coredns/middleware/etcd/README.md

# etcd

*etcd* enables reading zone data from an etcd instance. The data in etcd has to be encoded as
a [message](https://github.com/skynetservices/skydns/blob/2fcff74cdc9f9a7dd64189a447ef27ac354b725f/msg/service.go#L26)
like [SkyDNS](https//github.com/skynetservices/skydns). It should also work just like SkyDNS.

The etcd middleware makes extensive use of the proxy middleware to forward and query other servers
in the network.

## Syntax

~~~
etcd [ZONES...]
~~~

* **ZONES** zones etcd should be authoritative for.

The path will default to `/skydns` the local etcd proxy (http://localhost:2379).
If no zones are specified the block's zone will be used as the zone.

If you want to `round robin` A and AAAA responses look at the `loadbalance` middleware.

~~~
etcd [ZONES...] {
    stubzones
    path PATH
    endpoint ENDPOINT...
    upstream ADDRESS...
    tls CERT KEY CACERt
    debug
}
~~~

* `stubzones` enables the stub zones feature. The stubzone is *only* done in the etcd tree located
    under the *first* zone specified.
* **PATH** the path inside etcd. Defaults to "/skydns".
* **ENDPOINT** the etcd endpoints. Defaults to "http://localhost:2397".
* `upstream` upstream resolvers to be used resolve external names found in etcd (think CNAMEs)
  pointing to external names. If you want CoreDNS to act as a proxy for clients, you'll need to add
  the proxy middleware. **ADDRESS** can be an IP address, and IP:port or a string pointing to a file
  that is structured as /etc/resolv.conf.
* `tls` followed the cert, key and the CA's cert filenames.
* `debug` allows for debug queries. Prefix the name with `o-o.debug.` to retrieve extra information in the
  additional section of the reply in the form of TXT records.

## Examples

This is the default SkyDNS setup, with everying specified in full:

~~~
.:53 {
    etcd skydns.local {
        stubzones
        path /skydns
        endpoint http://localhost:2379
        upstream 8.8.8.8:53 8.8.4.4:53
    }
    prometheus
    cache 160 skydns.local
    loadbalance
    proxy . 8.8.8.8:53 8.8.4.4:53
}
~~~

Or a setup where we use `/etc/resolv.conf` as the basis for the proxy and the upstream
when resolving external pointing CNAMEs.

~~~
.:53 {
    etcd skydns.local {
        path /skydns
        upstream /etc/resolv.conf
    }
    cache 160 skydns.local
    proxy . /etc/resolv.conf
}
~~~


### Reverse zones

Reverse zones are supported. You need to make CoreDNS aware of the fact that you are also
authoritative for the reverse. For instance if you want to add the reverse for 10.0.0.0/24, you'll
need to add the zone `0.0.10.in-addr.arpa` to the list of zones. (The fun starts with IPv6 reverse zones
in the ip6.arpa domain.) Showing a snippet of a Corefile:

~~~
    etcd skydns.local 0.0.10.in-addr.arpa {
        stubzones
    ...
~~~

Next you'll need to populate the zone with reverse records, here we add a reverse for
10.0.0.127 pointing to reverse.skydns.local.

~~~
% curl -XPUT http://127.0.0.1:4001/v2/keys/skydns/arpa/in-addr/10/0/0/127 \
    -d value='{"host":"reverse.skydns.local."}'
~~~

Querying with dig:

~~~
% dig @localhost -x 10.0.0.127 +short
reverse.atoom.net.
~~~

Or with *debug* queries enabled:

~~~
% dig @localhost -p 1053 o-o.debug.127.0.0.10.in-addr.arpa. PTR

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;o-o.debug.127.0.0.10.in-addr.arpa. IN  PTR

;; ANSWER SECTION:
127.0.0.10.in-addr.arpa. 300    IN      PTR     reverse.atoom.net.

;; ADDITIONAL SECTION:
127.0.0.10.in-addr.arpa. 300    CH      TXT     "reverse.atoom.net.:0(10,0,,false)[0,]"
~~~

## Debug queries

When debug queries are enabled CoreDNS will return errors and etcd records encountered during the resolution
process in the response. The general form looks like this:

    skydns.test.skydns.dom.a.	0	CH	TXT	"127.0.0.1:0(10,0,,false)[0,]"

This shows the complete key as the owername, the rdata of the TXT record has:
`host:port(priority,weight,txt content,mail)[targetstrip,group]`.

