plugin/loop/README.md

# loop

## Name

*loop* - detect simple forwarding loops and halt the server.

## Description

The *loop* plugin will send a random probe query to ourselves and will then keep track of how many times
we see it. If we see it more than twice, we assume CoreDNS has seen a forwarding loop and we halt the process.

The plugin will try to send the query for up to 30 seconds. This is done to give CoreDNS enough time
to start up. Once a query has been successfully sent, *loop* disables itself to prevent a query of
death.

The query sent is `<random number>.<random number>.zone` with type set to HINFO.

## Syntax

~~~ txt
loop
~~~

## Examples

Start a server on the default port and load the *loop* and *forward* plugins. The *forward* plugin
forwards to it self.

~~~ txt
. {
    loop
    forward . 127.0.0.1
}
~~~

After CoreDNS has started it stops the process while logging:

~~~ txt
plugin/loop: Loop (127.0.0.1:55953 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 4547991504243258144.3688648895315093531."
~~~

## Limitations

This plugin only attempts to find simple static forwarding loops at start up time. To detect a loop,
the following must be true:

*  the loop must be present at start up time.

*  the loop must occur for the `HINFO` query type.

## Troubleshooting

When CoreDNS logs contain the message `Loop ... detected ...`, this means that the `loop` detection
plugin has detected an infinite forwarding loop in one of the upstream DNS servers. This is a fatal
error because operating with an infinite loop will consume memory and CPU until eventual out of
memory death by the host.

A forwarding loop is usually caused by:

* Most commonly, CoreDNS forwarding requests directly to itself. e.g. via a loopback address such as `127.0.0.1`, `::1` or `127.0.0.53`
* Less commonly, CoreDNS forwarding to an upstream server that in turn, forwards requests back to CoreDNS.

To troubleshoot this problem, look in your Corefile for any `forward`s to the zone
in which the loop was detected.  Make sure that they are not forwarding to a local address or
to another DNS server that is forwarding requests back to CoreDNS. If `forward` is
using a file (e.g. `/etc/resolv.conf`), make sure that file does not contain local addresses.

### Troubleshooting Loops In Kubernetes Clusters

When a CoreDNS Pod deployed in Kubernetes detects a loop, the CoreDNS Pod will start to "CrashLoopBackOff".
This is because Kubernetes will try to restart the Pod every time CoreDNS detects the loop and exits.

A common cause of forwarding loops in Kubernetes clusters is an interaction with a local DNS cache
on the host node (e.g. `systemd-resolved`).  For example, in certain configurations `systemd-resolved` will
put the loopback address `127.0.0.53` as a nameserver into `/etc/resolv.conf`. Kubernetes (via `kubelet`) by default
will pass this `/etc/resolv.conf` file to all Pods using the `default` dnsPolicy rendering them
unable to make DNS lookups (this includes CoreDNS Pods). CoreDNS uses this `/etc/resolv.conf`
as a list of upstreams to forward requests to.  Since it contains a loopback address, CoreDNS ends up forwarding
requests to itself.

There are many ways to work around this issue, some are listed here:

* Add the following to your `kubelet` config yaml: `resolvConf: <path-to-your-real-resolv-conf-file>` (or via command line flag `--resolv-conf` deprecated in 1.10).  Your "real"
  `resolv.conf` is the one that contains the actual IPs of your upstream servers, and no local/loopback address.
  This flag tells `kubelet` to pass an alternate `resolv.conf` to Pods. For systems using `systemd-resolved`,
`/run/systemd/resolve/resolv.conf` is typically the location of the "real" `resolv.conf`,
although this can be different depending on your distribution.
* Disable the local DNS cache on host nodes, and restore `/etc/resolv.conf` to the original.
* A quick and dirty fix is to edit your Corefile, replacing `forward . /etc/resolv.conf` with
the ip address of your upstream DNS, for example `forward . 8.8.8.8`.  But this only fixes the issue for CoreDNS,
kubelet will continue to forward the invalid `resolv.conf` to all `default` dnsPolicy Pods, leaving them unable to resolve DNS.
New plugin: loop (#1989) * New plugin: loop Add a plugin that detects loops. It does this by sending an unique query to our selves. If we see the query more than twice we stop the process. If there isn't a loop, the plugin disables it self and becomes a noop plugin. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-20 19:45:17 +01:00			`# loop`

