Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-27 08:14:18 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
6d8a078704567821513e8ccab29fdc5baee809f7
coredns/plugin/proxy/proxy.go

184 lines
5.2 KiB
Go
Raw Normal View History

Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
// Package proxy is plugin that proxies requests.
First commit
2016-03-18 20:57:35 +00:00
package proxy
import (
all: fix plugin import ordering (#1717) Got a bit messed up with stb lib "context" usage.
2018-04-22 08:34:35 +01:00
"context"
First commit
2016-03-18 20:57:35 +00:00
"errors"
mw/proxy: simplify google code (#1019) * mw/proxy: simplify google code Minimize bootstrap code a bit, and block on the first resolve of the google https endpont. Add more logging and include actual error in the returned errors. Also re-resolve every 120 seconds, instead of 300 (might eventually make this an option). * fix test
2017-09-02 18:43:52 +02:00
"fmt"
plugin/proxy: decrease health timeouts (#1107) Turn down the timeouts and numbers a bit: FailTimeout 10s -> 5s Future 60s -> 12s TryDuration 60s -> 16s The timeout for decrementing the fails in a host: 10s -> 2s And the biggest change: don't set fails when the error is Timeout(), meaning we loop for a bit and may try the same server again, but we don't mark our upstream as bad, see comments in proxy.go. Testing this with "ANY isc.org" and "MX miek.nl" we see: ~~~ ::1 - [24/Sep/2017:08:06:17 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.001621221s 24/Sep/2017:08:06:17 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:37420->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:17 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 35.957284ms 127.0.0.1 - [24/Sep/2017:08:06:18 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.002051726s 24/Sep/2017:08:06:18 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:54901->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:19 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 56.848416ms 127.0.0.1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 48.118349ms ::1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 1.055172915s ~~~ So the ANY isc.org queries show up twice, because we retry internally - this is I think WAI. The `miek.nl MX` queries are just processed normally as no backend is marked as unreachable. May fix #1035 #486
2017-09-24 20:05:36 +01:00
"net"
First commit
2016-03-18 20:57:35 +00:00
"sync/atomic"
"time"
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
"github.com/coredns/coredns/plugin"
plugin/metrics: add 'server' label (#1682) * plugin/metrics: add 'server' label This uses the new WithServer(ctx) to get the current server from the context. First in a larger refactor to make all plugins do this. * compile * compile * lala test * compile and test * typos * Dont duplicate the code
2018-04-18 09:42:20 +01:00
"github.com/coredns/coredns/plugin/metrics"
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
"github.com/coredns/coredns/plugin/pkg/healthcheck"
Fix import path `github.com/miekg/coredns` -> `github.com/coredns/coredns` (#547) This fix fixes import path from `github.com/miekg/coredns` -> `github.com/coredns/coredns`
2017-02-21 22:51:47 -08:00
"github.com/coredns/coredns/request"
middleware/proxy: multiple enhancements (#145) Add port 53 in the proxy host if not specified. Check if the host is actually an IP address (v4 or v6) Remove the http headers and other TODOs
2016-04-30 15:54:41 +01:00
First commit
2016-03-18 20:57:35 +00:00
"github.com/miekg/dns"
Fix `go fmt`, `go lint`, and `go vet` issues (#494) This fix fixes several `go fmt`, `go lint`, and `go vet` issues, to make goreportcard happy: https://goreportcard.com/report/github.com/miekg/coredns Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-01-29 12:06:26 -08:00
ot "github.com/opentracing/opentracing-go"
First commit
2016-03-18 20:57:35 +00:00
)
middleware/proxy: implement Exchanger (#480) By defining and using an proxy.Exchanger interface we make the proxy more generic and we can then fold back httproxy into proxy. This overrides #463 and #473 and should make futures extensions rather trivial * Add docs that talk about `protocol` and how to set it. * middleware/proxy: rename New to NewLookup It's used as a Lookup mechanism not as a completely new proxy, reflect that in the name. * Set maxfails to 3 by default when looking up names. Most of the changes have been copied from https://github.com/johnbelamaric/coredns/pull/1/files
2017-01-15 08:12:58 +00:00
var (
errUnreachable = errors.New("unreachable backend")
errInvalidProtocol = errors.New("invalid protocol")
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
errInvalidDomain = errors.New("invalid path for proxy")
middleware/proxy: implement Exchanger (#480) By defining and using an proxy.Exchanger interface we make the proxy more generic and we can then fold back httproxy into proxy. This overrides #463 and #473 and should make futures extensions rather trivial * Add docs that talk about `protocol` and how to set it. * middleware/proxy: rename New to NewLookup It's used as a Lookup mechanism not as a completely new proxy, reflect that in the name. * Set maxfails to 3 by default when looking up names. Most of the changes have been copied from https://github.com/johnbelamaric/coredns/pull/1/files
2017-01-15 08:12:58 +00:00
)
First commit
2016-03-18 20:57:35 +00:00
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
// Proxy represents a plugin instance that can proxy requests to another (DNS) server.
