Factor out as much of autopath into a subpackage as possible right now.
apw.Sent is not needed, we should see this from the rcode returned by
the middleware. See #852 on why this was needed.
Disable the tests for now as to not break the main build.
* Core: convert IP addresses to reverse zone
If we see IP/mask syntax and the mask mod 8 == 0 we assume a reverse
zone and convert to in-addr or .arpa.
* typos
* integration test
* Addr is not used
* core: clean up normalize
Create a SplitHostPort function that can be used both from normalize.go
and address.go. This removes some (not all!) duplication between the
both and makes it work with reverse address notations.
* More tests
Put the autopath stuff in a separate sub package. Tests are still
included in the main kubernetes directory.
Next steps (after this is merged), is pulling the autopath handling
into the subpackage and fixing the tests.
Add the DNS message response flags as {rflags} to the default logging
Also complete the replacer testing that is was commented out.
And (unrelated) Switch erratic and whoami to ease testing.
Note: {flags} could and should be added as well - but we can leave that
as a beginners bug.
Use the same OnStartup setup as in the file middleware. We need to copy
the variable from range, otherwise it gets overwriten in the next loop
because of the async goroutine call.
Hard to test, we have secondary_test.go which we could extend with
multiple zones for instance. For now this fix does not have an test case
with it...
Define two consts Pod and Svc, makes it stand out a little more
when used in switches in case.
We have opted for a new type, but then you need to convert them
all the time with string(Foo).
* Treat absence of port/service in SRV as wildcard
Normally, a SRV-request should have the form
_<service>._<port>.<name>.<zone>. The k8s peer-finder which is used for
bootstrapping by some applications will however query for SRV at
<name>.<zone>.
To compensate for this behaviour, treat the absence of _<service> and
_<port> as wildcards.
* Modified tests with new SRV behaviour
Added a testcase for a SRV request without port & service
Removed now valid query from invalidSRVQueries
* Forgot to run gofmt on test/kubernetes_test.go
Drop the interfaceAddr interfaces and just use a function. Cleanup
all fallout from that. Remove the use of global variables and cleanup
the tests a bit.
Don't hold on to the *first* wildcard you'll find, but keep searching,
there may be one even deeper in the tree.
Also add multi level wildcard test
Fixes#776
* hosts middleware should return NoError if other records exist in the zone
* return RcodeSuccess for hosts queries for non A,AAAA records if the zone exists
* return NXDOMAIN instead of REFUSED when zone is not found
* Add unit tests & cnames
* more progress
* fix
* next mw dependent unit tests
* add tests for OnNXDOMAIN
* Add AAAA and ndots unit tests; fix request.NewWithQuestion
* Correct default value in README
* add CNAMEs to readme
* review
* fix autopath examples
* fix and test CNAME response order
* add wildcard parameter to allow resolving multiple name to the same IP
* first test for the reverse wildcard middleware
* update wildcard keyword test to pass code coverage
* rewrite readme
* remove breaks
* missed a break
* nits
* show options as optional
* add note to pods insecure
* add minimal configuration example.
* add a note about replacing kube-dns in the summary
* move deployment section into summary.
* Update README.md
* replace options sections with bullets
and indent all sub sections to match bullet indentation.
not sure if this will render in github properly - it doesn't in the in-line editor preview.
* fix indentation
Contrary to various on-line guides and editors, github now requires 2 spaces to indent paragraphs with bulleted sections above (not just 1).
* Update README.md
* Update README.md
* Update README.md
* fix label syntax
It's just a single EXPRESSION. The EXPRESSION itself has its own kubernetes label expression format.
* Update README.md
* Update README.md
* Switches out Unhealthy bool for OkUntil timestamp
* Make sure servers are healthy forever if there are no health checks
* Moves health check off into a go routine to avoid blocking conditions
* Improved logging info
* Fixes initial date
* Fixes health checking; alters tests to adapt to async health checking
* Moves future variable into static upstream and populates it in more places
* Restores silencing of stdout during testing
* Restores silencing of stdout during testing
* keeps check url string once built
* Removes debug message
* uses zero value to signal no checking; reduces in-mutex code to a fetch
While adding a parallel performance benchmark I stumbled on a race
condition (another reason to add performance benchmarks!), so this
PR makes sure the msg is created in a race free manor and adds the
parallel benchmark.