Errors when communicating with an upstream will be returned as: `host:0(0,0,error message,false)[0,]`.

An example:

    www.example.org.	0	CH	TXT	"www.example.org.:0(0,0, IN A: unreachable backend,false)[0,]"

Signalling that an A record for www.example.org. was sought, but it failed with that error.

Any errors seen doing parsing will show up like this:

    . 0 CH TXT "/skydns/local/skydns/r/a: invalid character '.' after object key:value pair"

which shows `a.r.skydns.local.` has a json encoding problem.
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`# etcd`

docs: rewrite using manpage style (#327) This still needs cleanup, but this is a first pass the cleans some cruft and documents our style (in middleware.md) and makes all the docs match that style. 2016-10-10 20:13:22 +01:00			`etcd enables reading zone data from an etcd instance. The data in etcd has to be encoded as`
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`a [message](https://github.com/skynetservices/skydns/blob/2fcff74cdc9f9a7dd64189a447ef27ac354b725f/msg/service.go#L26)`
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00			`like [SkyDNS](https//github.com/skynetservices/skydns). It should also work just like SkyDNS.`
more etcd stuff 2016-03-20 21:36:55 +00:00
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00			`The etcd middleware makes extensive use of the proxy middleware to forward and query other servers`
			`in the network.`
Add Stub resolving SkyDNS can forward requests from one instance to another. Add this base infrastructure for this feature to CoreDNS. Add more tests as well. 2016-03-24 08:22:24 +00:00
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`## Syntax`

			`~~~`
docs: rewrite using manpage style (#327) This still needs cleanup, but this is a first pass the cleans some cruft and documents our style (in middleware.md) and makes all the docs match that style. 2016-10-10 20:13:22 +01:00			`etcd [ZONES...]`
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`~~~`

docs: rewrite using manpage style (#327) This still needs cleanup, but this is a first pass the cleans some cruft and documents our style (in middleware.md) and makes all the docs match that style. 2016-10-10 20:13:22 +01:00			`* ZONES zones etcd should be authoritative for.`
Start working on a etcd backend 2016-03-20 17:44:58 +00:00
middleware/etcd: Use the correct endpoint The endpoint for etcd as wrongly set if a proxy was configured. Clean up some documentation in the process as well. 2016-04-19 12:52:05 +00:00			The path will default to `/skydns` the local etcd proxy (http://localhost:2379).
Change of config 2016-03-22 11:32:12 +00:00			`If no zones are specified the block's zone will be used as the zone.`
Start working on a etcd backend 2016-03-20 17:44:58 +00:00
fix doc 2016-03-24 17:55:46 +00:00			If you want to `round robin` A and AAAA responses look at the `loadbalance` middleware.
more etcd stuff 2016-03-20 21:36:55 +00:00
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`~~~`
docs: rewrite using manpage style (#327) This still needs cleanup, but this is a first pass the cleans some cruft and documents our style (in middleware.md) and makes all the docs match that style. 2016-10-10 20:13:22 +01:00			`etcd [ZONES...] {`
Support SkyDNS' stubzones This implements stubzones in the same way as SkyDNS. This also works with multiple configured domains and has tests. Also add more configuration parameters for TLS and path prefix and enabling stubzones. Run StubUpdates as a startup command to keep up to date with the list in etcd. 2016-03-25 20:26:42 +00:00			`stubzones`
docs: rewrite using manpage style (#327) This still needs cleanup, but this is a first pass the cleans some cruft and documents our style (in middleware.md) and makes all the docs match that style. 2016-10-10 20:13:22 +01:00			`path PATH`
			`endpoint ENDPOINT...`
			`upstream ADDRESS...`
			`tls CERT KEY CACERt`
Allow debug queries to etcd middleware (#150) With this you can retreive the raw data that the etcd middleware used to create the reply. The debug data is put in TXT records that are stuffed in the CH classs. This is only enabled if you specify `debug` in the etcd stanza. You can retrieve it by prefixing your query with 'o-o.debug.' For instance: ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost -p 1053 SRV o-o.debug.production..skydns.local ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47798 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;o-o.debug.production..skydns.local. IN SRV ;; ANSWER SECTION: production..skydns.local. 154 IN SRV 10 50 8080 service1.example.com. production..skydns.local. 154 IN SRV 10 50 8080 service2.example.com. ;; ADDITIONAL SECTION: skydns.local.skydns.east.production.rails.1. 154 CH TXT "service1.example.com:8080(10,0,,false)[0,]" skydns.local.skydns.west.production.rails.2. 154 CH TXT "service2.example.com:8080(10,0,,false)[0,]" 2016-05-22 21:16:26 +01:00			`debug`
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`}`
			`~~~`