First commit
2016-03-18 20:57:35 +00:00
type Proxy struct {
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
Next plugin.Handler
middleware/proxy: absorb httpproxy (#481) * middleware/proxy: absorb httpproxy Move the httproxy into proxy. This adds and Exchanger interface which is used to exchange the messages with the upstream. The https_google upstream will re-resolve itself and update the upstream hosts used every 300s. * Remove and add TODO
2017-02-06 19:32:48 +00:00
// Upstreams is a pointer to a slice, so we can update the upstream (used for Google)
// midway.
Upstreams *[]Upstream
Grpc tracing (#544) * checkpoint * Pass context through ServeDNS, enable gRPC tracing * Fix types and make tracer available to proxy. go fmt * Fix imports * Use the DoNotStartTrace option * Change to SpanFilter from DoNotStartTrace * Use new name (IncludeSpan) * Final names * Add tests; fix possible client/conn leaks in grpc * go fmt
2017-03-01 10:41:54 -05:00
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
// Trace is the Trace plugin, if it is installed
Grpc tracing (#544) * checkpoint * Pass context through ServeDNS, enable gRPC tracing * Fix types and make tracer available to proxy. go fmt * Fix imports * Use the DoNotStartTrace option * Change to SpanFilter from DoNotStartTrace * Use new name (IncludeSpan) * Final names * Add tests; fix possible client/conn leaks in grpc * go fmt
2017-03-01 10:41:54 -05:00
// This is used by the grpc exchanger to trace through the grpc calls
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
Trace plugin.Handler
First commit
2016-03-18 20:57:35 +00:00
}
// Upstream manages a pool of proxy upstream hosts. Select should return a
// suitable upstream host, or nil if no such hosts are available.
type Upstream interface {
// The domain name this upstream host should be routed on.
From() string
// Selects an upstream host to be routed to.
Move Healthcheck to middleware/pkg/healthcheck (#854) * Move healthcheck out Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Move healthcheck to middleware/pkg/healthcheck Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-08-09 09:21:33 -07:00
Select() *healthcheck.UpstreamHost
First commit
2016-03-18 20:57:35 +00:00
// Checks if subpdomain is not an ignored.
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
IsAllowedDomain(string) bool
middleware/proxy: absorb httpproxy (#481) * middleware/proxy: absorb httpproxy Move the httproxy into proxy. This adds and Exchanger interface which is used to exchange the messages with the upstream. The https_google upstream will re-resolve itself and update the upstream hosts used every 300s. * Remove and add TODO
2017-02-06 19:32:48 +00:00
// Exchanger returns the exchanger to be used for this upstream.
Exchanger() Exchanger
middleware/proxy: Kill goroutines on stop (#646) * middleware/proxy: Kill goroutines on stop Ports caddy's https://github.com/mholt/caddy/commit/59bf71c2932c3b814a6a1211c492a1aa9f71d4a1 Excludes the proxy_test.go test part though. Fixes #644 * Add tests
2017-04-26 10:58:14 +01:00
// Stops the upstream from proxying requests to shutdown goroutines cleanly.