Fix transferring the zone from a master and the matching of notifies
to source and dst IP addresses.
Add `upstream` keyword as well, because it is needed for the same
reasons as in the *file* middlware.
Add some dire warning about upstream in the readme of both middlewares.
Out of band testing, hidden by net build tag was added. Integration
testing still needs to be setup.
Cant' transfer zone from masters without populating `f`.
This error prevents secondary zones recognized as "true" secondary, so secondary setting never worked.
* cleanup: go vet and golint run
Various cleanups trickered by go vet and golint.
* Fix tests and lowercase all errors
Lowercase all errors, some tests in kubernetes use errors from
kubernetes which do start with a capital letter.
* middleware/debug: add
Add a debug "middleware" that disables the recover() and just lets
CoreDNS crash; very useful for testing.
Fixes ##563
* fix test
* Feedback: check the value of Debug
* cache: add sharded cache implementation
Add Cache impl and a few tests. This cache is 256-way sharded, mainly
so each shard has it's own lock. The main cache structure is a readonly
jump plane into the right shard.
This should remove the single lock contention on the main lock and
provide more concurrent throughput - Obviously this hasn't been tested
or measured.
The key into the cache was made a uint32 (hash.fnv) and the hashing op
is not using strings.ToLower anymore remove any GC in that code path.
* here too
* Minimum shard size
* typos
* blurp
* small cleanups no defer
* typo
* Add freq based on Johns idea
* cherry-pick conflict resolv
* typo
* update from early code review from john
* add prefetch to the cache
* mw/cache: add prefetch
* remove println
* remove comment
* Fix tests
* Test prefetch in setup
* Add start of cache
* try add diff cache options
* Add hacky testcase
* not needed
* allow the use of a percentage for prefetch
If the TTL falls below xx% do a prefetch, if the record was popular.
Some other fixes and correctly prefetch only popular records.
* add hosts middleware
* forgot pointer receiver
* add appropriately modified hostsfile tests from golang repo
* remove test artifacts, separate hostsfile parsing from caching and opening, remove unused metrics references, move middleware up the chain
* refactored the logic for creating records and filtering ip address versions. also got PTR lookups working
* Add README.md. Modify config to be more concise. Add zones list to config. Filter PTR responses based on zones list.
* add Fallthrough and return correct dns response code otherwise
* Simplified Hostsfile to only store hosts in the zones we care about, and by ip version. Added handler tests and improved other tests.
* oops, goimports loaded a package from a different repo
* middleware/file: don't reload zone when SOA isn't changed
Give Parse an extra argument which is the SOA's serial, if > 0 we check
against the just parsed SOA and then just return.
Most notable use is in reload.go which is both used in the file and auto
middleware.
Fixes#415
* PR comments
Singleinflight interferes with the health checking of upstream. If an
upstream would fail, singleinflight would mirror that error to to other
proxy *iff* multple identical queries would be inflight. This would lead
to marking *all* upstreams as bad, essentially collapsing multiple
upstreams into a SPOF. Clearly not what we want.
Singleinflight does have some nice properties, but I've opted to rip it
out entirely. Caching should almost (but not quite) as good.
Added a test case in test that uses 3 CoreDNS instances to reflect the
setup from #715.
Found another bug as well, where (when the policy would be nil), we
would always Spray even though we've found a healthy host.
* middleware/file: add DNSSEC support
Add tests for DNSSEC and check if everything is working.
* add signatures
* tweak
* Add DNSSEC signing tests for DNAME
* Just sign it all
When CoreDNS starts up and can't get a zone transfer going the Apex is
empty. This `nil` is then transformed into wireformat, which fails with
a nil pointer dereference in Go DNS.
In this case we should just return SERVFAIL, because we don't have any
info (yet). Note the lookup code returned NXDOMAIN, which is correct
from a lookup standpoint, but also invalidates every name in the future
loaded zone.
Anyway, look for an apex before doing the lookup and return SERVFAIL if
nothing is found.
Fixes#679
Limit the options in both errors and log middleware, just output to
stdout and let someone else (journald,docker) care about where to route
the logs. This removes syslog and logging to a file.