Update README.md Grammatical fixes plus correction of the reverse-mapping zone for 10.0.0/24. 2016-08-22 14:10:25 -07:00			* `stubzones` enables the stub zones feature. The stubzone is only done in the etcd tree located
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00			`under the first zone specified.`
docs: rewrite using manpage style (#327) This still needs cleanup, but this is a first pass the cleans some cruft and documents our style (in middleware.md) and makes all the docs match that style. 2016-10-10 20:13:22 +01:00			`* PATH the path inside etcd. Defaults to "/skydns".`
			`* ENDPOINT the etcd endpoints. Defaults to "http://localhost:2397".`
Update README.md Grammatical fixes plus correction of the reverse-mapping zone for 10.0.0/24. 2016-08-22 14:10:25 -07:00			* `upstream` upstream resolvers to be used resolve external names found in etcd (think CNAMEs)
			`pointing to external names. If you want CoreDNS to act as a proxy for clients, you'll need to add`
middleware/httpproxy: add debug queries (#446) * middleware/httproxy: implement debug queries Not too useful at the moment, but o-o.debug queries are supported and return the Comment from dns.google.com. Note that this is not always set. * improve documentation * Testing cleanups 2016-11-29 09:54:57 +00:00			`the proxy middleware. ADDRESS can be an IP address, and IP:port or a string pointing to a file`
middleware/proxy: config syntax cleanups (#435) * middleware/proxy: config syntax cleanups Allow port numbers to be used in the transfer statements and clean up the proxy stanza parsing. Also allow, when specifying an upstream, /etc/resolv.conf (or any other file) to be used for getting the upstream nameserver. Add tests and fix the documentation to make clear what is allowed. * Fix the other upstream parse as well 2016-11-24 16:57:20 +01:00			`that is structured as /etc/resolv.conf.`
Fix docs 2016-03-26 16:32:36 +00:00			* `tls` followed the cert, key and the CA's cert filenames.
ServiceBackend interface (#369) * Add ServiceBackend interface This adds a ServiceBackend interface that is shared between etcd/etcd3 (later) and kubernetes, leading to a massive reduction in code. When returning the specific records from their backend. Fixes #273 2016-10-30 15:54:16 +00:00			* `debug` allows for debug queries. Prefix the name with `o-o.debug.` to retrieve extra information in the
Update README.md Grammatical fixes plus correction of the reverse-mapping zone for 10.0.0/24. 2016-08-22 14:10:25 -07:00			`additional section of the reply in the form of TXT records.`
middleware/etcd: Return json parsing errors (#158) When coredns unmarshals a json value and it fails it will put the error in the returned message iff the query was a debug query (o-o.debug.<REST>). 2016-06-07 20:57:45 +01:00
Start working on a etcd backend 2016-03-20 17:44:58 +00:00			`## Examples`
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00
			`This is the default SkyDNS setup, with everying specified in full:`

