Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-11-03 18:53:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
16d489851e47dc3902d17d0eff9b8ba9f3bc70cc
coredns/plugin/cache/item.go

135 lines
3.3 KiB
Go
Raw Normal View History

Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
package cache
import (
"time"
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
"github.com/coredns/coredns/plugin/cache/freq"
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
"github.com/miekg/dns"
)
type item struct {
middleware/caching (#360) Add the rcode to the cached item and use this when we synthesize the answer again. We could also infer the rcode from the reassembled message, but this seems easier and is only an integer. Also set the autoritative bit to 0 for all from-cache answers. Fixes 357
2016-10-28 07:50:16 +01:00
Rcode int
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
AuthenticatedData bool
RecursionAvailable bool
Answer []dns.RR
Ns []dns.RR
Extra []dns.RR
Golint2 (#280) * Fix linter errors * More linting fixes * More docs and making members private that dont need to be public * Fix linter errors * More linting fixes * More docs and making members private that dont need to be public * More lint fixes This leaves: ~~~ middleware/kubernetes/nametemplate/nametemplate.go:64:6: exported type NameTemplate should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:71:1: exported method NameTemplate.SetTemplate should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:108:1: exported method NameTemplate.GetZoneFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:116:1: exported method NameTemplate.GetNamespaceFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:120:1: exported method NameTemplate.GetServiceFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:124:1: exported method NameTemplate.GetTypeFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:135:1: exported method NameTemplate.GetSymbolFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:167:1: exported method NameTemplate.IsValid should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:182:6: exported type NameValues should have comment or be unexported middleware/kubernetes/util/util.go:1:1: package comment should be of the form "Package util ..." middleware/kubernetes/util/util.go:27:2: exported const WildcardStar should have comment (or a comment on this block) or be unexported middleware/proxy/lookup.go:66:1: exported method Proxy.Forward should have comment or be unexported middleware/proxy/proxy.go:24:6: exported type Client should have comment or be unexported middleware/proxy/proxy.go:107:1: exported function Clients should have comment or be unexported middleware/proxy/reverseproxy.go:10:6: exported type ReverseProxy should have comment or be unexported middleware/proxy/reverseproxy.go:16:1: exported method ReverseProxy.ServeDNS should have comment or be unexported middleware/proxy/upstream.go:42:6: exported type Options should have comment or be unexported ~~~ I plan on reworking the proxy anyway, so I'll leave that be.
2016-09-23 09:14:12 +01:00
origTTL uint32
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
stored time.Time
New cache implementation and prefetch handing in mw/cache (#731) * cache: add sharded cache implementation Add Cache impl and a few tests. This cache is 256-way sharded, mainly so each shard has it's own lock. The main cache structure is a readonly jump plane into the right shard. This should remove the single lock contention on the main lock and provide more concurrent throughput - Obviously this hasn't been tested or measured. The key into the cache was made a uint32 (hash.fnv) and the hashing op is not using strings.ToLower anymore remove any GC in that code path. * here too * Minimum shard size * typos * blurp * small cleanups no defer * typo * Add freq based on Johns idea * cherry-pick conflict resolv * typo * update from early code review from john * add prefetch to the cache * mw/cache: add prefetch * remove println * remove comment * Fix tests * Test prefetch in setup * Add start of cache * try add diff cache options * Add hacky testcase * not needed * allow the use of a percentage for prefetch If the TTL falls below xx% do a prefetch, if the record was popular. Some other fixes and correctly prefetch only popular records.