Stop() error
First commit
2016-03-18 20:57:35 +00:00
}
// tryDuration is how long to try upstream hosts; failures result in
// immediate retries until this duration ends or we get a nil host.
plugin/proxy: decrease health timeouts (#1107) Turn down the timeouts and numbers a bit: FailTimeout 10s -> 5s Future 60s -> 12s TryDuration 60s -> 16s The timeout for decrementing the fails in a host: 10s -> 2s And the biggest change: don't set fails when the error is Timeout(), meaning we loop for a bit and may try the same server again, but we don't mark our upstream as bad, see comments in proxy.go. Testing this with "ANY isc.org" and "MX miek.nl" we see: ~~~ ::1 - [24/Sep/2017:08:06:17 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.001621221s 24/Sep/2017:08:06:17 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:37420->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:17 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 35.957284ms 127.0.0.1 - [24/Sep/2017:08:06:18 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.002051726s 24/Sep/2017:08:06:18 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:54901->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:19 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 56.848416ms 127.0.0.1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 48.118349ms ::1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 1.055172915s ~~~ So the ANY isc.org queries show up twice, because we retry internally - this is I think WAI. The `miek.nl MX` queries are just processed normally as no backend is marked as unreachable. May fix #1035 #486
2017-09-24 20:05:36 +01:00
var tryDuration = 16 * time.Second
First commit
2016-03-18 20:57:35 +00:00
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
// ServeDNS satisfies the plugin.Handler interface.
Use context.Context Rename the old Context to State and use context.Context in the middleware for intra-middleware communication and more.
2016-03-19 07:18:57 +00:00
func (p Proxy) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
Add tracing option (#487) Adds a middleware to enable tracing with OpenTracing/OpenZipkin. Enabling tracing will have a large impact on performance so it is not advisable in production.
2017-01-23 15:40:47 -05:00
var span, child ot.Span
span = ot.SpanFromContext(ctx)
middleware/proxy: implement Exchanger (#480) By defining and using an proxy.Exchanger interface we make the proxy more generic and we can then fold back httproxy into proxy. This overrides #463 and #473 and should make futures extensions rather trivial * Add docs that talk about `protocol` and how to set it. * middleware/proxy: rename New to NewLookup It's used as a Lookup mechanism not as a completely new proxy, reflect that in the name. * Set maxfails to 3 by default when looking up names. Most of the changes have been copied from https://github.com/johnbelamaric/coredns/pull/1/files
2017-01-15 08:12:58 +00:00
state := request.Request{W: w, Req: r}
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
upstream := p.match(state)
if upstream == nil {
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
return plugin.NextOrFailure(p.Name(), p.Next, ctx, w, r)
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
}
for {
First commit
2016-03-18 20:57:35 +00:00
start := time.Now()
Fix ineffassign (#1959) * Fix ineffassign This fix tries to fix ineffassign, as was reported in: https://goreportcard.com/report/github.com/coredns/coredns#ineffassign Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Update setup.go Revert this one change, so this can be merged.
2018-07-28 17:32:13 +08:00
var reply *dns.Msg
mw/proxy: simplify google code (#1019) * mw/proxy: simplify google code Minimize bootstrap code a bit, and block on the first resolve of the google https endpont. Add more logging and include actual error in the returned errors. Also re-resolve every 120 seconds, instead of 300 (might eventually make this an option). * fix test
2017-09-02 18:43:52 +02:00
var backendErr error
First commit
2016-03-18 20:57:35 +00:00
// Since Select() should give us "up" hosts, keep retrying
// hosts until timeout (or until we get a nil host).
all: gometalinter (#843) * kubernetes/reverse: remove deadcode * deadcode in errors and kubernetes removed * unnecessary conversion * constants * proxy: time.Since() * simplications * static check * Disable test/external_test
2017-08-06 05:54:24 -07:00
for time.Since(start) < tryDuration {
First commit
2016-03-18 20:57:35 +00:00
host := upstream.Select()
if host == nil {
mw/proxy: simplify google code (#1019) * mw/proxy: simplify google code Minimize bootstrap code a bit, and block on the first resolve of the google https endpont. Add more logging and include actual error in the returned errors. Also re-resolve every 120 seconds, instead of 300 (might eventually make this an option). * fix test
2017-09-02 18:43:52 +02:00
return dns.RcodeServerFailure, fmt.Errorf("%s: %s", errUnreachable, "no upstream host")
First commit
2016-03-18 20:57:35 +00:00
}
Add tracing option (#487) Adds a middleware to enable tracing with OpenTracing/OpenZipkin. Enabling tracing will have a large impact on performance so it is not advisable in production.
