Merge commit from fork

Add configurable resource limits to prevent potential DoS vectors
via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers.

New configuration plugins:
- grpc_server: configure max_streams, max_connections
- https: configure max_connections
- https3: configure max_streams

Changes:
- Use netutil.LimitListener for connection limiting
- Use gRPC MaxConcurrentStreams and message size limits
- Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting
- Set secure defaults: 256 max streams, 200 max connections
- Setting any limit to 0 means unbounded/fallback to previous impl

Defaults are applied automatically when plugins are omitted from
config.

Includes tests and integration tests.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>

plugin/grpc_server/README.md

@@ -0,0 +1,51 @@
+# grpc_server
+
+## Name
+
+*grpc_server* - configures DNS-over-gRPC server options.
+
+## Description
+
+The *grpc_server* plugin allows you to configure parameters for the DNS-over-gRPC server to fine-tune the security posture and performance of the server.
+
+This plugin can only be used once per gRPC listener block.
+
+## Syntax
+
+```txt
+grpc_server {
+    max_streams POSITIVE_INTEGER
+    max_connections POSITIVE_INTEGER
+}
+```
+
+* `max_streams` limits the number of concurrent gRPC streams per connection. This helps prevent unbounded streams on a single connection, exhausting server resources. The default value is 256 if not specified. Set to 0 for unbounded.
+* `max_connections` limits the number of concurrent TCP connections to the gRPC server. The default value is 200 if not specified. Set to 0 for unbounded.
+
+## Examples
+
+Set custom limits for maximum streams and connections:
+
+```
+grpc://.:8053 {
+    tls cert.pem key.pem
+    grpc_server {
+        max_streams 50
+        max_connections 100
+    }
+    whoami
+}
+```
+
+Set values to 0 for unbounded, matching CoreDNS behaviour before v1.14.0:
+
+```
+grpc://.:8053 {
+    tls cert.pem key.pem
+    grpc_server {
+        max_streams 0
+        max_connections 0
+    }
+    whoami
+}
+```

plugin/grpc_server/setup.go

@@ -0,0 +1,79 @@
+package grpc_server
+
+import (
+	"strconv"
+
+	"github.com/coredns/caddy"
+	"github.com/coredns/coredns/core/dnsserver"
+	"github.com/coredns/coredns/plugin"
+)
+
+func init() {
+	caddy.RegisterPlugin("grpc_server", caddy.Plugin{
+		ServerType: "dns",
+		Action:     setup,
+	})
+}
+
+func setup(c *caddy.Controller) error {
+	err := parseGRPCServer(c)
+	if err != nil {
+		return plugin.Error("grpc_server", err)
+	}
+	return nil
+}
+
+func parseGRPCServer(c *caddy.Controller) error {
+	config := dnsserver.GetConfig(c)
+
+	// Skip the "grpc_server" directive itself
+	c.Next()
+
+	// Get any arguments on the "grpc_server" line
+	args := c.RemainingArgs()
+	if len(args) > 0 {
+		return c.ArgErr()
+	}
+
+	// Process all nested directives in the block
+	for c.NextBlock() {
+		switch c.Val() {
+		case "max_streams":
+			args := c.RemainingArgs()
+			if len(args) != 1 {
+				return c.ArgErr()
+			}
+			val, err := strconv.Atoi(args[0])
+			if err != nil {
+				return c.Errf("invalid max_streams value '%s': %v", args[0], err)
+			}
+			if val < 0 {
+				return c.Errf("max_streams must be a non-negative integer: %d", val)
+			}
+			if config.MaxGRPCStreams != nil {
+				return c.Err("max_streams already defined for this server block")
+			}
+			config.MaxGRPCStreams = &val
+		case "max_connections":
+			args := c.RemainingArgs()
+			if len(args) != 1 {
+				return c.ArgErr()
+			}
+			val, err := strconv.Atoi(args[0])
+			if err != nil {
+				return c.Errf("invalid max_connections value '%s': %v", args[0], err)
+			}
+			if val < 0 {
+				return c.Errf("max_connections must be a non-negative integer: %d", val)
+			}
+			if config.MaxGRPCConnections != nil {
+				return c.Err("max_connections already defined for this server block")
+			}
+			config.MaxGRPCConnections = &val
+		default:
+			return c.Errf("unknown property '%s'", c.Val())
+		}
+	}
+
+	return nil
+}