2017-06-13 12:39:10 -07:00
*freq.Freq
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
}
plugin/cache: Fix prefetching issues (#1363) * Improve plugin/cache metrics * Add coredns_cache_prefetch_total metric to track number of prefetches. * Remove unnecessary Cache.get() call which would incorrectly increment cache counters. * Initialize all counters and gauges at zero. * Allow prefetching of a single request per ttl The original implementation didn't allow prefetching queries which are only requested once during the duration of a TTL. The minimum amount of queries which had to be seen was therefore capped at 2. This change also implements a real prefetch test. The existing test was a noop and always passed regardless of any prefetch implementation. * Fix prefetching for items with a short TTL The default prefetch threshold (percentage) is 10% of the lifetime of a cache item. With the previous implementation, this disabled prefetching for all items with a TTL < 10s (the resulting percentage would be 0, at which point a cached item is already discarded). This change uses a time based threshold calculation and ensures that a prefetch is triggered at a TTL of 1 at the latest. * Fix wrong duration reporting of cached responses The logging and metrics plugins (among others) included the duration of a cache prefetch in the request latency of client request. This change fixes this wrong reporting and executes the prefetch request in a goroutine in the background.
2018-01-17 08:35:22 +01:00
func newItem(m *dns.Msg, now time.Time, d time.Duration) *item {
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
i := new(item)
middleware/caching (#360) Add the rcode to the cached item and use this when we synthesize the answer again. We could also infer the rcode from the reassembled message, but this seems easier and is only an integer. Also set the autoritative bit to 0 for all from-cache answers. Fixes 357
2016-10-28 07:50:16 +01:00
i.Rcode = m.Rcode
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
i.AuthenticatedData = m.AuthenticatedData
i.RecursionAvailable = m.RecursionAvailable
i.Answer = m.Answer
i.Ns = m.Ns
i.Extra = make([]dns.RR, len(m.Extra))
plugin/cache: don't recheck the OPT records (#1772) These are not stored with newItem so we don't have to check them later.
2018-05-08 18:36:08 +01:00
// Don't copy OPT records as these are hop-by-hop.
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
j := 0
for _, e := range m.Extra {
if e.Header().Rrtype == dns.TypeOPT {
continue
}
i.Extra[j] = e
j++
}
i.Extra = i.Extra[:j]
Golint2 (#280) * Fix linter errors * More linting fixes * More docs and making members private that dont need to be public * Fix linter errors * More linting fixes * More docs and making members private that dont need to be public * More lint fixes This leaves: ~~~ middleware/kubernetes/nametemplate/nametemplate.go:64:6: exported type NameTemplate should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:71:1: exported method NameTemplate.SetTemplate should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:108:1: exported method NameTemplate.GetZoneFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:116:1: exported method NameTemplate.GetNamespaceFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:120:1: exported method NameTemplate.GetServiceFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:124:1: exported method NameTemplate.GetTypeFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:135:1: exported method NameTemplate.GetSymbolFromSegmentArray should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:167:1: exported method NameTemplate.IsValid should have comment or be unexported middleware/kubernetes/nametemplate/nametemplate.go:182:6: exported type NameValues should have comment or be unexported middleware/kubernetes/util/util.go:1:1: package comment should be of the form "Package util ..." middleware/kubernetes/util/util.go:27:2: exported const WildcardStar should have comment (or a comment on this block) or be unexported middleware/proxy/lookup.go:66:1: exported method Proxy.Forward should have comment or be unexported middleware/proxy/proxy.go:24:6: exported type Client should have comment or be unexported middleware/proxy/proxy.go:107:1: exported function Clients should have comment or be unexported middleware/proxy/reverseproxy.go:10:6: exported type ReverseProxy should have comment or be unexported middleware/proxy/reverseproxy.go:16:1: exported method ReverseProxy.ServeDNS should have comment or be unexported middleware/proxy/upstream.go:42:6: exported type Options should have comment or be unexported ~~~ I plan on reworking the proxy anyway, so I'll leave that be.