2017-01-23 15:40:47 -05:00
if span != nil {
child = span.Tracer().StartSpan("exchange", ot.ChildOf(span.Context()))
ctx = ot.ContextWithSpan(ctx, child)
}
First commit
2016-03-18 20:57:35 +00:00
atomic.AddInt64(&host.Conns, 1)
middleware/proxy: make it scale (#287) * middleware/proxy Use connection pooling for communicating with an upstream, instead of opening a new socket every time. This makes the proxy more efficient and allowed for some cleanups. * Some cleanups * Some fixes * more * Kill pool * Add nil check * remove pool
2016-10-08 14:46:22 +01:00
plugin/metrics: add 'server' label (#1682) * plugin/metrics: add 'server' label This uses the new WithServer(ctx) to get the current server from the context. First in a larger refactor to make all plugins do this. * compile * compile * lala test * compile and test * typos * Dont duplicate the code
2018-04-18 09:42:20 +01:00
RequestCount.WithLabelValues(metrics.WithServer(ctx), state.Proto(), upstream.Exchanger().Protocol(), familyToString(state.Family()), host.Name).Add(1)
plugin/proxy: fix metrics (#1137) Add Counter metrics and fix duration to use upstream name (and only use it when we have one). Fix the documentation to reflect this. Fixes #1134
2017-10-08 04:30:44 -07:00
mw/proxy: simplify google code (#1019) * mw/proxy: simplify google code Minimize bootstrap code a bit, and block on the first resolve of the google https endpont. Add more logging and include actual error in the returned errors. Also re-resolve every 120 seconds, instead of 300 (might eventually make this an option). * fix test
2017-09-02 18:43:52 +02:00
reply, backendErr = upstream.Exchanger().Exchange(ctx, host.Name, state)
middleware/proxy: make it scale (#287) * middleware/proxy Use connection pooling for communicating with an upstream, instead of opening a new socket every time. This makes the proxy more efficient and allowed for some cleanups. * Some cleanups * Some fixes * more * Kill pool * Add nil check * remove pool
2016-10-08 14:46:22 +01:00
First commit
2016-03-18 20:57:35 +00:00
atomic.AddInt64(&host.Conns, -1)
middleware/proxy: make it scale (#287) * middleware/proxy Use connection pooling for communicating with an upstream, instead of opening a new socket every time. This makes the proxy more efficient and allowed for some cleanups. * Some cleanups * Some fixes * more * Kill pool * Add nil check * remove pool
2016-10-08 14:46:22 +01:00
Add tracing option (#487) Adds a middleware to enable tracing with OpenTracing/OpenZipkin. Enabling tracing will have a large impact on performance so it is not advisable in production.
2017-01-23 15:40:47 -05:00
if child != nil {
child.Finish()
}
plugin/dnstap: some cleanup (#1172) Some cleanup in proxy and dnstap: * just use time pkg directly and side step the indirection for Epoch * Use Set in SetQueryEpoch to be more Go like. (Looked like a reader) * Don't maintain two sets of time, we already track start, so use that. * Use time.Time and convert when needed * dedent the toDnstap function and put in a separate file
2017-10-25 19:46:41 +01:00
taperr := toDnstap(ctx, host.Name, upstream.Exchanger(), state, reply, start)
middleware/proxy: dnstap (#786) * experimental dnstap support into proxy * proxy reports dnstap errors * refactoring * add a message builder for less dnstap code * msg lint * context * proxy by DNS: dnstap comments * TapBuilder * resolves conflict * dnstap into ServeDNS * testing * more tests * `go lint` * doc update
2017-09-01 12:41:41 +02:00
First commit
2016-03-18 20:57:35 +00:00
if backendErr == nil {
Fix dns-01-003 (#1634) * plugin/{cache,forward,proxy}: don't allow responses that are bogus Responses that are not matching what we've been querying for should be dropped. They are converted into FormErrs by forward and proxy; as a 2nd backstop cache will also not cache these. * plug * add explicit test
2018-03-25 17:11:10 +01:00
// Check if the reply is correct; if not return FormErr.
