.(*metrics.Metrics); ok {
x.MustRegister(RequestCount)
x.MustRegister(RcodeCount)
x.MustRegister(RequestDuration)
x.MustRegister(HealthcheckFailureCount)
x.MustRegister(SocketGauge)
}
})
})
~~~
If you have no handlers for any zone CoreDNS would crash, this is very
*uncommon*, because it makes your server a bit unusable. Example config:
~~~
. {
#forward . tls://9.9.9.9 8.8.8.8 {
# health_check 5s
# tls_servername dns.quad9.net
#}
pprof
debug
}
~~~
It this does nothing and doesn't setup you plugin chain because pprof and
debug don't handle queries
* dnstest: add multirecorder
This adds a new recorder that captures all messages written to it. This
can be useful when, for instance, testing AXFR which can write muliple
messages back to the client.
* docs
Default to empty DOCKER var so you wont accidently push to the
production dockerhub. But allow to be overriden to you can push
to your registry. This allows you to re-use the CoreDNS makefiles for
your internal CI/CD.
Hacked Makefile with echos:
make DOCKER=bla -f Makefile.release docker-push
Pushing: 1.0.1
for arch in amd64 arm arm64 ppc64le s390x; do \
echo docker push bla/coredns:coredns-$arch ;\
done
docker push bla/coredns:coredns-amd64
docker push bla/coredns:coredns-arm
docker push bla/coredns:coredns-arm64
docker push bla/coredns:coredns-ppc64le
docker push bla/coredns:coredns-s390x
echo manifest-tool push from-args --platforms linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x --template bla/coredns:coredns-ARCH --target bla/coredns:1.0.1
manifest-tool push from-args --platforms linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x --template bla/coredns:coredns-ARCH --target bla/coredns:1.0.1
echo manifest-tool push from-args --platforms linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x --template bla/coredns:coredns-ARCH --target bla/coredns:latest
manifest-tool push from-args --platforms linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x --template bla/coredns:coredns-ARCH --target bla/coredns:latest
