Default to upstream to self (#2436)

* Default to upstream to self This is a backwards incompatible change. This is a massive (cleanup) PR where we default to resolving external names by the coredns process itself, instead of directly forwarding them to some upstream. This ignores any arguments `upstream` may have had and makes it depend on proxy/forward configuration in the Corefile. This allows resolved upstream names to be cached and we have better healthchecking of the upstreams. It also means there is only one way to resolve names, by either using the proxy or forward plugin. The proxy/forward lookup.go functions have been removed. This also lessen the dependency on proxy, meaning deprecating proxy will become easier. Some tests have been removed as well, or moved to the top-level test directory as they now require a full coredns process instead of just the plugin. For the etcd plugin, the entire StubZone resolving is *dropped*! This was a hacky (but working) solution to say the least. If someone cares deeply it can be brought back (maybe)? The pkg/upstream is now very small and almost does nothing. Also the New() function was changed to return a pointer to upstream.Upstream. It also returns only one parameter, so any stragglers using it will encounter a compile error. All documentation has been adapted. This affected the following plugins: * etcd * file * auto * secondary * federation * template * route53 A followup PR will make any upstream directives with arguments an error, right now they are ignored. Signed-off-by: Miek Gieben <miek@miek.nl> * Fix etcd build - probably still fails unit test Signed-off-by: Miek Gieben <miek@miek.nl> * Slightly smarter lookup check in upstream Signed-off-by: Miek Gieben <miek@miek.nl> * Compilez Signed-off-by: Miek Gieben <miek@miek.nl>
2025-11-01 18:53:43 -04:00 · 2019-01-13 16:54:49 +00:00
parent 6b56a9c921
commit 9c16ed1d14
55 changed files with 184 additions and 1349 deletions
--- a/plugin/route53/README.md
+++ b/plugin/route53/README.md
@@ -6,8 +6,9 @@

 ## Description

-The route53 plugin is useful for serving zones from resource record sets in AWS route53. This plugin
-supports all Amazon Route 53 records (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html).
+The route53 plugin is useful for serving zones from resource record
+sets in AWS route53. This plugin supports all Amazon Route 53 records
+([https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html)).
 The route53 plugin can be used when coredns is deployed on AWS or elsewhere.

 ## Syntax
@@ -15,33 +16,40 @@ The route53 plugin can be used when coredns is deployed on AWS or elsewhere.
 ~~~ txt
 route53 [ZONE:HOSTED_ZONE_ID...] {
    [aws_access_key AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY]
-    upstream [ADDRESS...]
+    upstream
    credentials PROFILE [FILENAME]
    fallthrough [ZONES...]
 }
 ~~~

-* **ZONE** the name of the domain to be accessed. When there are multiple zones with overlapping domains
-  (private vs. public hosted zone), CoreDNS does the lookup in the given order here. Therefore, for a
-  non-existing resource record, SOA response will be from the rightmost zone.
-* **HOSTED_ZONE_ID** the ID of the hosted zone that contains the resource record sets to be accessed.
-* **AWS_ACCESS_KEY_ID** and **AWS_SECRET_ACCESS_KEY** the AWS access key ID and secret access key
-   to be used when query AWS (optional).  If they are not provided, then coredns tries to access
-   AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,
-   instance profile credentials, etc.
-* `upstream` [**ADDRESS**...] specifies upstream resolver(s) used for resolving services that point
-   to external hosts (eg. used to resolve CNAMEs). If no **ADDRESS** is given, CoreDNS will resolve
-   against itself. **ADDRESS** can be an IP, an IP:port or a path to a file structured like
-   resolv.conf.
-* `credentials` used for reading the credential file and setting the profile name for a given zone.
-* **PROFILE** AWS account profile name. Defaults to `default`.
-* **FILENAME** AWS credentials filename. Defaults to `~/.aws/credentials`
-   are used.
-* `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
-  If **[ZONES...]** is omitted, then fallthrough happens for all zones for which the plugin
-  is authoritative. If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then only
-  queries for those zones will be subject to fallthrough.
-* **ZONES** zones it should be authoritative for. If empty, the zones from the configuration block
+*   **ZONE** the name of the domain to be accessed. When there are multiple zones with overlapping
+    domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
+    Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.
+
+*   **HOSTED*ZONE*ID** the ID of the hosted zone that contains the resource record sets to be
+    accessed.
+
+*   **AWS*ACCESS*KEY_ID** and **AWS*SECRET*ACCESS_KEY** the AWS access key ID and secret access key
+    to be used when query AWS (optional). If they are not provided, then coredns tries to access
+    AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,
+    instance profile credentials, etc.
+
+*   `upstream`is used for resolving services that point to external hosts (eg. used to resolve
+    CNAMEs). CoreDNS will resolve against itself.
+
+*   `credentials` used for reading the credential file and setting the profile name for a given
+    zone.
+
+*   **PROFILE** AWS account profile name. Defaults to `default`.
+
+*   **FILENAME** AWS credentials filename. Defaults to `~/.aws/credentials` are used.
+
+*   `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
+    If **[ZONES...]** is omitted, then fallthrough happens for all zones for which the plugin is
+    authoritative. If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then
+    only queries for those zones will be subject to fallthrough.
+
+*   **ZONES** zones it should be authoritative for. If empty, the zones from the configuration block

 ## Examples

--- a/plugin/route53/route53.go
+++ b/plugin/route53/route53.go
@@ -170,7 +170,7 @@ func (h *Route53) updateZones(ctx context.Context) error {

 			for i, hostedZone := range z {
 				newZ := file.NewZone(zName, "")
-				newZ.Upstream = *h.upstream
+				newZ.Upstream = h.upstream
 				in := &route53.ListResourceRecordSetsInput{
 					HostedZoneId: aws.String(hostedZone.id),
 				}
--- a/plugin/route53/setup.go
+++ b/plugin/route53/setup.go
@@ -48,7 +48,7 @@ func setup(c *caddy.Controller, f func(*credentials.Credentials) route53iface.Ro
 	var providers []credentials.Provider
 	var fall fall.F

-	up, _ := upstream.New(nil)
+	up := upstream.New()
 	for c.Next() {
 		args := c.RemainingArgs()

@@ -83,12 +83,7 @@ func setup(c *caddy.Controller, f func(*credentials.Credentials) route53iface.Ro
 					},
 				})
 			case "upstream":
-				args := c.RemainingArgs()
-				var err error
-				up, err = upstream.New(args)
-				if err != nil {
-					return c.Errf("invalid upstream: %v", err)
-				}
+				c.RemainingArgs() // eats args
 			case "credentials":
 				if c.NextArg() {
 					sharedProvider.Profile = c.Val()
@@ -109,7 +104,7 @@ func setup(c *caddy.Controller, f func(*credentials.Credentials) route53iface.Ro

 	client := f(credentials.NewChainCredentials(providers))
 	ctx := context.Background()
-	h, err := New(ctx, client, keys, &up)
+	h, err := New(ctx, client, keys, up)
 	if err != nil {
 		return c.Errf("failed to create Route53 plugin: %v", err)
 	}