2016-09-23 09:14:12 +01:00
i.origTTL = uint32(d.Seconds())
plugin/cache: Fix prefetching issues (#1363) * Improve plugin/cache metrics * Add coredns_cache_prefetch_total metric to track number of prefetches. * Remove unnecessary Cache.get() call which would incorrectly increment cache counters. * Initialize all counters and gauges at zero. * Allow prefetching of a single request per ttl The original implementation didn't allow prefetching queries which are only requested once during the duration of a TTL. The minimum amount of queries which had to be seen was therefore capped at 2. This change also implements a real prefetch test. The existing test was a noop and always passed regardless of any prefetch implementation. * Fix prefetching for items with a short TTL The default prefetch threshold (percentage) is 10% of the lifetime of a cache item. With the previous implementation, this disabled prefetching for all items with a TTL < 10s (the resulting percentage would be 0, at which point a cached item is already discarded). This change uses a time based threshold calculation and ensures that a prefetch is triggered at a TTL of 1 at the latest. * Fix wrong duration reporting of cached responses The logging and metrics plugins (among others) included the duration of a cache prefetch in the request latency of client request. This change fixes this wrong reporting and executes the prefetch request in a goroutine in the background.
2018-01-17 08:35:22 +01:00
i.stored = now.UTC()
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
New cache implementation and prefetch handing in mw/cache (#731) * cache: add sharded cache implementation Add Cache impl and a few tests. This cache is 256-way sharded, mainly so each shard has it's own lock. The main cache structure is a readonly jump plane into the right shard. This should remove the single lock contention on the main lock and provide more concurrent throughput - Obviously this hasn't been tested or measured. The key into the cache was made a uint32 (hash.fnv) and the hashing op is not using strings.ToLower anymore remove any GC in that code path. * here too * Minimum shard size * typos * blurp * small cleanups no defer * typo * Add freq based on Johns idea * cherry-pick conflict resolv * typo * update from early code review from john * add prefetch to the cache * mw/cache: add prefetch * remove println * remove comment * Fix tests * Test prefetch in setup * Add start of cache * try add diff cache options * Add hacky testcase * not needed * allow the use of a percentage for prefetch If the TTL falls below xx% do a prefetch, if the record was popular. Some other fixes and correctly prefetch only popular records.
2017-06-13 12:39:10 -07:00
i.Freq = new(freq.Freq)
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
return i
}
New cache implementation and prefetch handing in mw/cache (#731) * cache: add sharded cache implementation Add Cache impl and a few tests. This cache is 256-way sharded, mainly so each shard has it's own lock. The main cache structure is a readonly jump plane into the right shard. This should remove the single lock contention on the main lock and provide more concurrent throughput - Obviously this hasn't been tested or measured. The key into the cache was made a uint32 (hash.fnv) and the hashing op is not using strings.ToLower anymore remove any GC in that code path. * here too * Minimum shard size * typos * blurp * small cleanups no defer * typo * Add freq based on Johns idea * cherry-pick conflict resolv * typo * update from early code review from john * add prefetch to the cache * mw/cache: add prefetch * remove println * remove comment * Fix tests * Test prefetch in setup * Add start of cache * try add diff cache options * Add hacky testcase * not needed * allow the use of a percentage for prefetch If the TTL falls below xx% do a prefetch, if the record was popular. Some other fixes and correctly prefetch only popular records.
2017-06-13 12:39:10 -07:00
// toMsg turns i into a message, it tailors the reply to m.
plugin/cache: update comment to conform to the implementation (#3573) Signed-off-by: zheng xie <xiez1989@gmail.com>
2020-01-03 21:26:53 +08:00
// The Authoritative bit should be set to 0, but some client stub resolver implementations, most notably,
// on some legacy systems(e.g. ubuntu 14.04 with glib version 2.20), low-level glibc function `getaddrinfo`
// useb by Python/Ruby/etc.. will discard answers that do not have this bit set.
// So we're forced to always set this to 1; regardless if the answer came from the cache or not.
// On newer systems(e.g. ubuntu 16.04 with glib version 2.23), this issue is resolved.
// So we may set this bit back to 0 in the future ?