			`~~~`
			`.:53 {`
middleware/etcd: Use the correct endpoint The endpoint for etcd as wrongly set if a proxy was configured. Clean up some documentation in the process as well. 2016-04-19 12:52:05 +00:00			`etcd skydns.local {`
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00			`stubzones`
			`path /skydns`
middleware/etcd: Use the correct endpoint The endpoint for etcd as wrongly set if a proxy was configured. Clean up some documentation in the process as well. 2016-04-19 12:52:05 +00:00			`endpoint http://localhost:2379`
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00			`upstream 8.8.8.8:53 8.8.4.4:53`
			`}`
middleware/etcd: Use the correct endpoint The endpoint for etcd as wrongly set if a proxy was configured. Clean up some documentation in the process as well. 2016-04-19 12:52:05 +00:00			`prometheus`
			`cache 160 skydns.local`
middleware/file: Support delegations (#124) Return a delegation when seeing one while traversing the tree in search of an answer. Put the SOA and NS record in the zone.Apex as these are to be handled somewhat special. Lowercase record on insert to make compares easier. This lowercases all RR that have domain names in their rdata as well. 2016-04-16 16:16:52 +01:00			`loadbalance`
			`proxy . 8.8.8.8:53 8.8.4.4:53`
			`}`
			`~~~`
middleware/etcd: reverse addresses (#162) * middleware/etcd: reverse addresses Implement reverse (PTR) addresses. Update the documentation on how to configure test. Added tests as well. Fixes: #157 #159 * Cleanup readme a little 2016-06-08 10:29:46 +01:00
middleware/proxy: config syntax cleanups (#435) * middleware/proxy: config syntax cleanups Allow port numbers to be used in the transfer statements and clean up the proxy stanza parsing. Also allow, when specifying an upstream, /etc/resolv.conf (or any other file) to be used for getting the upstream nameserver. Add tests and fix the documentation to make clear what is allowed. * Fix the other upstream parse as well 2016-11-24 16:57:20 +01:00			Or a setup where we use `/etc/resolv.conf` as the basis for the proxy and the upstream
			`when resolving external pointing CNAMEs.`

			`~~~`
			`.:53 {`
			`etcd skydns.local {`
			`path /skydns`
			`upstream /etc/resolv.conf`
			`}`
			`cache 160 skydns.local`
			`proxy . /etc/resolv.conf`
			`}`
			`~~~`


middleware/etcd: reverse addresses (#162) * middleware/etcd: reverse addresses Implement reverse (PTR) addresses. Update the documentation on how to configure test. Added tests as well. Fixes: #157 #159 * Cleanup readme a little 2016-06-08 10:29:46 +01:00			`### Reverse zones`

			`Reverse zones are supported. You need to make CoreDNS aware of the fact that you are also`
			`authoritative for the reverse. For instance if you want to add the reverse for 10.0.0.0/24, you'll`
Update README.md Grammatical fixes plus correction of the reverse-mapping zone for 10.0.0/24. 2016-08-22 14:10:25 -07:00			need to add the zone `0.0.10.in-addr.arpa` to the list of zones. (The fun starts with IPv6 reverse zones
			`in the ip6.arpa domain.) Showing a snippet of a Corefile:`
middleware/etcd: reverse addresses (#162) * middleware/etcd: reverse addresses Implement reverse (PTR) addresses. Update the documentation on how to configure test. Added tests as well. Fixes: #157 #159 * Cleanup readme a little 2016-06-08 10:29:46 +01:00
			`~~~`
Update README.md Grammatical fixes plus correction of the reverse-mapping zone for 10.0.0/24. 2016-08-22 14:10:25 -07:00			`etcd skydns.local 0.0.10.in-addr.arpa {`
middleware/etcd: reverse addresses (#162) * middleware/etcd: reverse addresses Implement reverse (PTR) addresses. Update the documentation on how to configure test. Added tests as well. Fixes: #157 #159 * Cleanup readme a little 2016-06-08 10:29:46 +01:00			`stubzones`
			`...`
			`~~~`

			`Next you'll need to populate the zone with reverse records, here we add a reverse for`
			`10.0.0.127 pointing to reverse.skydns.local.`

			`~~~`
			`% curl -XPUT http://127.0.0.1:4001/v2/keys/skydns/arpa/in-addr/10/0/0/127 \`
			`-d value='{"host":"reverse.skydns.local."}'`
			`~~~`

			`Querying with dig:`

			`~~~`
			`% dig @localhost -x 10.0.0.127 +short`
			`reverse.atoom.net.`
			`~~~`