if !state.Match(reply) {
formerr := state.ErrorMessage(dns.RcodeFormatError)
w.WriteMsg(formerr)
return 0, taperr
}
middleware/proxy: make it scale (#287) * middleware/proxy Use connection pooling for communicating with an upstream, instead of opening a new socket every time. This makes the proxy more efficient and allowed for some cleanups. * Some cleanups * Some fixes * more * Kill pool * Add nil check * remove pool
2016-10-08 14:46:22 +01:00
w.WriteMsg(reply)
middleware/proxy: add request duration monitoring (#362) Add a separate request duration metrics specially for proxying requests upstream. Fixes #259
2016-10-28 12:54:49 +01:00
plugin/metrics: add 'server' label (#1682) * plugin/metrics: add 'server' label This uses the new WithServer(ctx) to get the current server from the context. First in a larger refactor to make all plugins do this. * compile * compile * lala test * compile and test * typos * Dont duplicate the code
2018-04-18 09:42:20 +01:00
RequestDuration.WithLabelValues(metrics.WithServer(ctx), state.Proto(), upstream.Exchanger().Protocol(), familyToString(state.Family()), host.Name).Observe(time.Since(start).Seconds())
middleware/proxy: add request duration monitoring (#362) Add a separate request duration metrics specially for proxying requests upstream. Fixes #259
2016-10-28 12:54:49 +01:00
middleware/proxy: dnstap (#786) * experimental dnstap support into proxy * proxy reports dnstap errors * refactoring * add a message builder for less dnstap code * msg lint * context * proxy by DNS: dnstap comments * TapBuilder * resolves conflict * dnstap into ServeDNS * testing * more tests * `go lint` * doc update
2017-09-01 12:41:41 +02:00
return 0, taperr
First commit
2016-03-18 20:57:35 +00:00
}
middleware/proxy: dnstap (#786) * experimental dnstap support into proxy * proxy reports dnstap errors * refactoring * add a message builder for less dnstap code * msg lint * context * proxy by DNS: dnstap comments * TapBuilder * resolves conflict * dnstap into ServeDNS * testing * more tests * `go lint` * doc update
2017-09-01 12:41:41 +02:00
plugin/proxy: decrease health timeouts (#1107) Turn down the timeouts and numbers a bit: FailTimeout 10s -> 5s Future 60s -> 12s TryDuration 60s -> 16s The timeout for decrementing the fails in a host: 10s -> 2s And the biggest change: don't set fails when the error is Timeout(), meaning we loop for a bit and may try the same server again, but we don't mark our upstream as bad, see comments in proxy.go. Testing this with "ANY isc.org" and "MX miek.nl" we see: ~~~ ::1 - [24/Sep/2017:08:06:17 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.001621221s 24/Sep/2017:08:06:17 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:37420->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:17 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 35.957284ms 127.0.0.1 - [24/Sep/2017:08:06:18 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.002051726s 24/Sep/2017:08:06:18 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:54901->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:19 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 56.848416ms 127.0.0.1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 48.118349ms ::1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 1.055172915s ~~~ So the ANY isc.org queries show up twice, because we retry internally - this is I think WAI. The `miek.nl MX` queries are just processed normally as no backend is marked as unreachable. May fix #1035 #486
2017-09-24 20:05:36 +01:00
// A "ANY isc.org" query is being dropped by ISC's nameserver, we see this as a i/o timeout, but
// would then mark our upstream is being broken. We should not do this if we consider the error temporary.