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
func (i *item) toMsg(m *dns.Msg, now time.Time, do bool) *dns.Msg {
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
m1 := new(dns.Msg)
m1.SetReply(m)
middleware/caching (#360) Add the rcode to the cached item and use this when we synthesize the answer again. We could also infer the rcode from the reassembled message, but this seems easier and is only an integer. Also set the autoritative bit to 0 for all from-cache answers. Fixes 357
2016-10-28 07:50:16 +01:00
fix mis-spelling in item.go (#3156)
2019-08-19 21:36:59 +08:00
// Set this to true as some DNS clients discard the *entire* packet when it's non-authoritative.
plugin/cache: remove item.Autoritative (#2885) * plugin/cache: remove item.Autoritative Confuses clients if not set; remove it. Signed-off-by: Miek Gieben <miek@miek.nl> * Add extra comments on why we do this Signed-off-by: Miek Gieben <miek@miek.nl>
2019-06-13 10:36:47 +01:00
// This is probably not according to spec, but the bit itself is not super useful as this point, so
// just set it to true.
m1.Authoritative = true
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
m1.AuthenticatedData = i.AuthenticatedData
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
if !do {
m1.AuthenticatedData = false // when DNSSEC was not wanted, it can't be authenticated data.
}
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
m1.RecursionAvailable = i.RecursionAvailable
middleware/caching (#360) Add the rcode to the cached item and use this when we synthesize the answer again. We could also infer the rcode from the reassembled message, but this seems easier and is only an integer. Also set the autoritative bit to 0 for all from-cache answers. Fixes 357
2016-10-28 07:50:16 +01:00
m1.Rcode = i.Rcode
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
middleware/cache: fix race (#757) While adding a parallel performance benchmark I stumbled on a race condition (another reason to add performance benchmarks!), so this PR makes sure the msg is created in a race free manor and adds the parallel benchmark.
2017-06-26 07:44:25 -07:00
m1.Answer = make([]dns.RR, len(i.Answer))
m1.Ns = make([]dns.RR, len(i.Ns))
m1.Extra = make([]dns.RR, len(i.Extra))
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
plugin/cache: Fix prefetching issues (#1363) * Improve plugin/cache metrics * Add coredns_cache_prefetch_total metric to track number of prefetches. * Remove unnecessary Cache.get() call which would incorrectly increment cache counters. * Initialize all counters and gauges at zero. * Allow prefetching of a single request per ttl The original implementation didn't allow prefetching queries which are only requested once during the duration of a TTL. The minimum amount of queries which had to be seen was therefore capped at 2. This change also implements a real prefetch test. The existing test was a noop and always passed regardless of any prefetch implementation. * Fix prefetching for items with a short TTL The default prefetch threshold (percentage) is 10% of the lifetime of a cache item. With the previous implementation, this disabled prefetching for all items with a TTL < 10s (the resulting percentage would be 0, at which point a cached item is already discarded). This change uses a time based threshold calculation and ensures that a prefetch is triggered at a TTL of 1 at the latest. * Fix wrong duration reporting of cached responses The logging and metrics plugins (among others) included the duration of a cache prefetch in the request latency of client request. This change fixes this wrong reporting and executes the prefetch request in a goroutine in the background.
2018-01-17 08:35:22 +01:00
ttl := uint32(i.ttl(now))
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
j := 0
for _, r := range i.Answer {
if !do && isDNSSEC(r) {
continue
}
middleware/cache: fix race (#757) While adding a parallel performance benchmark I stumbled on a race condition (another reason to add performance benchmarks!), so this PR makes sure the msg is created in a race free manor and adds the parallel benchmark.