			`## Name`

Document current limitations of loop (#1996) * Document current limitations of loop * Update README.md 2018-07-23 15:37:41 -04:00			`loop - detect simple forwarding loops and halt the server.`
New plugin: loop (#1989) * New plugin: loop Add a plugin that detects loops. It does this by sending an unique query to our selves. If we see the query more than twice we stop the process. If there isn't a loop, the plugin disables it self and becomes a noop plugin. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-20 19:45:17 +01:00
			`## Description`

plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00			`The loop plugin will send a random probe query to ourselves and will then keep track of how many times`
plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00			`we see it. If we see it more than twice, we assume CoreDNS has seen a forwarding loop and we halt the process.`
New plugin: loop (#1989) * New plugin: loop Add a plugin that detects loops. It does this by sending an unique query to our selves. If we see the query more than twice we stop the process. If there isn't a loop, the plugin disables it self and becomes a noop plugin. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-20 19:45:17 +01:00
			`The plugin will try to send the query for up to 30 seconds. This is done to give CoreDNS enough time`
plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00			`to start up. Once a query has been successfully sent, loop disables itself to prevent a query of`
New plugin: loop (#1989) * New plugin: loop Add a plugin that detects loops. It does this by sending an unique query to our selves. If we see the query more than twice we stop the process. If there isn't a loop, the plugin disables it self and becomes a noop plugin. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-20 19:45:17 +01:00			`death.`

Document current limitations of loop (#1996) * Document current limitations of loop * Update README.md 2018-07-23 15:37:41 -04:00			The query sent is `<random number>.<random number>.zone` with type set to HINFO.
New plugin: loop (#1989) * New plugin: loop Add a plugin that detects loops. It does this by sending an unique query to our selves. If we see the query more than twice we stop the process. If there isn't a loop, the plugin disables it self and becomes a noop plugin. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-20 19:45:17 +01:00
			`## Syntax`

			`~~~ txt`
			`loop`
			`~~~`

			`## Examples`

			`Start a server on the default port and load the loop and forward plugins. The forward plugin`
			`forwards to it self.`

			`~~~ txt`
			`. {`
			`loop`
			`forward . 127.0.0.1`
			`}`
			`~~~`

			`After CoreDNS has started it stops the process while logging:`

			`~~~ txt`
plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00			`plugin/loop: Loop (127.0.0.1:55953 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 4547991504243258144.3688648895315093531."`
New plugin: loop (#1989) * New plugin: loop Add a plugin that detects loops. It does this by sending an unique query to our selves. If we see the query more than twice we stop the process. If there isn't a loop, the plugin disables it self and becomes a noop plugin. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-20 19:45:17 +01:00			`~~~`
Document current limitations of loop (#1996) * Document current limitations of loop * Update README.md 2018-07-23 15:37:41 -04:00
			`## Limitations`

plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00			`This plugin only attempts to find simple static forwarding loops at start up time. To detect a loop,`
			`the following must be true:`
Document current limitations of loop (#1996) * Document current limitations of loop * Update README.md 2018-07-23 15:37:41 -04:00
plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00			`* the loop must be present at start up time.`

			* the loop must occur for the `HINFO` query type.
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00
			`## Troubleshooting`

plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00			When CoreDNS logs contain the message `Loop ... detected ...`, this means that the `loop` detection
			`plugin has detected an infinite forwarding loop in one of the upstream DNS servers. This is a fatal`
			`error because operating with an infinite loop will consume memory and CPU until eventual out of`
			`memory death by the host.`
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00
			`A forwarding loop is usually caused by:`
Update README.md (#2213) 2018-10-18 10:19:22 -04:00
add ipv6 loopback example (#2223) 2018-10-22 13:30:42 -04:00			* Most commonly, CoreDNS forwarding requests directly to itself. e.g. via a loopback address such as `127.0.0.1`, `::1` or `127.0.0.53`
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00			`* Less commonly, CoreDNS forwarding to an upstream server that in turn, forwards requests back to CoreDNS.`