Fixes#573#602
* Add external service cnames
* remove cruft
* update CI k8s version
* change CI k8s version
* min k8s ver for ext services
* trying k8s 1.5
* k8s 1.5 requires ports spec
* remove kruft
* update dns schema version
* Test DNAME handling
If the DNAME itself matches the QTYPE, and the owner name matches QNAME,
the relevant DNAME RR should be included in the answer section.
Other parts of RFC 6672 are not implemented yet and hence left untested.
* Implement the DNAME substitution
As specified in RFC 6672, a DNAME substitution is performed by replacing
the suffix labels of the name being sought matching the owner name of
the DNAME resource record with the string of labels in the RDATA field.
The matching labels end with the root label in all cases. Only whole
labels are replaced.
* Handle DNAME redirection
A CNAME RR is created on-the-fly for the DNAME redirection. Be aware
that we do not have all the edge cases covered yet.
* Test DNAME owner name matching the QNAME
A DNAME RR redirects DNS names subordinate to its owner name; the owner
name of a DNAME is NOT redirected itself.
* Ignore names next to and below a DNAME record
According to RFC 6672, resource records MUST NOT exist at any subdomain
of the owner of a DNAME RR. When loading a zone, those names below the
DNAME RR will be quietly ignored.
* Streamline DNAME processing
Instead of checking DNAMEs during lookup, we use a preloaded list of
DNAME RRs to streamline the process without any runtime performance
penalty:
* When loading the zone, keep a record of any DNAME RRs.
* If there aren't any DNAMEs in the zone, just do the lookup as usual.
* Only when the zone has one or more DNAME records, we look for the
matching DNAME and ignore confronting subdomain(s) in the process.
* Make it easier to trace back through test errors
* Make DNAME handling part of lookup routine
DNAME processing is invoked only if the zone has at least one DNAME RR.
* Put DNAME resolution inside the searching of a hit
We can drop some of the other ideas; we don't need to track if we
have DNAMEs in the zone it just follows naturally from the current
lookup code.
See also: #664
* commit for testing in cluster
* commit for testing in cluster
* refactor and add ns.dns record
* Release 007
* reduce heap allocations
* gofmt
* revert accidental Makefile commits
* restore prior rcode for disabled pod mode
* revert Makefile deltas
* add unit tests
* more unit tests
* make isRequestInReverseRange easier to test
* more unit tests
* addressing review feedback
* commit setup.go
* middleware/chaos: fix version
Move the version setting into a init function so it is done early. Then
tweak the setup code for chaos a bit to correctly pick this version up.
Add an integration test to pick this up in the toplevel test/ directory.
Fixes#667
* Update tests
* middleware/file: correctly parse the stanza
Parsing the file stanza would give precedence to 'transfer' and ignore
other bits if it wasn't specified.
This change fixes the parsing. The actually external CNAME retrieval is
working fine (once the upstream is correctly parsed).
This wasn't caught in tests, because we lack a parsing test for this.
Fixes#657
* Add tests
Check message for expired sig and don't cache those.
Aside: This hack of caching entire messages is probably something we
should stop doing at some point in the future and do this on a per RRset
basis.
Fixes#367#635
* Revert "middleware/proxy: Make Unhealthy a pointer (#615)"
This reverts commit acbf522ceb.
* middleware/proxy: add proper locking
This add the proper locking around `Unhealthy`.
This method parses the Host field in the service. It returns 1 or 3
things 1) it is a host 2) an IPv4 address or an 3) IPv6 address.
This simplifies some code a bit and allows for 1 way of parsing the Host
field.
This *only* parse the Host field, Mail and/or Text values should be
checked separately.
We reuse the dns.TypeXXX values for this as to not invent anything new.
* Add fallthrough support for Kubernetes
This enables registering other services in the same zone as
Kubernetes services. This also re-orders the middleware chain
so that Kubernetes comes before other types, in order to make
this work out-of-the-box.
* Remove extra line
* Implements tracing in the native gRPC server
* Undo some unnecessary changes
* Properly revert trace/setup.go this time
* Some very very basic tests
* Remove warning for non-Trace middleware
Pointer updates are atomic so drop the sync.RWMutex as it is not needed
anymore. This also fixes the race introduced with dfc71df (although I
believe this is the first time we properly tested that code path).
There was no inherent reason *not* to allow multiple listeners for the
monitoring data. Actually enforcing only one listener lead to more code
then just allowing multiple. It's probably not what you want; but
CoreDNS is happy to oblige.