2017-06-26 07:44:25 -07:00
m1.Answer[j] = dns.Copy(r)
m1.Answer[j].Header().Ttl = ttl
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
j++
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
}
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
m1.Answer = m1.Answer[:j]
j = 0
for _, r := range i.Ns {
if !do && isDNSSEC(r) {
continue
}
middleware/cache: fix race (#757) While adding a parallel performance benchmark I stumbled on a race condition (another reason to add performance benchmarks!), so this PR makes sure the msg is created in a race free manor and adds the parallel benchmark.
2017-06-26 07:44:25 -07:00
m1.Ns[j] = dns.Copy(r)
m1.Ns[j].Header().Ttl = ttl
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
j++
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
}
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
m1.Ns = m1.Ns[:j]
plugin/cache: don't recheck the OPT records (#1772) These are not stored with newItem so we don't have to check them later.
2018-05-08 18:36:08 +01:00
// newItem skips OPT records, so we can just use i.Extra as is.
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
j = 0
for _, r := range i.Extra {
if !do && isDNSSEC(r) {
continue
}
middleware/cache: fix race (#757) While adding a parallel performance benchmark I stumbled on a race condition (another reason to add performance benchmarks!), so this PR makes sure the msg is created in a race free manor and adds the parallel benchmark.
2017-06-26 07:44:25 -07:00
m1.Extra[j] = dns.Copy(r)
plugin/cache: don't recheck the OPT records (#1772) These are not stored with newItem so we don't have to check them later.
2018-05-08 18:36:08 +01:00
m1.Extra[j].Header().Ttl = ttl
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
j++
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
}
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
m1.Extra = m1.Extra[:j]
middleware/cache: fix race (#757) While adding a parallel performance benchmark I stumbled on a race condition (another reason to add performance benchmarks!), so this PR makes sure the msg is created in a race free manor and adds the parallel benchmark.
2017-06-26 07:44:25 -07:00
return m1
}
func (i *item) ttl(now time.Time) int {
ttl := int(i.origTTL) - int(now.UTC().Sub(i.stored).Seconds())
return ttl
Cache (#126) * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compress and scrubbed so it will fit the specific client asking for it. * first simple test, less exporting of stuff * more * Add middleware/cache Add a caching middleware that caches nxdomain, nodata and successful responses. It differentiates between DNSSEC on normal DNS replies. Each reply is compressed and scrubbed so it will fit the specific client asking for it. The TTL is decremented with the time spend in the cache. There is syntax that allows you to cap the TTL for all records, no matter what. This allows for a shortlived cache, just to absorb query peaks. +Tests * cache test infrastructure * Testing
2016-04-19 11:13:24 +01:00
}
cache: default to DNSSEC (#4085) * cache: default to DNSSEC This change does away with the DNS/DNSSEC distinction the cache currently makes. Cache will always make coredns perform a DNSSEC query and store that result. If a client just needs plain DNS, the DNSSEC records are stripped from the response. It should also be more memory efficient, because we store a reply once and not one DNS and another for DNSSEC. Fixes: #3836 Signed-off-by: Miek Gieben <miek@miek.nl> * Change OPT RR when one is present in the msg. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Update plugin/cache/item.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> * Code review; fix comment for isDNSSEC Signed-off-by: Miek Gieben <miek@miek.nl> * Update doc and set AD to false Set Authenticated Data to false when DNSSEC was not wanted. Also update the readme with the new behavior. Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/cache/handler.go Co-authored-by: Chris O'Haver <cohaver@infoblox.com> Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
2020-09-17 16:28:43 +02:00
// isDNSSEC returns true if r is a DNSSEC record. NSEC,NSEC3,DS and RRSIG/SIG
// are DNSSEC records. DNSKEYs is not in this list on the assumption that the
// client explictly asked for it.
func isDNSSEC(r dns.RR) bool {
switch r.Header().Rrtype {
case dns.TypeNSEC:
return true
case dns.TypeNSEC3:
return true
case dns.TypeDS:
return true
case dns.TypeRRSIG:
return true
case dns.TypeSIG:
return true
}
return false
}
Reference in New Issue Copy Permalink