Move proxy to external (#2651) * Move proxy to external move the proxy plugin into coredns/proxy and remove it as a default plugin. Link the proxy to deprecated in plugin.cfg coredns/proxy doesn't compile because of the vendoring :( Signed-off-by: Miek Gieben <miek@miek.nl> * Add github.com/coredns/proxy Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2019-03-03 23:32:38 -08:00			To troubleshoot this problem, look in your Corefile for any `forward`s to the zone
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00			`in which the loop was detected. Make sure that they are not forwarding to a local address or`
Move proxy to external (#2651) * Move proxy to external move the proxy plugin into coredns/proxy and remove it as a default plugin. Link the proxy to deprecated in plugin.cfg coredns/proxy doesn't compile because of the vendoring :( Signed-off-by: Miek Gieben <miek@miek.nl> * Add github.com/coredns/proxy Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2019-03-03 23:32:38 -08:00			to another DNS server that is forwarding requests back to CoreDNS. If `forward` is
			using a file (e.g. `/etc/resolv.conf`), make sure that file does not contain local addresses.
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00
			`### Troubleshooting Loops In Kubernetes Clusters`
plugin/loop: show from -> to (#2400) Show from and to address when detecting a loop they may aid in debugging. Hard to create a unit test, but this is a startup run with self induced loop: ~~~ corefile .:1053 { loop log forward . 127.0.0.1:1053 } ~~~~ ~~~ :1053 2018-12-16T10:11:03.695Z [INFO] CoreDNS-1.3.0 2018-12-16T10:11:03.695Z [INFO] linux/amd64, go1.11, CoreDNS-1.3.0 linux/amd64, go1.11, 2018-12-16T10:11:03.696Z [FATAL] plugin/loop: Loop (127.0.0.1:51384 -> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 2781022615773629442.4133547885299871809." ~~~ Update the docs and polished that a bit as well. Signed-off-by: Miek Gieben <miek@miek.nl> 2018-12-16 21:48:09 +00:00
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00			`When a CoreDNS Pod deployed in Kubernetes detects a loop, the CoreDNS Pod will start to "CrashLoopBackOff".`
			`This is because Kubernetes will try to restart the Pod every time CoreDNS detects the loop and exits.`

plugin/loop: Improve loop troubleshoot docs (#2363) * improve loop troubleshoot docs * fix spelling 2018-12-04 06:58:20 -05:00			`A common cause of forwarding loops in Kubernetes clusters is an interaction with a local DNS cache`
			on the host node (e.g. `systemd-resolved`). For example, in certain configurations `systemd-resolved` will
			put the loopback address `127.0.0.53` as a nameserver into `/etc/resolv.conf`. Kubernetes (via `kubelet`) by default
fix a document error (#2376) 2018-12-07 17:45:13 +08:00			will pass this `/etc/resolv.conf` file to all Pods using the `default` dnsPolicy rendering them
clean pre-submit checks (#2367) Automatically submitted. 2018-12-05 16:20:20 -05:00			unable to make DNS lookups (this includes CoreDNS Pods). CoreDNS uses this `/etc/resolv.conf`
Move proxy to external (#2651) * Move proxy to external move the proxy plugin into coredns/proxy and remove it as a default plugin. Link the proxy to deprecated in plugin.cfg coredns/proxy doesn't compile because of the vendoring :( Signed-off-by: Miek Gieben <miek@miek.nl> * Add github.com/coredns/proxy Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2019-03-03 23:32:38 -08:00			`as a list of upstreams to forward requests to. Since it contains a loopback address, CoreDNS ends up forwarding`
clean pre-submit checks (#2367) Automatically submitted. 2018-12-05 16:20:20 -05:00			`requests to itself.`
plugin/loop: tweak loop detected msg, add troubleshooting section (#2185) Automatically submitted. 2018-10-12 13:24:40 -04:00
			`There are many ways to work around this issue, some are listed here:`
Update README.md (#2213) 2018-10-18 10:19:22 -04:00
plugin/loop: Update troubleshooting step (#2804) * Update README.md 2019-04-30 08:42:14 -04:00			* Add the following to your `kubelet` config yaml: `resolvConf: <path-to-your-real-resolv-conf-file>` (or via command line flag `--resolv-conf` deprecated in 1.10). Your "real"
plugin/loop: Improve loop troubleshoot docs (#2363) * improve loop troubleshoot docs * fix spelling 2018-12-04 06:58:20 -05:00			`resolv.conf` is the one that contains the actual IPs of your upstream servers, and no local/loopback address.
			This flag tells `kubelet` to pass an alternate `resolv.conf` to Pods. For systems using `systemd-resolved`,
			`/run/systemd/resolve/resolv.conf` is typically the location of the "real" `resolv.conf`,
			`although this can be different depending on your distribution.`
			* Disable the local DNS cache on host nodes, and restore `/etc/resolv.conf` to the original.
Move proxy to external (#2651) * Move proxy to external move the proxy plugin into coredns/proxy and remove it as a default plugin. Link the proxy to deprecated in plugin.cfg coredns/proxy doesn't compile because of the vendoring :( Signed-off-by: Miek Gieben <miek@miek.nl> * Add github.com/coredns/proxy Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2019-03-03 23:32:38 -08:00			* A quick and dirty fix is to edit your Corefile, replacing `forward . /etc/resolv.conf` with
			the ip address of your upstream DNS, for example `forward . 8.8.8.8`. But this only fixes the issue for CoreDNS,
plugin/loop: Improve loop troubleshoot docs (#2363) * improve loop troubleshoot docs * fix spelling 2018-12-04 06:58:20 -05:00			kubelet will continue to forward the invalid `resolv.conf` to all `default` dnsPolicy Pods, leaving them unable to resolve DNS.