// Of course it could really be that our upstream is broken
if oe, ok := backendErr.(*net.OpError); ok {
// Note this keeps looping and trying until tryDuration is hit, at which point our client
// might be long gone...
if oe.Timeout() {
Typo fixes (#2031)
2018-08-14 17:55:55 +02:00
// Our upstream's upstream is probably messing up, continue with next selected
plugin/proxy: decrease health timeouts (#1107) Turn down the timeouts and numbers a bit: FailTimeout 10s -> 5s Future 60s -> 12s TryDuration 60s -> 16s The timeout for decrementing the fails in a host: 10s -> 2s And the biggest change: don't set fails when the error is Timeout(), meaning we loop for a bit and may try the same server again, but we don't mark our upstream as bad, see comments in proxy.go. Testing this with "ANY isc.org" and "MX miek.nl" we see: ~~~ ::1 - [24/Sep/2017:08:06:17 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.001621221s 24/Sep/2017:08:06:17 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:37420->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:17 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 35.957284ms 127.0.0.1 - [24/Sep/2017:08:06:18 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.002051726s 24/Sep/2017:08:06:18 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:54901->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:19 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 56.848416ms 127.0.0.1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 48.118349ms ::1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 1.055172915s ~~~ So the ANY isc.org queries show up twice, because we retry internally - this is I think WAI. The `miek.nl MX` queries are just processed normally as no backend is marked as unreachable. May fix #1035 #486
2017-09-24 20:05:36 +01:00
// host - which my be the *same* one as we don't set any uh.Fails.
continue
}
}
First commit
2016-03-18 20:57:35 +00:00
timeout := host.FailTimeout
if timeout == 0 {
plugin/proxy: kick of HC on every 3rd failure (#1110) * healthchecks: check on every 3rd failure Check on every third failure and some cleanups to make this possible. A failed healthcheck will never increase Fails, a successfull healthceck will reset Fails to 0. This is a chance this counter now drops below 0, making the upstream super? healthy. This removes the okUntil smartness and condences everything back to 1 metrics: Fails; so it's simpler in that regard. Timout errors are *not* attributed to the local upstream, and don't get counted into the Fails anymore. Meaning the 'dig any isc.org' won't kill your upstream. Added extra test the see if the Fails counter gets reset after 3 failed connection. There is still a disconnect beween HTTP healthceck working the proxy (or lookup) not being able to connect to the upstream. * Fix tests
2017-10-15 19:38:39 +02:00
timeout = defaultFailTimeout
First commit
2016-03-18 20:57:35 +00:00
}
plugin/proxy: decrease health timeouts (#1107) Turn down the timeouts and numbers a bit: FailTimeout 10s -> 5s Future 60s -> 12s TryDuration 60s -> 16s The timeout for decrementing the fails in a host: 10s -> 2s And the biggest change: don't set fails when the error is Timeout(), meaning we loop for a bit and may try the same server again, but we don't mark our upstream as bad, see comments in proxy.go. Testing this with "ANY isc.org" and "MX miek.nl" we see: ~~~ ::1 - [24/Sep/2017:08:06:17 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.001621221s 24/Sep/2017:08:06:17 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:37420->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:17 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 35.957284ms 127.0.0.1 - [24/Sep/2017:08:06:18 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.002051726s 24/Sep/2017:08:06:18 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:54901->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:19 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 56.848416ms 127.0.0.1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 48.118349ms ::1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 1.055172915s ~~~ So the ANY isc.org queries show up twice, because we retry internally - this is I think WAI. The `miek.nl MX` queries are just processed normally as no backend is marked as unreachable. May fix #1035 #486
2017-09-24 20:05:36 +01:00
First commit
2016-03-18 20:57:35 +00:00
atomic.AddInt32(&host.Fails, 1)