			`Or with debug queries enabled:`

			`~~~`
			`% dig @localhost -p 1053 o-o.debug.127.0.0.10.in-addr.arpa. PTR`

			`;; OPT PSEUDOSECTION:`
			`; EDNS: version: 0, flags:; udp: 4096`
			`;; QUESTION SECTION:`
			`;o-o.debug.127.0.0.10.in-addr.arpa. IN PTR`

			`;; ANSWER SECTION:`
			`127.0.0.10.in-addr.arpa. 300 IN PTR reverse.atoom.net.`

			`;; ADDITIONAL SECTION:`
			`127.0.0.10.in-addr.arpa. 300 CH TXT "reverse.atoom.net.:0(10,0,,false)[0,]"`
			`~~~`
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
			`## Debug queries`

			`When debug queries are enabled CoreDNS will return errors and etcd records encountered during the resolution`
			`process in the response. The general form looks like this:`

middleware/httpproxy: add debug queries (#446) * middleware/httproxy: implement debug queries Not too useful at the moment, but o-o.debug queries are supported and return the Comment from dns.google.com. Note that this is not always set. * improve documentation * Testing cleanups 2016-11-29 09:54:57 +00:00			`skydns.test.skydns.dom.a. 0 CH TXT "127.0.0.1:0(10,0,,false)[0,]"`
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
Fix lookup test (#206) * Always continue * debug queries: more sane impl This PR just add a msg.Service to debug instead of crafting an TXT RR at that point. This way we lift on the normal way of generating debug responses and don't muck with that implementation. The tags=etcd is flaky as hell for some reason. 2016-08-08 21:42:39 -07:00			`This shows the complete key as the owername, the rdata of the TXT record has:`
			`host:port(priority,weight,txt content,mail)[targetstrip,group]`.
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
Fix lookup test (#206) * Always continue * debug queries: more sane impl This PR just add a msg.Service to debug instead of crafting an TXT RR at that point. This way we lift on the normal way of generating debug responses and don't muck with that implementation. The tags=etcd is flaky as hell for some reason. 2016-08-08 21:42:39 -07:00			Errors when communicating with an upstream will be returned as: `host:0(0,0,error message,false)[0,]`.
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
Fix lookup test (#206) * Always continue * debug queries: more sane impl This PR just add a msg.Service to debug instead of crafting an TXT RR at that point. This way we lift on the normal way of generating debug responses and don't muck with that implementation. The tags=etcd is flaky as hell for some reason. 2016-08-08 21:42:39 -07:00			`An example:`

			`www.example.org. 0 CH TXT "www.example.org.:0(0,0, IN A: unreachable backend,false)[0,]"`
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
Fix lookup test (#206) * Always continue * debug queries: more sane impl This PR just add a msg.Service to debug instead of crafting an TXT RR at that point. This way we lift on the normal way of generating debug responses and don't muck with that implementation. The tags=etcd is flaky as hell for some reason. 2016-08-08 21:42:39 -07:00			`Signalling that an A record for www.example.org. was sought, but it failed with that error.`
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
Fix lookup test (#206) * Always continue * debug queries: more sane impl This PR just add a msg.Service to debug instead of crafting an TXT RR at that point. This way we lift on the normal way of generating debug responses and don't muck with that implementation. The tags=etcd is flaky as hell for some reason. 2016-08-08 21:42:39 -07:00			`Any errors seen doing parsing will show up like this:`

			`. 0 CH TXT "/skydns/local/skydns/r/a: invalid character '.' after object key:value pair"`
Add debugging for failed lookups (#199) This PR adds debug support for failed lookups. I.e. when a record is outside the configured domain, we do a forward lookup. If this fails the error is silently dropped. This PR adds it back as an error in when debugging is enabled. Fixes #197 2016-08-08 19:54:17 -07:00
Fix lookup test (#206) * Always continue * debug queries: more sane impl This PR just add a msg.Service to debug instead of crafting an TXT RR at that point. This way we lift on the normal way of generating debug responses and don't muck with that implementation. The tags=etcd is flaky as hell for some reason. 2016-08-08 21:42:39 -07:00			which shows `a.r.skydns.local.` has a json encoding problem.