plugin/grpc_server/setup_test.go

@@ -0,0 +1,169 @@
+package grpc_server
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/coredns/caddy"
+	"github.com/coredns/coredns/core/dnsserver"
+)
+
+func TestSetup(t *testing.T) {
+	tests := []struct {
+		input                  string
+		shouldErr              bool
+		expectedErrContent     string
+		expectedMaxStreams     *int
+		expectedMaxConnections *int
+	}{
+		// Valid configurations
+		{
+			input:     `grpc_server`,
+			shouldErr: false,
+		},
+		{
+			input: `grpc_server {
+			}`,
+			shouldErr: false,
+		},
+		{
+			input: `grpc_server {
+				max_streams 100
+			}`,
+			shouldErr:          false,
+			expectedMaxStreams: intPtr(100),
+		},
+		{
+			input: `grpc_server {
+				max_connections 200
+			}`,
+			shouldErr:              false,
+			expectedMaxConnections: intPtr(200),
+		},
+		{
+			input: `grpc_server {
+				max_streams 50
+				max_connections 100
+			}`,
+			shouldErr:              false,
+			expectedMaxStreams:     intPtr(50),
+			expectedMaxConnections: intPtr(100),
+		},
+		// Zero values (unbounded)
+		{
+			input: `grpc_server {
+				max_streams 0
+			}`,
+			shouldErr:          false,
+			expectedMaxStreams: intPtr(0),
+		},
+		{
+			input: `grpc_server {
+				max_connections 0
+			}`,
+			shouldErr:              false,
+			expectedMaxConnections: intPtr(0),
+		},
+		// Error cases
+		{
+			input: `grpc_server {
+				max_streams
+			}`,
+			shouldErr:          true,
+			expectedErrContent: "Wrong argument count",
+		},
+		{
+			input: `grpc_server {
+				max_streams abc
+			}`,
+			shouldErr:          true,
+			expectedErrContent: "invalid max_streams value",
+		},
+		{
+			input: `grpc_server {
+				max_streams -1
+			}`,
+			shouldErr:          true,
+			expectedErrContent: "must be a non-negative integer",
+		},
+		{
+			input: `grpc_server {
+				max_streams 100
+				max_streams 200
+			}`,
+			shouldErr:          true,
+			expectedErrContent: "already defined",
+		},
+		{
+			input: `grpc_server {
+				unknown_option 123
+			}`,
+			shouldErr:          true,
+			expectedErrContent: "unknown property",
+		},
+		{
+			input:              `grpc_server extra_arg`,
+			shouldErr:          true,
+			expectedErrContent: "Wrong argument count",
+		},
+	}
+
+	for i, test := range tests {
+		c := caddy.NewTestController("dns", test.input)
+		err := setup(c)
+
+		if test.shouldErr && err == nil {
+			t.Errorf("Test %d (%s): Expected error but got none", i, test.input)
+			continue
+		}
+
+		if !test.shouldErr && err != nil {
+			t.Errorf("Test %d (%s): Expected no error but got: %v", i, test.input, err)
+			continue
+		}
+
+		if test.shouldErr && test.expectedErrContent != "" {
+			if !strings.Contains(err.Error(), test.expectedErrContent) {
+				t.Errorf("Test %d (%s): Expected error containing '%s' but got: %v",
+					i, test.input, test.expectedErrContent, err)
+			}
+			continue
+		}
+
+		if !test.shouldErr {
+			config := dnsserver.GetConfig(c)
+			assertIntPtrValue(t, i, test.input, "MaxGRPCStreams", config.MaxGRPCStreams, test.expectedMaxStreams)
+			assertIntPtrValue(t, i, test.input, "MaxGRPCConnections", config.MaxGRPCConnections, test.expectedMaxConnections)
+		}
+	}
+}
+
+func intPtr(v int) *int {
+	return &v
+}
+
+func assertIntPtrValue(t *testing.T, testIndex int, testInput, fieldName string, actual, expected *int) {
+	t.Helper()
+	if actual == nil && expected == nil {
+		return
+	}
+
+	if (actual == nil) != (expected == nil) {
+		t.Errorf("Test %d (%s): Expected %s to be %v, but got %v",
+			testIndex, testInput, fieldName, formatNilableInt(expected), formatNilableInt(actual))
+		return
+	}
+
+	if *actual != *expected {
+		t.Errorf("Test %d (%s): Expected %s to be %d, but got %d",
+			testIndex, testInput, fieldName, *expected, *actual)
+	}
+}
+
+func formatNilableInt(v *int) string {
+	if v == nil {
+		return "nil"
+	}
+	return fmt.Sprintf("%d", *v)
+}