plugin/proxy: kick of HC on every 3rd failure (#1110) * healthchecks: check on every 3rd failure Check on every third failure and some cleanups to make this possible. A failed healthcheck will never increase Fails, a successfull healthceck will reset Fails to 0. This is a chance this counter now drops below 0, making the upstream super? healthy. This removes the okUntil smartness and condences everything back to 1 metrics: Fails; so it's simpler in that regard. Timout errors are *not* attributed to the local upstream, and don't get counted into the Fails anymore. Meaning the 'dig any isc.org' won't kill your upstream. Added extra test the see if the Fails counter gets reset after 3 failed connection. There is still a disconnect beween HTTP healthceck working the proxy (or lookup) not being able to connect to the upstream. * Fix tests
2017-10-15 19:38:39 +02:00
fails := atomic.LoadInt32(&host.Fails)
plugin/proxy: decrease health timeouts (#1107) Turn down the timeouts and numbers a bit: FailTimeout 10s -> 5s Future 60s -> 12s TryDuration 60s -> 16s The timeout for decrementing the fails in a host: 10s -> 2s And the biggest change: don't set fails when the error is Timeout(), meaning we loop for a bit and may try the same server again, but we don't mark our upstream as bad, see comments in proxy.go. Testing this with "ANY isc.org" and "MX miek.nl" we see: ~~~ ::1 - [24/Sep/2017:08:06:17 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.001621221s 24/Sep/2017:08:06:17 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:37420->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:17 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 35.957284ms 127.0.0.1 - [24/Sep/2017:08:06:18 +0100] "ANY IN isc.org. udp 37 false 4096" SERVFAIL qr,rd 37 10.002051726s 24/Sep/2017:08:06:18 +0100 [ERROR 0 isc.org. ANY] unreachable backend: read udp 192.168.1.148:54901->8.8.8.8:53: i/o timeout ::1 - [24/Sep/2017:08:06:19 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 56.848416ms 127.0.0.1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 48.118349ms ::1 - [24/Sep/2017:08:06:21 +0100] "MX IN miek.nl. udp 37 false 4096" NOERROR qr,rd,ra,ad 170 1.055172915s ~~~ So the ANY isc.org queries show up twice, because we retry internally - this is I think WAI. The `miek.nl MX` queries are just processed normally as no backend is marked as unreachable. May fix #1035 #486
2017-09-24 20:05:36 +01:00
Move Healthcheck to middleware/pkg/healthcheck (#854) * Move healthcheck out Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Move healthcheck to middleware/pkg/healthcheck Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-08-09 09:21:33 -07:00
go func(host *healthcheck.UpstreamHost, timeout time.Duration) {
First commit
2016-03-18 20:57:35 +00:00
time.Sleep(timeout)
plugin/proxy: kick of HC on every 3rd failure (#1110) * healthchecks: check on every 3rd failure Check on every third failure and some cleanups to make this possible. A failed healthcheck will never increase Fails, a successfull healthceck will reset Fails to 0. This is a chance this counter now drops below 0, making the upstream super? healthy. This removes the okUntil smartness and condences everything back to 1 metrics: Fails; so it's simpler in that regard. Timout errors are *not* attributed to the local upstream, and don't get counted into the Fails anymore. Meaning the 'dig any isc.org' won't kill your upstream. Added extra test the see if the Fails counter gets reset after 3 failed connection. There is still a disconnect beween HTTP healthceck working the proxy (or lookup) not being able to connect to the upstream. * Fix tests
2017-10-15 19:38:39 +02:00
// we may go negative here, should be rectified by the HC.
First commit
2016-03-18 20:57:35 +00:00
atomic.AddInt32(&host.Fails, -1)
plugin/proxy: kick of HC on every 3rd failure (#1110) * healthchecks: check on every 3rd failure Check on every third failure and some cleanups to make this possible. A failed healthcheck will never increase Fails, a successfull healthceck will reset Fails to 0. This is a chance this counter now drops below 0, making the upstream super? healthy. This removes the okUntil smartness and condences everything back to 1 metrics: Fails; so it's simpler in that regard. Timout errors are *not* attributed to the local upstream, and don't get counted into the Fails anymore. Meaning the 'dig any isc.org' won't kill your upstream. Added extra test the see if the Fails counter gets reset after 3 failed connection. There is still a disconnect beween HTTP healthceck working the proxy (or lookup) not being able to connect to the upstream. * Fix tests
2017-10-15 19:38:39 +02:00
if fails%failureCheck == 0 { // Kick off healthcheck on eveyry third failure.
