plugin/grpc_server/README.md

# grpc_server

## Name

*grpc_server* - configures DNS-over-gRPC server options.

## Description

The *grpc_server* plugin allows you to configure parameters for the DNS-over-gRPC server to fine-tune the security posture and performance of the server.

This plugin can only be used once per gRPC listener block.

## Syntax

```txt
grpc_server {
    max_streams POSITIVE_INTEGER
    max_connections POSITIVE_INTEGER
}
```

* `max_streams` limits the number of concurrent gRPC streams per connection. This helps prevent unbounded streams on a single connection, exhausting server resources. The default value is 256 if not specified. Set to 0 for unbounded.
* `max_connections` limits the number of concurrent TCP connections to the gRPC server. The default value is 200 if not specified. Set to 0 for unbounded.

## Examples

Set custom limits for maximum streams and connections:

```
grpc://.:8053 {
    tls cert.pem key.pem
    grpc_server {
        max_streams 50
        max_connections 100
    }
    whoami
}
```

Set values to 0 for unbounded, matching CoreDNS behaviour before v1.14.0:

```
grpc://.:8053 {
    tls cert.pem key.pem
    grpc_server {
        max_streams 0
        max_connections 0
    }
    whoami
}
```
Merge commit from fork Add configurable resource limits to prevent potential DoS vectors via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers. New configuration plugins: - grpc_server: configure max_streams, max_connections - https: configure max_connections - https3: configure max_streams Changes: - Use netutil.LimitListener for connection limiting - Use gRPC MaxConcurrentStreams and message size limits - Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting - Set secure defaults: 256 max streams, 200 max connections - Setting any limit to 0 means unbounded/fallback to previous impl Defaults are applied automatically when plugins are omitted from config. Includes tests and integration tests. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi> 2025-12-18 05:08:59 +02:00			`# grpc_server`

			`## Name`

			`grpc_server - configures DNS-over-gRPC server options.`

			`## Description`

			`The grpc_server plugin allows you to configure parameters for the DNS-over-gRPC server to fine-tune the security posture and performance of the server.`

			`This plugin can only be used once per gRPC listener block.`

			`## Syntax`

			```txt
			`grpc_server {`
			`max_streams POSITIVE_INTEGER`
			`max_connections POSITIVE_INTEGER`
			`}`
			```

			* `max_streams` limits the number of concurrent gRPC streams per connection. This helps prevent unbounded streams on a single connection, exhausting server resources. The default value is 256 if not specified. Set to 0 for unbounded.
			* `max_connections` limits the number of concurrent TCP connections to the gRPC server. The default value is 200 if not specified. Set to 0 for unbounded.

			`## Examples`

			`Set custom limits for maximum streams and connections:`

			```
			`grpc://.:8053 {`
			`tls cert.pem key.pem`
			`grpc_server {`
			`max_streams 50`
			`max_connections 100`
			`}`
			`whoami`
			`}`
			```

			`Set values to 0 for unbounded, matching CoreDNS behaviour before v1.14.0:`

			```
			`grpc://.:8053 {`
			`tls cert.pem key.pem`
			`grpc_server {`
			`max_streams 0`
			`max_connections 0`
			`}`
			`whoami`
			`}`
			```