host.HealthCheckURL()
}
First commit
2016-03-18 20:57:35 +00:00
}(host, timeout)
}
middleware/proxy: add request duration monitoring (#362) Add a separate request duration metrics specially for proxying requests upstream. Fixes #259
2016-10-28 12:54:49 +01:00
mw/proxy: simplify google code (#1019) * mw/proxy: simplify google code Minimize bootstrap code a bit, and block on the first resolve of the google https endpont. Add more logging and include actual error in the returned errors. Also re-resolve every 120 seconds, instead of 300 (might eventually make this an option). * fix test
2017-09-02 18:43:52 +02:00
return dns.RcodeServerFailure, fmt.Errorf("%s: %s", errUnreachable, backendErr)
First commit
2016-03-18 20:57:35 +00:00
}
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
}
func (p Proxy) match(state request.Request) (u Upstream) {
Fix resolving CNAME with no proxy (#564) This fixes a crash when we resolve (or try to) an external CNAME when no proxy is set. Add test as well.
2017-03-02 19:35:44 +00:00
if p.Upstreams == nil {
return nil
}
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
longestMatch := 0
for _, upstream := range *p.Upstreams {
from := upstream.From()
Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
2017-09-14 09:36:06 +01:00
if !plugin.Name(from).Matches(state.Name()) || !upstream.IsAllowedDomain(state.Name()) {
middleware/proxy: fix except keyword (#505) Fix the except keyword usage - the config would allow it, but it was not enforced in the code. Turns out that **FROM** was also not enforced, fix both, by (basically) copying the code from Caddy. Update the README and tests. Locally test as well, shows that this works: ~~~ .:1053 { proxy miek.nl 8.8.8.8:53 { except a.miek.nl } proxy a.miek.nl 8.8.4.4:53 errors stdout log stdout } ~~~ And gives the desired results, not having a proxy line for `a.miek.nl` results in a SERVFAIL (as expected). Fixes #502
2017-02-07 18:01:16 +00:00
continue
}
if lf := len(from); lf > longestMatch {
longestMatch = lf
u = upstream
}
}
return u
First commit
2016-03-18 20:57:35 +00:00
}
golint
2016-10-27 11:48:37 +00:00
// Name implements the Handler interface.
middleware/metrics: cleanup (#355) * middleware/metrics: add more metrics middleware/cache: Add metrics for number of elements in the cache. Also export the total size. Update README to detail the new metrics. middleware/metrics Move metrics into subpackage called "vars". This breaks the import cycle and is cleaner. This allows vars.Report to be used in the the dnsserver to log refused queries. middleware/metrics: tests Add tests to the metrics framework. The metrics/test subpackage allows scraping of the local server. Do a few test scrape of the metrics that are defined in the metrics middleware. This also allows metrics integration tests to check if the caching and dnssec middleware export their metrics correctly. * update README * typos * fix tests
2016-10-26 10:01:52 +01:00
func (p Proxy) Name() string { return "proxy" }
plugin/proxy: kick of HC on every 3rd failure (#1110) * healthchecks: check on every 3rd failure Check on every third failure and some cleanups to make this possible. A failed healthcheck will never increase Fails, a successfull healthceck will reset Fails to 0. This is a chance this counter now drops below 0, making the upstream super? healthy. This removes the okUntil smartness and condences everything back to 1 metrics: Fails; so it's simpler in that regard. Timout errors are *not* attributed to the local upstream, and don't get counted into the Fails anymore. Meaning the 'dig any isc.org' won't kill your upstream. Added extra test the see if the Fails counter gets reset after 3 failed connection. There is still a disconnect beween HTTP healthceck working the proxy (or lookup) not being able to connect to the upstream. * Fix tests
2017-10-15 19:38:39 +02:00
const (
defaultFailTimeout = 2 * time.Second
defaultTimeout = 5 * time.Second
failureCheck = 3
)
Reference in New Issue Copy Permalink